Cisco SDWAN: cEdge Device Onboard to SDWAN fabric using ZTP or PNP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi in this video i will show onboarding of nh device with ztp or pnp process upon boot up the wireless device contacts vbond orchestrator to establish a security tls control connection the rebound information can either be configured manually by cli on vans device using an ip address are resolvable to my fqdn or can be obtained automatically through the pnp or ztp process the v-bond orchestrator upon successful authentication establishes a secure dtls control connection and then shares remanage nvsmart controller ip addresses at this time the rebound orchestrator will inform the other sd-wan controllers that is v-manage and v-smart v smart to establish or expect a control connection request from the vans device the vanish device upon learning the vmanage information initiates a control connection to the v minus v managed server sorry so following a successful authentication a separate secure dtls or tls connection is established we manage based on the device template at device template attached to the wireless device provisions the configuration using the netcons protocol the vans device also establishes a parallel secure dtls rtls control connection to the v-smart controller the wireless device establishes omp adjacencies and shares local route information with the v-smart controller the v-smart controller based on the defined policies calculates and disseminates the routes security and policy information to all vanes devices using omp updates overlay management protocol or omp is responsible for establishing and maintaining the overlay control plane before going further before going to further process let us check our inventory we are having total eight vanished devices authorized r8 and deployed r8 you can also see here there are 11 control connections which are all up and there is no partial control connection or no control connection which is down and there is a full van connectivity that is seven sides are fully connected that means uh two van edge devices are part of same site now let us go to uh device dashboard or device tab so what i will do is i will upload a new vantage list using serial file.webtella so i will browse here i am having a cl file1.webteller.com i will select that and will upload that file just cue okay while doing that you can see here there are 8 out of 12 when his devices are duplicate so there are so the new entrance will be the four new vanish devices so i'll give you okay and you can see here in the new entrance there are one isr4 double to one that has been added so now i will go to certificates in the certificates i will just validate isr four double to one let's validate ok then i will send it to controllers let's this process get successful meanwhile i will go to main dashboard there you can see there are total uh 12 vantages now and authorized r9 and deployed is dc8 so the one which we have authorized now after the pnp or ztp process should get added to the deployed and the deploy will become nine and you can see here it will changes from eight to nine now we have advantages in the st1 fabric that will become nine now let us go to device itself uh that is vanishing device isr four double to one what it is uh trying to do here it is trying to configure a new admin password so the router's name is just a router meanwhile i just check show ip interface brief uh there are no ip addresses that has been assigned or configured so on the loopback we have one ip that is by default will come when in the factory default configurations so now i will just check show ip route there are now no routes in the ip routing table and now again i will just q show ipvrf 11 route so i peer out vrf11 you can see there is no erf11 that is available or there is no routing table for vrf11 so what i will do is i will uh just go and try to attach a template to the sr4 double to one so i already have a pre-configured template so let us go and attach it to the device so we have one isr4 double to one let us attach to that device so what i can do here is if you want to edit the template you can go and edit it here so i will give the host name as uh is of double two one one and i will give system ips 192.192.192.9 and i will configure site ideas nine okay i will do everything as it is i will not uh shut down any interface let us shut down one of the uh vpn 512 interface that is svi interface and update it and let's go and configure it before configuring if you want to check what configurations you are pushing to this device you can just check it in the config preview and this is what the configuration i'm going to push system ip all id site id right and also the organization name and what is my v bond my v bond here is an fqdn that is v1.tmc.local and apart from that uh i am going to configure the interface in the sd-wan that is interface q00 as in business internet link or color as business internet link and ge001 with color as public internet okay let's configure the device uh once configurations are pushed it will be scheduled until our device gets onboarded okay let us go again on to the main dashboard you can still see this authorized r9 and deployed already so what i will do here there is an upstream router on the upstream router i have configured ehcp i will unshut that interface which is connected directly to iso four double to one this is in our upstream router so i'll go to the interface i'll just give no once and once we give a no what happens is that uh gex000 will get an ip address now you can see the link has came up right so this is where the link came up and now it will get an ip address once it will get an ip address and the information of dns you can see here they have received an ip address of 172.16.10.13 and it also got the dns server ip that is 8.8.8.8 now pnp process has just now started let us wait for some times to for pnp process to get complete so you can see here uh when the pnp process got started uh this router is trying to contact ehcp help.cisco.com using the pnp process let us wait for a few min few more minutes meanwhile i will pause the video such that the pnp process gets completed okay uh the pnp process is successful uh i will just show this particular vantage code its organization name and we bound ip address that is 172.16.1.111 and it is trying to it got it on gig which gigabit is nine zero zero zero zero that means that it will try to establish and control connection via gig zero zero zero so uh you can see here uh we smart peer there is a v smart whose system ip is 192 192 and 121 so it has established and control connection with v smart and the state is up right and further if you go down uh so uh you can see here the templates has been pushed you can see here using on this using this particular we manage admin logs you can see here it is configuring via netconf right using the netconf protocol so now uh let us go and check on the remanage dashboard itself on the vmanage you can see here there are now now nine vanitches right earlier authorized were nine but deployed over eight now it is authorized and deployed both are nine right so now uh let us go to the device itself console so you can see here the console earlier the host name was device now it is iso four double to one hyphen one which we have configured during our template push so what i will do is i will just check show ip interface brief you can see here we have a lot of other ip addresses that has been configured if you go up those uh ip addresses are not there all right uh only one ip address was there that is on the loopback 65528 there is 192.168.1.1 that is an factory default ip that we used to that we will get when we will get these vanity just shipped to our places so we have ipres configured on gig zero zero zero this i we got from the dhcp server whereas the other ip we have configured when we push the template and you can see here the system ip is 192.192.192.9 that also we configure when we push the template so uh we have vlan 14 and this vlan 14 is part of vpn 11 let us check the ip routing table and you show ip route you can see here we have a static route for default uh gateway and we have other ip addresses information so let us check ip route for vrf11 or vpn 11 so you can see here we have got three subnet information uh network information that we have learned from the omp protocol so m indicates that has been learned from omp protocols so uh let us try to ping to anyone of the ip 192.168.1.100.1 that has been learned from ymp uh sorry i have to give a vpn 11 since that is in the vrf7 we i have to you rf11 the ping is also successful so this is the end of our video thank you for watching this video
Info
Channel: Mohammed Umair
Views: 628
Rating: undefined out of 5
Keywords:
Id: OaCFlHULG20
Channel Id: undefined
Length: 13min 34sec (814 seconds)
Published: Tue Sep 22 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.