Cisco SDWAN - How to generate a Viptela Serial File & How to Create a Root CA

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone this is terry and i want to take the time to answer some questions coming in from the software defined wan self-paced boot camp and we're going to start right now [Music] okay the first question that i've gotten is regarding how to create a license file and i thought this would be an excellent opportunity for us to go through the process so that you guys that have the capability of accessing cisco could create your own and use it moving forward in your own lab studies to create your own license file what you're going to need to do is access the software.cisco.com site and login this is going to require a cco once you've accessed the site you're going to want to make a virtual account now in order to be able to make the virtual account what you're going to do is we're going to go down to the manage the smart account configuration and what we're going to do is we're actually going to create a virtual account now this virtual account is going to be very important for us because this virtual account is going to become the container which is going to allow us to be able to create the domain that's going to house our license file i'm going to walk through that we're going to create one and then what we'll do is we'll move through this process so the very next thing i want to do is i'm going to say create a virtual account and what we'll do is we'll go ahead and give it a name and i'm just going to call this my sd-wan test lab and you could go in and you could do your description you can specify where you want this to fall i want it to go at the top and we'll look at that just here in a moment i want the access to be private but this is all i need to get my basic configuration in place now once i've got that done i'm just going to simply hit next and i'm going to create this virtual account i can see that my account has been created now the next step that we're going to follow is i'm going to re return back to the cisco software central console now the next place that i'm going to end up going is i'm going to go to my plug and play connect window and from this window what i'm going to get is the option to be able to select that virtual account that i created i'm going to go ahead and hit sd-wan test lab and what i want to do now is i want to configure a controller profile now this controller profile is actually going to end up being the unique name that i'm going to use to make reference to my organizational unit when i build my license file now you'll notice that you've got a number of options here we can do a pnp server we can do a v bond or we can do a wireless lan controller i'm going to select a v bond i'm going to hit next and what i'm going to do now is i'm actually going to give it a name and i said we would call this sd-wan dash test dash lab this name must be unique is this going to be a default profile i'll go ahead and leave that no and actually no i'll go ahead and make this yes and do i want to enable the idea of multi-tenancy i'm going to say no notice i skipped the deployment type if i hit the arrow here i only really have that one option when using a license file this means that i'm actually going to be hosting my own stuff so that's basically being inferred now what i'm going to do is i'm going to use the organizational name of sd-wan test dash lab and what i'm going to do is i'm going to go ahead and say that i'm going to assign my resource using my primary controller using an ip address now i have to provide an ip address here for us it's going to be 100.100.2 in my lab and i could specify my root ca cert here but i don't want to do that i'm going to leave that out because i'll manually handle the signatures the way we've been handling it and also keep in mind that this ip address really doesn't matter so if this address it doesn't need to be the right address it just simply has to exist in this portion of the form i'm going to go ahead and hit next and what we'll see here is it's going to tell me that this organizational name already exists so what i'm going to do is i'm going to put one on here and that should be enough for me to make a unique resource i'm going to go ahead and submit this hit done and now i've got my config let's go ahead and just cancel out of this i don't want to take the feedback and what i want to do at this particular juncture now is i want to begin onboarding resources now to begin onboarding resources what i'm going to do is i'm going to go to the device section and i'm going to tell cisco that i want to add some devices devices could be physical devices or they could be virtual devices in our lab we've been using virtual devices so that's the way that we're obviously going to want to continue to proceed because we're running even g so in instances i'm going to go ahead and say add a software device and what i'm going to do is i'm going to tell it that i want to add some v-edge devices i'll select v-edge cloud dna tell it how many that i want i'll go ahead and say 4 i'll hit the down arrow and i'm going to pick the sd-wan test lab virtual account controller that i set up so i'll hit save and then what i'm going to do is i want to add some additional resources so i'm going to say add and then this instance what i'm going to do is i'm going to say let's go ahead and add some isrvs so it's virtual integrated services or routers i'll go ahead and say add four and again i'm going to choose the controller profile that i created let's go ahead and add some additional devices i'll go ahead and say add software device and we'll say csr 1kv i will go ahead and say give me about four of those and then what i'll do is i'm going to go ahead and add some cat 8000 vs we haven't discussed those in class yet but we're definitely going to talk about it because it's the latest and greatest utility actually it's going to be c8 000 let it resolve 8000 v we'll go ahead again and pick the controller and say give me four of those and what i'll do is i'll hit save now that i've got this in place what i want to do is i'm going to go ahead and hit next and i'll hit submit now if i receive an error on the c8000v don't wig out because you'll still be able to use the license file cisco's still working on it remember the catalyst 8ks and the 8300s are really new devices so this might actually bark out and give me a little bit of an error here so let's see what ends up happening but bear in mind even if it errors we can still use the license file and what we see here is all of these devices and resources that i just set up are now actually being provisioned by cisco so that we can use them in our lab environment okay it's been about two or three minutes and what we see here is just what i was indicating notice that we're going to receive these error messages this does not mean that our license file is broken in fact we will be able to use these serial numbers that have been issued to us by cisco four up to four of our c8000vs everything's gonna work perfectly fine i'll demonstrate that later on and i just want to make certain that we see that everything else in this is going to be green so i'm just going to advance to the second page and we can see that everything is provisioned now what i want to do is i want to talk about what's necessary in order to be able to get this file in order to be able to do that i just simply need to download it and then i'll actually deploy it so let's go ahead and make that happen so what i'm going to do now is i am going to go to controller profiles and you'll see this is the profile that we created and over here on the right hand side we see that we have 16 devices and i have a provisioning file i'll click that i'm going to tell the system that i want it to be for 8.3 and newer and i'm going to hit download and this is actually going to provide me the serial file.viptela that i'm going to be using in my lab now the last thing that we'll do is if we access the resources and i go to the devices tab all i'm going to do is i'm going to say upload the win edge list and what ends up happening is that that will actually take all of the contents of that license file and add them to myv manage now there are some caveats that we want to make certain that we talk about here because these caveats are extremely important and as such it becomes our job to make certain that the organizational names match remember i specified the fact that i had to i did that sd-wan test dash lab one i had to add a one to it in order to be able to make it unique because not only is it unique in my account it must be unique across all of cisco so with that being done we've talked about how we integrate that you guys have seen me do that so this gives you everything that you are going to need in order to be able to effectively create your own license file using your own organizational name question two is actually related to question one and that is how do we go about getting the signature file so remember i created the sdwan.pim file and that also required the idea of the dot key file now if you guys create your own license file you're going to have to create your own unique file and set of certificates that you're going to be using because remember you specified your own organizational name so let's take a look at what that is actually going to look at from a 30 000 foot view inside of the system now what i'm going to do is i'm going to go into my now rather than do this in downloads because i don't want to overwrite my existing config i'm actually going to make a direct a directory called test i'm going to change directory to test and what i'm going to do is i'm actually going to create my own set of signature files that i'm going to use the dot pen file the srl file the key file and walk through walk you through how to do that in order to be able to support the license file that you just created never lose sight of your organizational name when you're doing this process so let's see what this looks like from the cli so the first thing i'm going to do is i'm going to engage open ssl now this is going to be where i need to generate my rsa key and what i'm going to do is i want to actually create a key and i'm going to call that key sd-wan dot key and i want it to have a modulus of 2040 bits all right so now what we've got is we've got this key now i can use this key to create my pim file to create my pin file i'm going to use open ssl r eq and it's going to be dash x 509 dash new dash key and the key that i'm going to use is the one that we just created sd-wan dot key i want to actually use a sha-256 hash and i want this to last for 2000 days which seems to be the theme and i need to specify the subject that i'm going to use now the subject is going to specify the information related to the organizational name that i'm going to create so i'm going to go ahead and say this is going to be in the continental united states u.s so c is going to equal u.s the state is going to equal for me specifically it's going to be virginia not that it really matters i could just come in here and say va my location for me specifically is radiant virginia so i'll say radiant and again your mileage may vary here radiant my organization is going to be and i'll go ahead and specify that name of sd-wan dash t-e-s-t lab 1 and what i'm going to do now is i'm going to also come in here and say the container is also going to have that name i just use them in both places so i'll just say sd-wan and again this is just so that you can create your own license file test lab 1. and what i'm going to do is i'm going to say go ahead and place this inside of the file the output file is going to be sdn.pim let's go ahead and hit enter and see if this thing does its job i'm going to say cat sd wan dot pim and we should see that we have our certificate that we're going to use for our root ca some people actually do not like to call this the sd-wan pim some people will actually call this a root ca dot pim file for root certificate so i'd have to move sd when dot pim to root ca.pim now again it's just an issue of preference the only thing that is really important is that you actually go through the exercise of creating the file and make certain that the information that you specify as far as the organizational name matches that which you used when you created your license file and you'll be good to go if you have any questions don't hesitate to ask put them in the comments below and if it's something that i can answer in a video form easier than i can answer in the comments i'll go ahead and make a video up for you guys in order to be able to address those

Info

Channel: Terry Vinson CCIEx2

Views: 2,758

Rating: undefined out of 5

Keywords: 300-415 ensdwi exam implementing cisco sd-wan solutions, ccie enterprise 2021, ccie enterprise infrastructure sdwan, ccnp enterprise 2021, cisco 300-415, cisco sdwan, cisco sdwan 2021, cisco sdwan controller onboarding, cisco sdwan controllers, cisco sdwan vmanage, cisco vbond, cisco vbond orchestrator, cisco vsmart, cisco vsmart controller, dtls tunnels, ensdwi, ensdwi training, eveng, sdwan, sdwan configuration, viptela, license file, sdwan 2021

Id: TZ1cnZqpL90

Channel Id: undefined

Length: 13min 46sec (826 seconds)

Published: Tue Jan 26 2021