Cisco SDWAN Training- Home Lab setup Part-1

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi everyone this is vikas from networkers home and today i am doing a video on cisco sd-wan lab setup uh there are three items required at this time the fourth item is going to be basically covered in the next video so in this video i'll try to cover these items the first is cisco with taylor.serial file download next is how to set up a root ca search server and the next is going to be how to install the controllers so the for the first step you need to install you need to have a file you need to set up your organization name you also need to have a v-bond ip so your topology should be ready with you once you have the topology ready the next step there is to go to software.cisco.com and apply for your license so let's say i'll go for i'm already on software.cisco.com i'll just type it again so that you can see it and then i'll basically go to not this one i'll go here to manage my smart account and i'm going to put my credentials here okay so i'll go back to software dot central again because there are certain changes uh that we have then you have to go to manage uh my account and then you go to here is my account all the information about me or the organization that i'm there and anybody can create this account so there's no special privileges which are required and here i have couple of account where i'm already running couple of labs if you want to create a new one you can just say go here and i'm just going to use nhvcass.lab something like that i'll keep it public no preferred end date as such i'll say it next and the user is already assigned i'll just say next and i'll say create virtual account now you see that the new virtual account that we just created is here it's called cast lab and uh the next step that we have is again we have to go to cisco central and there is the option network plug and play so in this what we'll do is we are going to create a couple of more items for generating our viptela file the first item that we have to do is we have to create a controller profile for this particular account that we just created but before that on the top i will move on to the account that i just created the virtual account so on the top i have to select my virtual account for which i'm going to create the uh the license file and then i'll go to the controller profile you see the on top an hvaca slab that is created so i'll go to the controller profile i'm going to add a profile here and i need v-bond and uh file name could be anything let's say anything is fine oh it is taking everything in caps default profile no customer premises hosted yes multi-tenancy no your organization name is very important so i'm going to say network home dash one two three here okay what's your uh so this is your rebound ipn very important stuff so let's see 15.5 or i'll do it something private ip etc so here it is right so what's my organization name network was home dash one two three you can have any name provided that is not being used by other profiles and you can say next to it so if everything is okay it says no default profile name available uh that's okay i'm gonna make it because so here is the information right this is my v-bond ip dtls port that they're just going to use the primary protocol is going to be dtls because remember that v-bond always use dtls rest of the devices have option of dtls and tls here so my organization name is this i'll say submit here and this is done the next step is i need to create devices for which i need license so what i'll do is i'll go here to devices and rather than adding hardware devices i will add software devices okay so i'll say add software here i'll say v edge and i can have total 20 devices here i want to have 16 devices choose your controller profile i said anything in the controller profile right the name of the control profile we kept is anything so i'm choosing it here and the next item i'm going to do is save okay i can add more devices i'm going to add four more devices and this time i'm going to use csr the ch device and uh cloud i'll say what is the problem csr1kv and i'll say four routers i need the controller profile is anything and i'll say save it on these two things are there just say next and just say submit now you have total 20 devices remember that here it says your request will be processed in background and email will be sent to because networkershom.com once the process is completed and you say done with it once that is done you see that all these devices are showing pending here right it's all showing pending here what you can do is you can just go to controller profile and you see that your anything is ready now what you can do is you download this file so provision file is what i'm going to download and i'll say 18.3 or newer i'll say download it okay so this is the file serial dot serial file dot viptela and this file is has to be used on controllers this has 20 v edges right the devices here and you know generally what happens is that this process will take time somewhere like eight hours or ten hours or not sure what's the process there but generally in eight hours i get an email from cisco that this has been processed but the beautiful thing is that cisco gives you uh the viptela file serial license everything authorization is already available here in the controller profile so you don't need to wait for eight hours uh immediate basis you can start using this particular file and the licenses will work okay so these are my devices it's showing pending for publishing that's absolutely fine a couple of more things that i want to show here is uh one is your network id the other is certificate so if you do not have a root ca certificate what you can do is you can generate a ca certificate from cisco and this ca certificate can be basically used within your organization everywhere right so i i think you generally require a cisco partnership or some kind of in a relationship with cisco to have this what i'm going to do in the next couple of step is to create our local ca and uh you know to use that so basically done with the steps up to here what we needed is we have received it it's in the controller profile you go to your serial.wiptla file which we have downloaded the next step that we want to move on to is uh i need to go to my devices and here i'll go to my server and i will install vmanage and other controllers i will also create the root ca okay guys so we move on to the next step which is basically installing the controllers and also setting up the root cas server for that i'll go to my esxi machine and here i will try to create a virtual machine for my vmanage which is also going to act as a root server so i have ova file for vmanage i'll just copy paste that here i'm going to use second storage space because that's a lot of space i have or these settings i'll keep it thin it doesn't matter and i'll say finish you see that the implementation is happening here it's installing it it should take couple of seconds in the meantime what i'll do is to save some time i'm going to install vbond and i will also install so the edge image is going to be v bond because there is no dedicated image cisco has released for this product and then i will also have for v smart which has a dedicated image so all the three controllers i'm installing while vmanage is getting installed this is v smart i'm just going to pick up ova file again and here is the v smart ova file i'll just say next next next and finish so we are here at vmanage and vmanage is installed what i need to do is i need to make little changes only to we manage in rest of the two machines are absolutely fine so i'll just go and make one small change here i'll add one adapter and i'm going to add one more hard drive where all the installation needs to happen and i'm going to use 200 gb of space and save it once it is saved i'll go to vms again my v-bond v manage v-smart is installed these are started and this one i've just made a change what are the two changes i made i added an additional adapter and i added a hard drive so i'll just power on vmanage because that is the first controller we are going to setup and also going to make it a root ca let's see the big screen the installation should take around four to five minutes okay it has given me login prompt but what happens if i try to log in it will not allow me to log in as of now because in the background it's actually doing a lot of processing and all that we should wait for a couple of minutes before the thing settle down and then we should try login with admin admin as a default password now i'm going to change the password because i will be forced to change the password and then i will the next option it says is that you have 2g 200 gb of storage and i need to install some stuff this is the reason why we installed an additional hard drive because this is where all the software installation will happen for all your management related services your web server your kafka server your database server your elastic search server right which we discussed in the previous class what are the servers it has so five server component that it has that is getting installed right now once this installation completes we can directly go and start doing our root ca process and then we will install that certificate onto our we manage first and then we will install it on other devices but we need to do a little configuration on all devices that's called the skinny configuration and we'll see how to do the skinny configuration in fact i think the installation is done and it's rebooting now it should be back after a couple of seconds what i'll do is i'll go here and uh we'll see if the this was an old one in fact i have not given any ip so we can't do anything right we have to come back here after the reboot is over and then i have to give an ip address to it and then i can go and do https to that so i'll delete the previous instance i had which is not operational anymore i'll just go here and see okay it is back i need to do very basic configuration here so that at least i can get an http access again the services are getting loaded in the background so i can't do much of the stuff here wait for the services to come back remember that i was asked to change the password so i forgot that we have to give the new password here now i'll do a show run so that we can see what kind of config it has very basic configuration i'm going to do in fact very very basic stuff here vpn0 interface h0 ip address i'm going to give i'll give it one slash 20 and 20 and slash 24 i'll say no tunnel interface at this time and that's all that's the whole configuration i want to do rest i will do at the gui although i do have an option to go here and say uh you know all those things but uh i can do still all the configuration at the gui itself in vmanage rest of the devices will do the skinny configuration here so what do i do i just go to the server here oh what's i've given 20 right 20 so i'll give 20. let me see the ip that i've given i think it was 20. i forgot to commit right without commit it will not save the config so that is very important we have to commit when i say exit commit then only that ip addressing thing will go on the interface right so here it is we did the configuration for go to commit i'll do it again 192 168 1.20 so here it is and the username password password that i have reset because the initial the username password was admin admin so this is my vmanage the certificate that you have is invalid at this time so what we'll do is the first couple of things first thing i want to do is i want to change the organization name to whatever was in the viptela dot serial file that we downloaded so it's going to be networkers home one two three and networkers home one two three then the v bond ip i need to have correct v bond ip here 192 168 1.55 was my ip i'll give it here okay now i need to go back to the cli for that i need to do ssh to our vmanage so that i can make it a root case server so 192 168 one dot 20 that's my vmanage server i'll say open okay so the next step that we have is to get to v shell and declare it a root case server so i'll create a on the linux shell which is available in vmanage i'll go and give my first command to create a root ca public key or sorry private key and then i'm going to basically go to create the public key so this is the public key i'm going to create using the private key i've just created so this is the public key public key is created what is the next process next step i need to install because remember that we manage also or all the devices needs to install this particular certificate here you can't install it in visual because the installation has to happen at vmanage so this is successfully installed three steps are done step one creating a public private key creating a public key this public key will be distributed to everybody right this is what everybody has to install and then they have to get their csr request signed by the private key which is generated only once right okay the next step is uh we have to go and we have installed this cas certificate and i need to get this root ca dot pem file i want to install it actually so cat or let's say i'll do v shell l ls or ls and i have the root ca dot pam so cat root ca dot cam i'm going to copy this certificate this one here up to here and i will take it to first i will install it on our controller here so here is the controller enterprise root ca yeah i'll just go paste it here and i will say import and save so it's successfully authorization completed the next step that i want to do here on vmanage is i want to go to certificate controllers i want to generate a request csr request this is my csr request i should have another file here because on i'm sitting on v manage and vmanage is also the root cs server so vmanage.csr file is created right now each csr file needs to be signed by the root ca certificate right so that is the next step that we are going to do so i will use the next command here which is this is my vmanage.csr it needs to be signed by root ca dot key the public and private key remember that the public key i installed here right the public key the private key is only with the root ca server okay okay so the next thing we would need to do is to do this i'm going to copy and uh the vmanage csr file is now creating a i'm signing it i'm getting it signed from vmanage root ca private keys so once this is signed i should have another file here which is called vmanage.crt now how do i install this certificate because this certificate is approved by the ca right so i need to sorry not ls a cat right so i'll just take this certificate i'm going to copy this okay and i'll take it where i'm going to take it to vmanage and install it so first device will be complete if this process goes becomes successful so first device let's see i'm installing it here it could be a failure or a success depending on our process if we missed anything in the process it is going to be failure if it is you know a success which is a success here everything else is fine okay so we manage is successfully enrolled into our cas server as a client right remember that it's a little tricky situation guys okay va manage server is a root ca himself and also as a client so the ca server is a different part which is the linux shell we are just utilizing the resources it could be any linux machine it could be any linux desktop or server that we can utilize it could be also microsoft ad the process is going to be same okay the next step we need to do is we need to go back to our other devices so we manage all the work is all done okay except some little work on the cli side which is uh doing the skinny configuration what is that skinny configuration i'll just do some configuration here hostname is already given if you want to give it again we can say we manage our site id is let's say one system ip is going to be i'll say 1.1.1.1 um v bond ip is 192.168.1.55 okay and port you don't really require because port is always fixed and uh let's see what else is required we require organization name the most important one networkers home abc this is done we say commit make the changes and that's all we can also copy paste the same configuration and can use it at vbond and vsmart also so i'll just go to other machines virtual machine because i'm going to enroll vbond and v smart into this particular program of the ca certificate so let's log in here with the default username password admin admin it will ask us to change password but no installation of any software at this time so that's easy give it a host name as vbond lowercase sorry system so i'm doing skinny configuration host name is going to be vbond okay host name is vbond system id is going to be 2.2.2.2 site id is also going to be two organization name is going to be networkers home dash one two three v bond is his own ip we need to give so v bond and i'm going to use word local here local and 192 168 1.155 is the that's all commit the changes then we need to go to vpn 0 interface gigabit no tunnel interface on this but let's give it an ip first ip address 192 168 one dot 155 slash 24 no tunnel and save the configuration but before that let's put a default route because this guy is really need to go out to internet for the validation of serial.wiptlify okay my default gateway is my firewall and i will also say dns 8.8.8.8 sorry once this is done i should be all good i'll commit the changes and i will try to ping internet routers i can ping that i will also try dns to see if it works the dns is also working right so we manage and uh vbond needs to go to internet rest of the devices can be fine because they don't need to take part in the authentication of all the devices okay they don't don't need to verify uh cisco.viptela dot serial file so v bond is done we are now going to configure our v shell here okay and i need to basically repeat the same process for it which is first i need to copy the certificate i need to bring this certificate my ip has changed 155 and instead of this i'm going to use admin because i'm not using a linux machine so i'm going to use this i need to have public certificate sorry v shell i'm going to copy from our sorry what is our v manage ip my v manage ips dot 20. do you want to do that yes type full yes admin password file is copied once the file is copied what is the next process next process is exactly same install the root ca certificate what is that the public certificate the public key right public key then we are going to get it authenticated using the private key but first let's install this install it here not here we have to go out and then install it so certificate is installed on which device i think i made a mistake uh i was not into telnet i should have closed this but it doesn't change anything i should have taken access to v bond i did that command on root ca but because the certificate is installed and if i do not do anything else at this time no changes so that should be fine so i'm on vbond i'll say admin and the password is my v bond and i'm going to repeat those two commands and after that you'll see how easy it is to do the whole thing so again same process that we did the mistake there is my command i need to copy it from my vmanage server i need to repeat this same both the commands on i'm going to do this okay say yes i think i gave the wrong password okay file is copied but the second command is not executed so i'll do it manually after exit done so this is successfully installed now what we need to do is i will also repeat this process on first or maybe we can do it here itself let's go to one by one all the machines so i'll go to v manage and now i need to add controllers so here is controllers i will add the bond here 192.168.1.155 admin and the password here cisco and you see that here generate csr there is an option to generate csr if you don't want to do it here that's fine we will once this is successfully added which is here right the certificate installed is in vmanage is good you see that okay it should be i have to go to certificate controllers v bond i will generate a csr manually so that's absolutely fine once you have the public key from the root ca certificate and you have authenticated yourself then you have to create the csr request note before that okay so this is done now what do we do we are going to check if this file is available to us ls you see that v-bond dot rebound csr file is here so what do i do i need to take this file to the root ca server and there i need to get it signed by him and then i have to bring it back here and then only the things will work okay so how do i do that i have couple of ways of doing this so let's say first i'll do cat and be born csr this is my certificate i'll just go to v manage that's a faster mechanism i'll just go here 192 168 1.20 i'm on vmanage i'll just increase the font a little bit so i have to bring that file here either i can use winscp or i can copy it so the copying is a good mechanism for me i'll use this thing here i'll copy this command okay and what is the file that we want to import file name is vbond csr here okay a shell and i'm going to replace it with this and the public ip also so one dot 150 yeah so this is going to be 155 i'm copying it from there 155. i'm bringing the file from vbond to here let's see on here can i see it okay you can see that i can see the file vbond dot underscore csr right this is the file i need to now sign it with my private key and public key together right so what is the command the command is exactly same so instead of this i will do v bond and here i create v bond so i'll sign it with my root ca key the public key right sorry the public key and the private key sorry the private key and the public this is the public key so i'll just issue that command on my vmanage which is a root ca do ls and you see that you should have v bond dot c r t now this file i'll just copy v bond dot c r t i'll copy this certificate and install it like i did for vmanage i'll straight away go to vmanage and i will install this certificate for v bond also and we'll wait for a couple of more seconds to see if there is any error or it is a success okay that is also a success so we should be able to see the devices here in certificate that both the devices are updated right installed the certificates you got the serial numbers also which is a good sign which was not there before uh here we have not given a lot of details as of now it will come later the next item left is our v smart device right so i'm going to close the bond at this time and i will focus on the v smart so where do we go we go to esxi we go to v smart and admin admin default password i think i made typing mistake and change the password okay once this is done we'll see what kind of interfaces it has it should have a couple of interfaces config t vpn vpn0 and i'll say interface h0 ip address 192 168 1.1 50 6. 24 no tunnel interface at this time okay and that's all i will also do couple of skinny configuration stuff although even if i do it later will not impact anything 192 168 1.155 is my b bond okay organization name is networkers home dash one two three okay once that's done the system ip is 3.3 sorry system ip 3.303.3 site id is three you can put them on you know one of the site also that's a good way of doing it if they are separated and different places you can put them into different sites also so depending on your convenience that's absolutely fine to put them in same site or different site that's a design point now we shall the process needs to be repeated what is what was the process the process was but before that adopting that process we'll do one thing i'm going to take ssh access of this so that you can see bigger fonts if i do it into esxi cli will not be able to see it in bigger font sorry 156 right that's our be smart ip let's do that again 192 168 1.156 it came up so what are the two steps initially that i need to take i need to first bring the public key and then install the public key into v smart here so that's the first step here this is the first step v shell scp once this is done i need to exit and install this certificate right the public certificate certificate is successfully installed what do i do i create a csr file right i can create a csr file here or i can do you know do it from vmanage which is a very easy process so i'll go to vmanage and i'm going to add another controller in the device add my v sorry not v bond v smart is left so i'll go to v smart and i'll say this is my v-smart and generate a csr so it's generating the csr sitting here itself you don't need to go to certificate and then go to controllers and then generate like we did for vbond right we did that so here csr now if we go to we bond and i go to v shell ls i see that the this is created a csr request is created now i need to take it to root ca like previous one right and i need to get it validated by them and then bring it back so what i'll do here is i'm going to go to my v manage server and issue this command that i want to copy your file right sitting here i want to copy his v smart underscore csr file his username password okay what's the problem so this is done now the last step both the public key and the private key needs to sign this one right so be smart sorry b smart underscore csr needs to be signed and the output should be v smart dot crt so we'll sign it we are at ca server which is our vmanage server acting as a ca it could be any linux machine as i said now this certificate is created i will just do a cat and i'll just look at v smart crt i'll copy this go to vmanage and install the certificate remember that before that let me show you again vbond is installed vmanage is installed both are serial number here csr is generated for vsmart but no certificate installed so the device is not yet into our network only when a valid certificate is installed the device will enter into our network and will be validated to up to work with if any kind of error is there we should get the error if there is a failure we should get error but if it is not it's a success here okay so all the three devices that you see here now are all the three controllers are all good okay they are in sync they got serial numbers uh they are installed vboard updated etc etc now the next step is we need to go to all three devices okay and let's go to vpn0 interface uh sorry and we need to turn on the tunnel interface that we have set no tunnels so vpn 0 because now once the certificate are acquired now we'll start our dtn dtls tunneling if we had certificate before this what will happen right one you cannot have dtls without having validated certificate so there was no point in doing that now you say tunnel interface okay and you say exit that's all and commit those changes commit go to we manage also we manage also we had a no tunnel interface so i'll just go here config t we manage sorry vpn0 and say here no i go to interface and i say tunnel interface right so that was not an interface remember that in all the devices i went and i did this now our certificate our communication to all the devices will work fine the last device to do this is v bond so 192 168 one dot 155 is v bonds ip i'll just go there and do the similar stuff vpn 0 interface gigabit 0 0 here tunnel interface okay all good to hear commit the changes so now the dtls tunnel should come up between these devices and uh these all the devices are successful up to here you see that certificate status is installed installed installed all the these devices are fine no templates are assigned and the rest of the settings also it takes time one so this is the end of part one of sd-wan lab setup in the part two i'm going to cover v edge nc edge installation on esxi as well as avng hope you like the video and if you like it kindly subscribe the channel thank you for watching

Info

Channel: NETWORKERSHOME

Views: 18,127

Rating: undefined out of 5

Keywords: cisco sdwan lab setup, sdwan lab, vmanage install, ca server sdwan, vikasswami, networkershome, cisco training sdwan, sdwan trainers, viptela training sdwan, ccie enterprise training, ccie training, ccie security, sdwan workbook, cisco sdwan install, sdwan lab setup on eve-ng

Id: bhf15QVjskg

Channel Id: undefined

Length: 50min 6sec (3006 seconds)

Published: Thu Jul 29 2021