***************************************** Lab 1 - Onboarding WAN Edges - vEdges ***************************************** ++++++++++++++++++++ vEdge1 ++++++++++++++++++++ =================================================================== 1. Configure the vEdge to communicate to the controller network =================================================================== conf t ! system host-name vEdge1 organization-name KBITS site-id 1 system-ip 10.2.2.201 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 199.1.1.17/28 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 199.1.1.30 ! commit =================================================================== 2. Download the Enterprise Root Certificate to the WAN Edge =================================================================== -> Open WinSCP. -> Log into the WAN Edge (199.1.1.17) using SFTP as the protocol and admin/admin as the credentials. -> Copy the Enterprise Root Certificate (RootCert.cer) to the /home/admin folder. =================================================================== 3. Install the Root Certificate on the WAN Edge =================================================================== request root-cert-chain install /home/admin/RootCert.cer ========================================================================= 4. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request vedge activate chassis Chassis#: 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token: 78b62a757568e8b22b5e417dd9c6989e or request vedge activate chassis 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token 78b62a757568e8b22b5e417dd9c6989e ++++++++++++++++++++ vEdge2 ++++++++++++++++++++ =================================================================== 1. Configure the vEdge to communicate to the controller network =================================================================== conf t ! system host-name vEdge2 organization-name KBITS site-id 2 system-ip 10.2.2.202 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.102.2/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.102.254 ! commit =================================================================== 2. Download the Enterprise Root Certificate to the WAN Edge =================================================================== -> Open WinSCP. -> Log into the WAN Edge (192.168.102.2) using SFTP as the protocol and admin/admin as the credentials. -> Copy the Enterprise Root Certificate (RootCert.cer) to the /home/admin folder. =================================================================== 3. Install the Root Certificate on the WAN Edge =================================================================== request root-cert-chain install /home/admin/RootCert.cer ========================================================================= 4. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request vedge activate chassis Chassis#: 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token: 78b62a757568e8b22b5e417dd9c6989e or request vedge activate chassis 1763cbc9-60e4-4278-8b26-697e0c959561 token f1d42739e41e316a528b8da0309297a3 ++++++++++++++++++++ vEdge3 ++++++++++++++++++++ =================================================================== 1. Configure the vEdge to communicate to the controller network =================================================================== conf t ! system host-name vEdge3 organization-name KBITS site-id 3 system-ip 10.2.2.203 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.103.3/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.103.254 ! commit =================================================================== 2. Download the Enterprise Root Certificate to the WAN Edge =================================================================== -> Open WinSCP. -> Log into the WAN Edge (192.168.103.3) using SFTP as the protocol and admin/admin as the credentials. -> Copy the Enterprise Root Certificate (RootCert.cer) to the /home/admin folder. =================================================================== 3. Install the Root Certificate on the WAN Edge =================================================================== request root-cert-chain install /home/admin/RootCert.cer ========================================================================= 4. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request vedge activate chassis Chassis#: 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token: 78b62a757568e8b22b5e417dd9c6989e or request vedge activate chassis f896e332-db0a-c79f-b091-7fa321f2cc6d token 741c686e989d5c65154d700f36493542 ++++++++++++++++++++ vEdge4 ++++++++++++++++++++ =================================================================== 1. Configure the vEdge to communicate to the controller network =================================================================== conf t ! system host-name vEdge4 organization-name KBITS site-id 4 system-ip 10.2.2.204 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.104.4/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.104.254 ! commit =================================================================== 2. Download the Enterprise Root Certificate to the WAN Edge =================================================================== -> Open WinSCP. -> Log into the WAN Edge (192.168.104.4) using SFTP as the protocol and admin/admin as the credentials. -> Copy the Enterprise Root Certificate (RootCert.cer) to the /home/admin folder. =================================================================== 3. Install the Root Certificate on the WAN Edge =================================================================== request root-cert-chain install /home/admin/RootCert.cer ========================================================================= 4. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request vedge activate chassis Chassis#: 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token: 78b62a757568e8b22b5e417dd9c6989e or request vedge activate chassis f896e332-db0a-c79f-b091-7fa321f2cc6d token 741c686e989d5c65154d700f36493542 ***************************************** Lab 2 - Onboarding WAN Edges - cEdges ***************************************** ++++++++++++++++++++ cEdge1 ++++++++++++++++++++ =================================================================== 1. Configure the cEdge to communicate to the controller network =================================================================== config-transaction ! hostname cEdge clock timezone IST 5 30 system organization-name KBITS site-id 5 system-ip 10.2.2.205 vbond 199.1.1.3 commit ! interface GigabitEthernet1 no shutdown ip address 192.168.105.5 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.105.254 ! interface Tunnel1 no shutdown ip unnumbered GigabitEthernet1 tunnel source GigabitEthernet1 tunnel mode sdwan ! sdwan interface GigabitEthernet1 tunnel-interface encapsulation ipsec color default allow-service all allow-service sshd allow-service netconf exit exit commit =================================================================== 2. Download the Enterprise Root Certificate to the WAN Edge =================================================================== copy tftp: bootflash: Address or name of remote host [199.1.1.5]? 199.1.1.5 Source filename []? RootCert.cer Destination filename [RootCert.cer]? Accessing tftp://199.1.1.5/RootCert.cer. =================================================================== 3. Install the Root Certificate on the WAN Edge =================================================================== request platform software sdwan root-cert-chain install bootflash:RootCert.cer ========================================================================= 4. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request platform software sdwan vedge_cloud activate chassis 1f12bf44-3c44-d901-184b-823a108c873a token d7fa107e14286d93e03c4ca480378072 ********************************************************** Lab 3 - Creating Feature Templates - LA, London & Rome ********************************************************** Configuration -> Templates -> Feature Templates -> Add -> vEdge Cloud ++++++++++++++++++++ System ++++++++++++++++++++ Name: VE-SYSTEM Description: VE-SYSTEM Site ID: Device-Specific [SITE-ID] System IP: Device-Specific [SYSTEM-IP] Hostname: Device-Specific [HOST-NAME] Timezone: Device-Specific [TIMEZONE] Console Baud Rate: Default ++++++++++++++++++++ Banner ++++++++++++++++++++ Name: VE-BANNER Description: VE-BANNER Login Banner: Global - "Authorized KBITS Admins Only !!!!!" MOTD Banner: Global - "Maintenance Window set for the Weekend" ++++++++++++++++++++ VE-VPN-O ++++++++++++++++++++ Name: VE-VPN-0 Description: VE-VPN-0 VPN: Global - 0 Name: Global - Transport VPN IPv4 route --------------- Prefix: Global - 0.0.0.0/0 Next Hop: Device-Specific [DEF-GW] ++++++++++++++++++++ VE-VPNINT-G0 ++++++++++++++++++++ Name: VE-VPNINT-G0-BR Description: VE-VPNINT-G0-BR Shutdown: Global - "No" Interface Name: Global - "ge0/0" IP Address - Static - Device Specific [G0] Tunnel --------------- Tunnel Interface: Global - "On" Color: Global - "mpls" Allow Service: Netconf - Global - "On" Allow Service: SSH - Global - "On" Allow Service: OSPF - Global - "On" ++++++++++++++++++++ VE-VPNINT-G1 ++++++++++++++++++++ Name: VE-VPNINT-G1-BR Description: VE-VPNINT-G1-BR Shutdown: Global - "No" Interface Name: Global - "ge0/1" IP Address - Static - Device Specific [G1] Tunnel --------------- Tunnel Interface: Global - "On" Color: Global - "biz-internet" Allow Service: Netconf - Global - "On" Allow Service: SSH - Global - "On" ++++++++++++++++++++ VE-OSPF-VPN-0-BR ++++++++++++++++++++ Name: VE-OSPF-VPN-0-BR Description: VE-OSPF-VPN-0-BR Area ---------- Area: Global - 0 Interface Name: Global - "ge0/0" Advanced ----------- Network-Type: Global - Point-to-point ++++++++++++++++++++ VE-VPN-512 ++++++++++++++++++++ Name: VE-VPN-512 Description: VE-VPN-512 VPN: Global - 512 Name: Global - Mgmt VPN ++++++++++++++++++++ VE-VPNINT-E0 ++++++++++++++++++++ Name: VE-VPNINT-E0 Description: VE-VPNINT-E0 Shutdown: Global - "No" Interface Name: Global - "eth0" IP Address - Static - Device Specific [G1] ********************************************************** Lab 4 - Creating Device Templates - LA, London & Rome ********************************************************** Configuration -> Templates -> Device Templates -> Add -> vEdge Cloud Basic Information: -------------------- System: VE-SYSTEM Transport & Management VPN: ---------------------------- VPN 0: VE-VPN-0 OSPF: VE-OSPF-VPN-0-BR VPN Interface: VE-VPNINT-GO-BR VPN Interface: VE-VPNINT-G1-BR VPN 512: VE-VPN-512 VPN Interface: VE-VPNINT-EO ********************************************************** Lab 4 - Creating Feature Templates - Service VPN ********************************************************** Configuration -> Templates -> Feature Templates -> Add -> vEdge Cloud ++++++++++++++++++++ VPN - 100 ++++++++++++++++++++ Name: VE-VPN-100 Description: VE-VPN-100 VPN: Global - 100 Name: Global - "Data VPN" ++++++++++++++++++++ VE-VPNINT-G2 ++++++++++++++++++++ Name: VE-VPNINT-G2 Description: VE-VPNINT-G2 Shutdown: Global - "No" Interface Name: Global - "ge0/2" IP Address - Static - Device Specific [G2] ++++++++++++++++++++ VE-OSPF-VPN-100-BR ++++++++++++++++++++ Name: VE-OSPF-VPN-100-BR Description: VE-OSPF-VPN-100-BR Redistribute -------------- Redistribute: Global: OMP Area ---------- Area: Global - 0 Interface Name: Global - "ge0/2" ********************************************************** Lab 5 - Edit Device Template to setup Service VPN ********************************************************** Configuration -> Templates -> Device Templates -> Edit -> VE-BR-DEV-TEMP Service VPN: -------------------- VPN: VE-VPN-100 OSPF: VE-OSPF-VPN-100-BR VPN Interface: VE-VPNINT-G2