Scribd
Upload
952 views260 pages

Sdwan Lab Workbook PDF Free

This document provides instructions for setting up an SD-WAN practice lab using the PNETLab platform. It outlines 10 labs that configure the core SD-WAN components including the HQ router, MPLS router, internet router, vManage, vBond, vSmart, and 4 vEdge devices. The labs establish a certificate authority server, generate and install certificates on each device, and register the vEdges with vManage. Once completed, the lab will have an operational SD-WAN topology for testing and demonstration purposes.

Uploaded by

sikander kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
952 views260 pages

Sdwan Lab Workbook PDF Free

This document provides instructions for setting up an SD-WAN practice lab using the PNETLab platform. It outlines 10 labs that configure the core SD-WAN components including the HQ router, MPLS router, internet router, vManage, vBond, vSmart, and 4 vEdge devices. The labs establish a certificate authority server, generate and install certificates on each device, and register the vEdges with vManage. Once completed, the lab will have an operational SD-WAN topology for testing and demonstration purposes.

Uploaded by

sikander kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 260

Download PNETLab Platform

PNETLAB Store
PNETLab.com

SD-WAN Practice LAB 1 – PNETLab.com

Lab Topology

1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Table of Contents
HOW TO SETUP LAB ...................................................................................................................................... 7
Hardware Requirement ............................................................................................................................ 7
Link to download lab and Setup ............................................................................................................... 9
Lab 1: Configuring the WAN Components .................................................................................................. 23
Task 1 – HQ Router Configuration .......................................................................................................... 23
Task 2 – MPLS Cloud Router Configuration ............................................................................................ 24
Task 3- Internet Cloud Router Configuration .......................................................................................... 25
Lab 2: Installing the Enterprise Certificate Server ...................................................................................... 26
Task 1- Configure the interface............................................................................................................... 26
Task 2- Installing the Enterprise Root Certificate Server ........................................................................ 27
Task 2 Install WinSCP .............................................................................................................................. 33
Lab 3- Initializing vManage -CLI .................................................................................................................. 34
Task 1- Configuring the System Component........................................................................................... 34
Task 2- Configured the VPN parameters................................................................................................. 34
Lab 4- Initializing vManage – GUI................................................................................................................ 36
Task 1- Organization name & vBond Address......................................................................................... 36
Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root Certificate. .. 37
Task 3- Generate a CSR for vManage...................................................................................................... 43
Task 4 – Request a Certificate from the CA Server ................................................................................. 45
Task 5 – Issue the Certificate from the CA Server................................................................................... 48
Task 6- Downloading the Issueed Certificate.......................................................................................... 49
Task 7- Installing the Identity Certificate for vManage........................................................................... 54
Lab 5- Initializing vBond – CLI ..................................................................................................................... 57
Task 1- Configuring the System component ........................................................................................... 57
Task 2 – Configure the vpn parameters .................................................................................................. 57
Lab 6- Initializing vBond -GUI ...................................................................................................................... 59
Task 1 – Add vBond to vManage............................................................................................................. 59
Task 2 – View the generated CSR for vBond and copy it ........................................................................ 60
Task 3- Request a certificate from the CA Server ................................................................................... 62
Task 4 – Issue the Certificate from the CA Server................................................................................... 65
Task 5- Downloading the Issued Certificate............................................................................................ 66
Task 6- Installing the Identity Certificate for vManage........................................................................... 71

2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 7 – Initializing vSmart – CLI................................................................................................................... 74


Task 1 - Configuring the System Component .......................................................................................... 74
Task 2 – Configured the vpn parameters ................................................................................................ 74
Lab 8 – Initializing vSmart – GUI ................................................................................................................. 76
Task 1- Add vSmart to vManage ............................................................................................................ 76
Task 2 – View the generated CSR for vSmart and Copy it ...................................................................... 77
Task 3 – Request a Certificate from the CA Server ................................................................................. 79
Task 4 – Issue the Certificate from the CA Server................................................................................... 82
Task 5- Downloading the Issued Certificate............................................................................................ 83
Task 6- Installing the Identity Certificate for vManage........................................................................... 88
Lab 9 – initializing vEdge – CLI .................................................................................................................... 91
Task 1 – Upload the WAN Edge List ........................................................................................................ 91
Task 1 – Configuring the System Component ......................................................................................... 94
Task 2 – Configure the vpn parameters .................................................................................................. 95
Task 1 – Configuring the System Component ......................................................................................... 96
Task 2 – Configure the vpn parameters .................................................................................................. 96
Task 1 – Configuring the System Component ......................................................................................... 97
Task 2 – Configure the vpn parameters .................................................................................................. 97
Task 1 – Configuring the System Component ......................................................................................... 98
Task 2 – Configure the vpn parameters .................................................................................................. 99
Lab 10 – Registering vEdges in vManage .................................................................................................. 100
Task 1- Upload the Root Certificate to the vEdge................................................................................. 100
Task 2- Install the Root Certificate on vEdge1 ...................................................................................... 101
Task 3- Active vEdge on vManage......................................................................................................... 102
Task 1 – Upload the Root Certificate to the vEdge ............................................................................... 103
Task 2- Install the Root Certificate on vEdge2 ...................................................................................... 105
Task 3- Active vEdge on vManage......................................................................................................... 106
Task 1 – Upload the Root Certificate to the vEdge ............................................................................... 107
Task 2- Install the Root Certificate on vEdge3 ...................................................................................... 109
Task 3- Active vEdge on vManage......................................................................................................... 110
Task 1 – Upload the Root Certificate to the vEdge ............................................................................... 111
Task 2- Install the Root Certificate on vEdge4 ...................................................................................... 113
Task 3- Active vEdge on vManage......................................................................................................... 114

3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 11 – Initializing cEdge – CLI ................................................................................................................ 116


Task 1 – Configuring the System Component ....................................................................................... 116
Task 2 – Configure the Interface and Tunnel Parameters .................................................................... 116
Lab 12 – Registering cEdges in vManage .................................................................................................. 118
Task 1 – Upload the Root Certificate to the cEdge ............................................................................... 118
Task 2 – Install the Root Certificate on cEdge1..................................................................................... 119
Task 3 - Activate cEdge on vManage..................................................................................................... 120
Lab 13 – Configuring Feature Template –System ..................................................................................... 122
Task 1 – Configure the System Template to be used by all vEdgeCloud Devices ................................. 122
Task 2 – Configure the System Template to be used by all cEdgeCloud Devices ................................. 123
Task 3 – Configure the System Template to be used by all vSmart Device .......................................... 125
Lab 14 – Configuring Feature Template –Banner ..................................................................................... 127
Task 1 – Configure the Banner Template to be used by all vEdgeCloud Devices ................................. 127
Task 2 – Configure the Banner Template to be used by all cEdgeCloud Devices ................................. 128
Lab 15 - Configuring Feature Templates -VPN & VPN Interfaces for VPN 0 & 512 ––Branch Site(vEdges)
.................................................................................................................................................................. 130
Task 1 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 0 ............. 130
Task 2 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 512 ......... 132
Task 3 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN 0
for Interface G0/0 ................................................................................................................................. 134
Task 4 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN 0
for Interface G0/1 ................................................................................................................................. 136
Task 5 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN
512 for Interface Eth0 ........................................................................................................................... 139
Lab 16 - Configuring Feature Templates –External Routing - OSPF for VPN 0 –Branch Site (vEdges) ...... 142
Task 1 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN 0 ........... 142
Lab 17 - Configuring and Deploying Device Templates for vEdge – Branch Site(vEdge2) ........................ 145
Task 1 – Configure a Device Template for Branch vEdge Devices. ....................................................... 145
Task 2 – Attach vEdge2 to the Device Template................................................................................... 148
Task 3 – Configure the Variable Parameters for the Feature Templates ............................................. 149
Lab 18 - Configuring Internal Routing Protocols on the Internal Routing Devices – HQ & All Branches.. 154
Task 1 – Internal Site Router Configurations ........................................................................................ 155
Lab 19 - Configuring Feature Templates –Service VPN – VPN, VPN Interface and Internal Routing –
Branch Site (vEdges).................................................................................................................................. 159

4
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 1 - Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 1 ............. 159
Task 2 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud devices for VPN 1
for Interface G0/2 ................................................................................................................................. 160
Task 3 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN 1 ........... 162
Lab 20 - Implementing a Service VPN using Templates – Branch Site (vEdge2) ....................................... 164
Task 1 – Edit the BR-VE-TEMP Device Template for Branch vEdge Devices. ........................................ 164
Task 2 – Configure the Variable Parameters for the Feature Templates ............................................. 164
Lab 21 - Pushing Template to configure other Branch Sites - – Branch Site(vEdge3 & vEdge4) .............. 167
Task 1 – Attach the BR-VE-TEMP Device Template for Branch vEdge Devices..................................... 167
Lab 22 – Configuring Feature Templates for HQ-Site(vEdge1) – VPNs, VPN Interfaces, External & Internal
Routing ...................................................................................................................................................... 171
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 0 ....................................... 171
Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for VPN 0 for
Interface G0/0 ....................................................................................................................................... 173
Task 3 – Configure a BGP Template to be used by HQ vEdge-Cloud Devices for VPN 0 ...................... 174
Task 1 – Configure a VPN Template to be used by HQ vEdge-Cloud Devices for VPN 512 .................. 177
Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for VPN 512 for
Interface Eth0........................................................................................................................................ 179
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 1 ....................................... 181
Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for VPN 1 for
Interface G0/2 ....................................................................................................................................... 183
Task 3 – Configure a OSPF Template to be used by HQ vEdge-Cloud Devices for VPN 1 ..................... 185
Lab 23 - Configuring Device Templates for HQ-Site(vEdge1) to deploy VPN 0, 1 and 512. ...................... 187
Task 1 – Configure a Device Template for HQ vEdge Devices. ............................................................. 187
Task 2 – Attach vEdge1 to the Device Template................................................................................... 189
Task 3 – Configure the Variable Parameters for the Feature Templates ............................................. 190
Lab 24 – Configuring Feature Templates for CSR – VPNs, VPN Interfaces, External & Internal Routing . 197
Task 1 – Configure a VPN Template by CSR for VPN 0 .......................................................................... 197
Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 0 for Interface
GigabitEthernet1 ................................................................................................................................... 198
Task 3 – Configure a VPN Interface Template to be used by CSR for VPN 0 for Interface
GigabitEthernet3 ................................................................................................................................... 200
Task 4 – Configure a OSPF Template to be used by CSR for VPN 0 ...................................................... 202
Task 1 – Configure a VPN Template to be used by CSR for VPN 512 .................................................... 203

5
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 512 for Interface
GigabitEthernet4 ................................................................................................................................... 205
Task 1 – Configure a VPN Template for CSR for VPN 1 ......................................................................... 207
Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 1 for Interface G2 .............. 209
Task 3 – Configure a OSPF Template to be used by CSR for VPN 1 ...................................................... 211
Lab 25 - Configuring Device Templates for CSR to deploy VPN 0, 1 and 512 ........................................... 213
Task 1 – Configure a Device Template for CSR Branch Devices. ........................................................... 213
Task 2 – Attach cEdge1 to the Device Template ................................................................................... 217
Task 3 – Configure the Variable Parameters for the Feature Templates ............................................. 218
Lab 26 - Configuring and Deploying Feature and Device Templates for vSmart Controllers ................... 224
Task 1 – Configure a VPN Template to be used by vSmart Controllers for VPN 0 ................................ 224
Task 2 – Configure a VPN Template to be used by vSmart Controllers for VPN 512............................ 225
Task 3 – Configure a VPN Interface Template to be used by vSmart Controllers for VPN 0 for Interface
Eth1 ....................................................................................................................................................... 227
Task 4 – Configure a VPN Interface Template to be used vSmart Controllers for VPN 512 for Interface
Eth0 ....................................................................................................................................................... 228
Task 5 – Configure a Device Template for vSmart Controllers. ............................................................ 230
Task 6 – Attach vSmart to the Device Template ................................................................................... 232
Task 7 – Configure the Variable Parameters for the Feature Templates ............................................. 232
Lab 27 - Configuring Application Aware Policies using Telnet and Web .................................................. 235
Task 1 – Configure Groups of Interests/List that will be used for Telnet & Web Application Aware
Routing (AAR) Policy ............................................................................................................................. 235
Task 2 – Configure an AAR policy based on the Requirements ............................................................ 238
Task 3 – Create a Centralized Policy and call the Traffic Policy ............................................................ 241
Lab 28 - Manipulating Traffic flow using TLOCs ........................................................................................ 248
Task 1 – Configure Groups of Interests/List that will be used for Traffic Engineering Policy for DUBAI
.............................................................................................................................................................. 248
Task 2 – Configure Control/Topology policy based on the Requirements ........................................... 250
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology Policy ... 251
Lab 29 - Configuring Route Filtering ........................................................................................................ 255
Task 1 – Configure Groups of Interests/List that will be used for Route Filtering Policy for Newyork 255
Task 2 – Configure Control/Topology policy based on the Requirements ........................................... 256
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology Policy ... 257

6
Download PNETLab Platform
PNETLAB Store
PNETLab.com

HOW TO SETUP LAB


Hardware Requirement
- CPU: 12v CPU
- RAM: 32GB
- HDD: 100GB

Note: Recommended Rack Rental (if you do not have a PC or server to practice).

- Join the Telegram group support: https://t.me/rackrental


- Pricing: 25 USD/1 week
o Dedicated IP, Server for pactice SD-WAN LAB.
o Included: all in one (IOS, Licensed, Workbook…) just practice only.
o Support: 24/7

7
Download PNETLab Platform
PNETLAB Store
PNETLab.com

8
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Link to download lab and Setup


Note: Lab devices

- VIPTELA 20.3.1: vManager, vBond, vSmart, vEdge.


- Layer 2 Switches: L2-Advan-15.2-IRON
- Layer 3 Router: L3-Advan-15.4
- CRS: CRS1000vng-SDWAN
- ServerCA: Winserver-2008R2

1. How to upload images into PNETLab


a. Prerequirement:
- Download PNETLab platform and lab in the link:
o Link to download PNETLab Platform and setup: https://pnetlab.com/pages/download
o Link to download Lab from Store:
https://user.pnetlab.com/store/labs/detail?id=16052623645692
o Download WINSCP in the link then setup: https://winscp.net/eng/download.php
- Download all images in the link:
magnet:?xt=urn:btih:F1BD30B97284C7ABF46B5DEAC28E415676E0FCEB&dn=viptela

b. Upload Images into PNETLab:


- Step 1: Start PNETLab then login with WinSCP (using your ip address, username and password as
root and pnet respectively)

9
Download PNETLab Platform
PNETLAB Store
PNETLab.com

10
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Step 2: Upload Qemu Images and IOS as shown below:


o Upload All Qemu Images to folder: /opt/unetlab/addons/qemu

11
Download PNETLab Platform
PNETLAB Store
PNETLab.com

12
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Upload All IOS Images to folder: /opt/unetlab/addons/iol/bin

13
Download PNETLab Platform
PNETLAB Store
PNETLab.com

14
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Upload tempalte file for SD-WAN devices to Folder: /opt/unetlab/html/templates

If you skip this step, SD-WAN devices cannot start properly

Link to download Template file:


https://drive.google.com/file/d/1CZqoBv27HBJH3aUTwVDlfPXBr6KX3N5p/view?usp=sharing

Backup Link: https://mega.nz/file/uzxEEKLK#LvfeYdKR_SFi-msYcJgDHQ2vdRrpBltEKqcLChcCiRs

Unzip and copy to folder /opt/unetlab/html/templates in PNETLab

Note: If you are using PNETLab Version from 4.2.0, You do not need to do this step

15
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Step 3: Fixpermissions
o Login to PNETLab platform (note: logging with online account)

16
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Go to: System ➔ System Setting

o Click to Fix permission button

17
Download PNETLab Platform
PNETLAB Store
PNETLab.com

2. How to setup and practice Lab


a. Licensing on SD-WAN devices
- Link to download file serial licence: https://drive.google.com/file/d/1KFqwBLHz-
xB7DXgTWudryedKlEK0lfKy/view?usp=sharing
o Backup Link:
https://mega.nz/file/jyZnSIhJ#rSprYR4z9XY_o2Ryyw3CCBdto5JxEU5AUVzRXRruX-Y
- Save that file to your PC then using this license file for Lab 9

b. ServerCA – Windows Server 2008


- We already set up all tools for SD-WAN Lab in serverCA, just download in the link above (we
shared in session: Link to download Lab and Setup).
- How to login to ServerCA:
o Click to ServerCA then download RDP file and Open, Login with account:
administrator/Pnetlab@123

18
Download PNETLab Platform
PNETLAB Store
PNETLab.com

19
Download PNETLab Platform
PNETLAB Store
PNETLab.com

20
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Account login to the devices in the SD-WAN LAB


- Default username and password to login vManager, vSmart, vBond, vEdge is: admin/admin
- Default username and password to login to ServerCA: administrator/Pnetlab@123

Note: Remember before you start the lab, wipe all nodes:

21
Download PNETLab Platform
PNETLAB Store
PNETLab.com

========Some key notes for practing this lab========

1. If you see all 4 vEdge and cEdge down in Vmanage, almost problem by Switch, you should stop
and start those switch

2. If only 4 vEdge down but cEdge are okay then you can start/stop 4 vEdges. Sometime they are
not stable in lab.

22
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 1: Configuring the WAN Components


Interface Configuration

HQ

Interface IP address Subnet Mask


E0/0 100.1.1.1 255.255.255.0
E0/1 118.1.1.2 255.255.255.0
E0/2 10.1.11.1 255.255.255.0
E0/3 118.1.6.1 255.255.255.0

MPLS-Cloud

Interface IP address Subnet Mask


E0/0 10.1.11.2 255.255.255.0
E0/1 10.1.12.2 255.255.255.0
E0/2 10.1.13.2 255.255.255.0
E0/3 10.1.14.2 255.255.255.0
E1/0 10.1.15.2 255.255.255.0

Interface-Cloud

Interface IP address Subnet Mask


E0/0 118.1.6.2 255.255.255.0
E0/1 118.1.2.2 255.255.255.0
E0/2 118.1.3.2 255.255.255.0
E0/3 118.1.4.2 255.255.255.0
E1/0 118.1.5.2 255.255.255.0

Task 1 – HQ Router Configuration


- Configure the Interfaces based on the Logical Diagram
- Configure OSPF as the IGP to communicate with the MPLS Cloud. Enable all the interfaces.
- Make sure OSPF only sends and receives OSPF packets on the link towards the MPLS Cloud using
the Passive-interface command.
- Configure a default route on the router towards the Internet. The IP Address of the Internet
Router is 192.1.101.254
- Configure BGP between vEdge1 (199.1.1.17) in 65001 and HQ router. Redistribute OPSF into BGP.

HQ Router

hostname HQ
!
interface Ethernet0/0
ip address 100.1.1.1 255.255.255.0
!
interface Ethernet0/1
23
Download PNETLab Platform
PNETLAB Store
PNETLab.com

ip address 118.1.1.2 255.255.255.0


!
interface Ethernet0/2
ip address 10.1.11.1 255.255.255.0
!
interface Ethernet0/3
ip address 118.1.6.1 255.255.255.0
!
router ospf 1
passive-interface default
no passive-interface Ethernet0/2
network 10.1.11.0 0.0.0.255 area 0
network 100.1.1.0 0.0.0.255 area 0
network 108.1.1.0 0.0.0.255 area 0
!
router bgp 65001
bgp log-neighbor-changes
redistribute ospf 1
neighbor 199.1.1.17 remote-as 65001
!
ip route 0.0.0.0 0.0.0.0 118.1.1.2

Task 2 – MPLS Cloud Router Configuration


- Configure the Interfaces based on the Logical Diagram.
- Configure OSPF as the IGP on all the interfaces.

MPLS Cloud Router

hostname MPLS
!
interface Ethernet0/0
ip address 10.1.11.2 255.255.255.0
!
interface Ethernet0/1
ip address 10.1.12.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/2
ip address 10.1.13.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/3
ip address 10.1.14.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet1/0
ip address 10.1.15.2 255.255.255.0
ip ospf network point-to-point
!
24
Download PNETLab Platform
PNETLAB Store
PNETLab.com

router ospf 1
network 10.1.11.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.13.0 0.0.0.255 area 0
network 10.1.14.0 0.0.0.255 area 0
network 10.1.15.0 0.0.0.255 area 0

Task 3- Internet Cloud Router Configuration


- Configure the Interfaces based on the Logical Diagram
- Configure a static route on the Router for the 100.1.1.0/24 network. The Next-hop should point
towards the Internet IP of the HQ Router

Internet Cloud Router

hostname Internet
!
no ip domain lookup
ip cef
!
interface Ethernet0/0
ip address 118.1.1.2 255.255.255.0
!
interface Ethernet0/1
ip address 118.1.2.1 255.255.255.0
!
interface Ethernet0/2
ip address 118.1.3.2 255.255.255.0
!
interface Ethernet0/3
ip address 118.1.4.2 255.255.255.0
!
interface Ethernet1/0
ip address 118.1.5.2 255.255.255.0
!
ip route 100.1.1.0 255.255.255.0 118.1.1.1

25
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 2: Installing the Enterprise Certificate Server


Task 1- Configure the interface
- First Ethernet Interface: Connected_to_192
- Ip address: 192.168.100.4
- Subnet: 255.255.255.0

- Third Ethernet Interface: Connected_to_100


- Ip address: 100.1.1.5
- Netmask: 255.255.255.0
- Gateway: 100.1.1.1

26
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Installing the Enterprise Root Certificate Server


- Open Server Manager -> click Roles-> Next

27
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Click Next

28
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select the “Active Directory Certificate Services" and click Next

- Click Next
- Select “Certification authority Web enrollment” and click Next

29
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Leave it as Standalone and click Next

- Leave it as Root CA and click Next

- Leave “Create a new private key” and click Next


30
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Leave the default for the Cryptography for CA and click Next

31
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Set the Common name as PNETLAB-CA and click Next

- Leave the default for the Validity Period and click Next

32
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Click Next ➔ Install

Task 2 Install WinSCP


- Download WinSCP in this link: https://winscp.net/eng/download.php
- Double-click the WinSCP installation file
- Do a Default installation

33
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 3- Initializing vManage -CLI


Task 1- Configuring the System Component
- Configure the System parameters based on the following:
o Hostname: vManage1
o Organization: SDWAN
o System-IP: 100.1.1.12
o SiteID: 1
o Vbond Address: 100.1.1.4
o Timezone: based on the appropriate Timezone

Note:

- Default username: admin, default password:admin

Then log in with admin/admin

vManage

config
!
system
host-name vManage1
system-ip 100.1.1.12
site-id 1
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4
!
commit

Task 2- Configured the VPN parameters


- Configure the VPN parameters based on the following:
o Vpn0
▪ Interface eth1
▪ IP address: 100.1.1.2/24
▪ Tunnel Interface
▪ Tunel Services (All, NetConf, SSHD)
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.2/24

34
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vManage

config
!
vpn 0
no interface eth0
interface eth1
ip address 100.1.1.2/24
tunnel-interface
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.2/24
no shut
!
commit

35
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 4- Initializing vManage – GUI


Task 1- Organization name & vBond Address
- Login into the vManage from the Server by browsing to https://192.168.100.2:8443 using
username of admin and password of admin

- Navigate to Administration -> Settings


- Click Edit on the Organization name and set it to SDWAN. Confirm the Organization
name. Click OK.
- Click Edit on the vBond address and change it to 100.1.1.4. Confirm and click OK.

36
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root
Certificate.

- Browse to http://100.1.1.5/certsrv
- Click “Download Root Certificate”.

- Select “Base 64”.


- Click “Download CA Certificate”.

37
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open Explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “RootCert”.

38
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the “RootCert.cer” file using Notepad.


- Copy using CTRL-A and CTRL-C.

39
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- In vManage, Navigate to Administration ➔ Settings ➔ Controller Certiticate


Authorization.
- Change the “Certificate Signing by:” to “Enterprise Root Certificate”.
- Paste the RootCert.cer that you had copied by using CTRL-V.

40
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Set the CSR Parameters with the Organization name, City, State, Country. Set the
Time to 3 Years and save.

41
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Note: with sdwan version 20, You must uncheck “Set CSR Properties” due to the bug on the version

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp75927

42
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Generate a CSR for vManage


- Navigate to Configuration -> Certificates -> Controllers -> vManage -> Generate CSR

- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C

43
Download PNETLab Platform
PNETLAB Store
PNETLab.com

44
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Request a Certificate from the CA Server


- Browser to http://192.168.1.5/certsrv
- Click “Request a Certificate”

- Select “Advanced”

45
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the CSR in the box by using CTRL-V and click submit

46
Download PNETLab Platform
PNETLAB Store
PNETLab.com

47
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5 – Issue the Certificate from the CA Server


- Open Server Manager ➔ Roles ➔ Active Directory Certificate Server ➔ PNETLAB-CA ➔
Pending Request.
- Right-click the request ➔ more action ➔ all tasks and click “Issue”

48
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6- Downloading the Issueed Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

- The issued certificate link will show up. Click on the link

49
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “Base 64” and click “Download”

50
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “vManage”

51
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the “vManage.cer” file using Notepad


- Copy using CTRL-A and CTRL-C

52
Download PNETLab Platform
PNETLAB Store
PNETLab.com

53
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 7- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration ➔ Certificate ➔ Controller
- Click on the “install” button at the top right corner

- Paste the Certificate (CTRL-V) and Install

54
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The identity certificate should be installed on vManage

55
Download PNETLab Platform
PNETLAB Store
PNETLab.com

56
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 5- Initializing vBond – CLI


Task 1- Configuring the System component
- Configure the System parameters based on the following:
o Hostname: vBond1
o Organization: SDWAN
o System-IP: 100.1.1.14
o Site ID: 1
o vbond Address: 100.1.1.4
o Timezone: based on the appropriate timezone

Note:

Default username: admin, default password: admin

vBond

config
!
system
host-name vBond1
system-ip 100.1.1.14
site-id 1
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4 local
!
commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
o Vpn 0
▪ Interface ge0/0
▪ Ip address: 100.1.1.4/24
▪ Tunnel interface
▪ Tunnel Services (all, Netconf, sshhd)
▪ Encapsulation: IPSec
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.4

vBond

config
!
vpn 0
no interface eth0
57
Download PNETLab Platform
PNETLAB Store
PNETLab.com

interface ge0/0
ip address 100.1.1.4/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.4/24
no shut
!
commit

58
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 6- Initializing vBond -GUI


Task 1 – Add vBond to vManage
- Navigate to Configuration ➔ Devices ➔ Controllers ➔ Add Controllers – vBond and specify the
following to add the vBond in vManage.
o IP Address: 100.1.1.4
o Username: admin
o Password: admin
o Check Generate CSR
o Click OK

59
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – View the generated CSR for vBond and copy it


- Navigate to Configuration ➔ Certificates ➔ Controllers ➔ vBond ➔ view CSR

- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C

60
Download PNETLab Platform
PNETLAB Store
PNETLab.com

61
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Request a certificate from the CA Server


- Browser to http://192.168.100.5/certsrv
- Click “Request a Certificate”

- Select “Advanced”

62
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the CSR in the box by using CTRL-V and click Submit

63
Download PNETLab Platform
PNETLAB Store
PNETLab.com

64
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Issue the Certificate from the CA Server


- Open Server Manager ➔ Roles ➔ Active Directory Certificate Server ➔ PNETLAB-CA ➔
Pending Request.
- Right-click the request ➔ more action ➔ all tasks and click “Issue”

65
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5- Downloading the Issued Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

- The issued certificate link will show up. Click on the link

66
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “Base 64” and click “Download”

67
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “vBond”

68
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the vBond.cer file using Notepad


- Copy using CTRL-A and CTRL-C

69
Download PNETLab Platform
PNETLAB Store
PNETLab.com

70
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration ➔ Certificates ➔ Controllers
- Click on the “Install Certificate” button at the top right corner

- Paste the Certificate (CTRL-V).

71
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The Identity certificate should be installed for vBond and pushed to it.

72
Download PNETLab Platform
PNETLAB Store
PNETLab.com

73
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 7 – Initializing vSmart – CLI


Task 1 - Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vSmart1
o Organization: SDWAN
o System-IP: 100.1.1.13
o Site ID: 1
o vbond Address: 100.1.1.4
o Timezone: Based on the appropriate Timezone

Note: Default username: admin Default password: admin

VSmart

config
!
system
host-name vSmart1
system-ip 100.1.1.13
site-id 1
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4
!
commit

Task 2 – Configured the vpn parameters


- Configure the VPN parameters based on the following:
o vpn 0
▪ Interface Eth1
▪ IP Address: 100.1.1.3/24
▪ Tunnel Interface
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 100.1.1.1
o vpn 512
▪ Interface eth0
▪ IP Address: 192.168.100.3/24

vSmart

config
!
vpn 0
no interface eth0
interface eth1
ip address 100.1.1.3/24
tunnel-interface
74
Download PNETLab Platform
PNETLAB Store
PNETLab.com

allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.3/24
no shut
!
commit

75
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 8 – Initializing vSmart – GUI


Task 1- Add vSmart to vManage
- Navigate to Configuration ➔ Devices ➔ Controllers ➔ Add Controllers ➔ vSmart and
specify the following to add the vBond in vManage.
o IP Address: 100.1.1.3
o Username: Admin
o Password: Admin
o Check Generate CSR
o Click OK

76
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – View the generated CSR for vSmart and Copy it


- Navigate to Configuration ➔ Certificates ➔ Controllers ➔ vSmart ➔ View CSR

- It will open a window with CSR. Copy by using CTRL-A and CTRL-C

77
Download PNETLab Platform
PNETLAB Store
PNETLab.com

78
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Request a Certificate from the CA Server


- Browser to http://192.168.100.5/certsrv
- Click “Request a Certificate”

- Select “Advanced”

79
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the CSR in the box by using CTRL-V and click Submit

80
Download PNETLab Platform
PNETLAB Store
PNETLab.com

81
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Issue the Certificate from the CA Server


- Open Server Manager ➔ Roles ➔ Active Directory Certificate Server ➔ PNETLAB-CA ➔
Pending Request.
- Right-click the request ➔ more action ➔ all tasks and click “Issue”

82
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5- Downloading the Issued Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

- The issued certificate link will show up. Click on the link

83
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “Base 64” and click “Download”

84
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “vSmart”

85
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the vBond.cer file using Notepad


- Copy using CTRL-A and CTRL-C

86
Download PNETLab Platform
PNETLAB Store
PNETLab.com

87
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration ➔ Certificates ➔ Controllers
- Click on the “Install Certificate” button at the top right corner

- Paste the Certificate (CTRL-V).

88
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The Identity certificate should be installed for vSmart and pushed to it.

89
Download PNETLab Platform
PNETLAB Store
PNETLab.com

90
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 9 – initializing vEdge – CLI


Note:

Before doing this lab, please note that vedge have bug related to resolve the next-hop on vpn0. So
sometime, vmanage cant reach to vedge ➔ You must flap Ge0/0 or Ge0/1 interface.

Task 1 – Upload the WAN Edge List


- On the vManage Main windows, Naviagte to Configuration ➔ Devices. Click on “Upload WAN
Edge List”.

- Select the file you downloaded from Section: HOW TO SETUP LAB > Link to download lab and
Setup > 2. How to setup and practice lab > licensing on SD-WAN Devices. Upload it and check
the Validate option.

91
Download PNETLab Platform
PNETLAB Store
PNETLab.com

92
Download PNETLab Platform
PNETLAB Store
PNETLab.com

93
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-1
Task 1 – Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vEdge1
o Organization: SDWAN
o System-IP: 119.1.1.21
o Site ID: 1
o vbond Address: 100.1.1.4
o Timezone: clock timezone America/Antigua

Note: Default username: admin Default password: admin

94
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEdge1

config
system
host-name vEdge1
system-ip 119.1.1.21
site-id 1
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4

commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
o vpn 0
▪ Interface ge0/0
▪ IP Address: 119.1.1.1/24
▪ Tunnel Interface
▪ Encapsulation IPSec
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 119.1.1.2
o vpn 512
▪ Interface eth0
▪ IP Address: DHCP Client

vEdge1

config
vpn 0
no interface eth0
interface ge0/0
ip address 119.1.1.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 119.1.1.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit

95
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-2
Task 1 – Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vEdge2
o Organization: SDWAN
o System-IP: 118.1.2.22
o Site ID: 2
o vbond Address: 100.1.1.4
o Timezone: Based on the appropriate Timezone

Note: Default username: admin Default password: admin

vEdge2

config
system
host-name vEdge2
system-ip 118.1.2.22
site-id 2
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4
commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
o vpn 0
▪ Interface ge0/0
▪ IP Address: 118.1.2.1/24
▪ Tunnel Interface
▪ Encapsulation IPSec
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 118.1.2.2
o vpn 512
▪ Interface eth0
▪ IP Address: DHCP Client

vEdge2

config
vpn 0
no interface eth0
interface ge0/1
ip address 118.1.2.1/24
tunnel-interface
encapsulation ipsec

96
Download PNETLab Platform
PNETLAB Store
PNETLab.com

allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.2.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
!
commit

vEDGE-3
Task 1 – Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vEdge3
o Organization: SDWAN
o System-IP: 118.1.3.23
o Site ID: 3
o vbond Address: 100.1.1.4
o Timezone: Based on the appropriate Timezone
o Note: Default username: admin Default password: admin

vEdge3

config
!
system
host-name vEdge3
system-ip 118.1.3.23
site-id 3
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4
!
commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
- vpn 0
o Interface ge0/1
o IP Address: 118.1.3.1/24
o Tunnel Interface
o Encapsulation IPSec
o Tunnel Services (All, NetConf, SSHD)
97
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Default Route: 118.1.3.2


- vpn 512
o Interface eth0
o IP Address: DHCP Client

vEdge3

config
vpn 0
no interface ge0/0
interface ge0/1
ip address 118.1.3.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.3.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit

vEDGE-4
Task 1 – Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vEdge4
o Organization: SDWAN
o System-IP: 118.1.5.25
o Site ID: 4
o vbond Address: 100.1.1.4
o Timezone: Based on the appropriate Timezone

Note: Default username: admin Default password: admin

vEdge4

config
system
host-name vEdge4
system-ip 118.1.5.25
site-id 4
organization-name SDWAN
clock timezone America/Antigua
vbond 100.1.1.4

98
Download PNETLab Platform
PNETLAB Store
PNETLab.com

commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
o vpn 0
▪ Interface ge0/0
▪ IP Address: 118.1.4.1/24
▪ Tunnel Interface
▪ Encapsulation IPSec
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 118.1.4.2
o vpn 512
▪ Interface eth0
▪ IP Address: DHCP Client

vEdge4

config
vpn 0
no interface ge0/0
interface ge0/1
ip address 118.1.4.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.4.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit

99
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 10 – Registering vEdges in vManage


vEDGE-1
Task 1- Upload the Root Certificate to the vEdge
- On the Windows Server, open WINSCP application.
- Connect to vEdge1 using the following information:
o IP Address : 119.1.1.1
o Protocol - SFTP
o Username : admin
o Password : admin

- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the vEdge1

100
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Install the Root Certificate on vEdge1


- Connect to the console of vEdge1 and issue the following command:

vEdge1:

request root-cert-chain install /home/admin/RootCert.cer

Log install successfully as bellow:

vEdge1# request root-cert-chain install /home/admin/RootCert.cer


Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCert.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain

101
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Active vEdge on vManage


- Navigate to Configuration ➔ Devices

- Note and use the Chassis Number and Token Number for the list vEdge from vManage
- Use the information from the previous step in the following command on the vEdge1 console.

vEdge1

Request vedge-cloud activate chassis-number <chassis number> <token>

- We can check after adding finish

102
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-2
Task 1 – Upload the Root Certificate to the vEdge
- On the Windows Server, open WINSCP application.
- Connect to vEdge2 using the following information:
o IP Address : 118.1.2.1
o Protocol - SFTP
o Username : admin
o Password : admin

103
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the
vEdge2

104
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Install the Root Certificate on vEdge2


- Connect to the console of vEdge2 and issue the following command:

vEdge2:

request root-cert-chain install /home/admin/RootCert.cer

Log install successfully as bellow:

vEdge2# request root-cert-chain install /home/admin/RootCert.cer


Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCert.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain

105
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Active vEdge on vManage


- Navigate to Configuration ➔ Devices

- Note and use the Chassis Number and Token number for the 2nd vEdge from vManage.
- Use the information from the previous step in the following command on the vEdge2 console

Request vedge-cloud activate chassis-number <chassis number> <token>

request vedge-cloud activate chassis-number XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX token

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- You should see the vEdge in the vManage console with a Certificate issued.

106
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-3
Task 1 – Upload the Root Certificate to the vEdge
- On the Windows Server, open WINSCP application.
- Connect to vEdge3 using the following information:
o IP Address : 118.1.3.1
o Protocol - SFTP
o Username : admin
o Password : admin

107
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the
vEdge3

108
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Install the Root Certificate on vEdge3


- Connect to the console of vEdge3 and issue the following command:

vEdge3:

request root-cert-chain install /home/admin/RootCert.cer

Log install successfully as bellow:

vEdge3# request root-cert-chain install /home/admin/RootCert.cer


Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCert.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain

109
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Active vEdge on vManage


- Navigate to Configuration ➔ Devices

- Note and use the Chassis Number and Token number for the 3nd vEdge from vManage.
- Use the information from the previous step in the following command on the vEdge3 console

Request vedge-cloud activate chassis-number <chassis number> <token>

request vedge-cloud activate chassis-number XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX token

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- You should see the vEdge in the vManage console with a Certificate issued.

110
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-4
Task 1 – Upload the Root Certificate to the vEdge
- On the Windows Server, open WINSCP application.
- Connect to vEdge4 using the following information:
o IP Address : 118.1.4.1
o Protocol - SFTP
o Username : admin
o Password : admin

111
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the
vEdge4

112
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Install the Root Certificate on vEdge4


- Connect to the console of vEdge4 and issue the following command:

vEdge4:

request root-cert-chain install /home/admin/RootCert.cer

Log install successfully as bellow:

vEdge4# request root-cert-chain install /home/admin/RootCert.cer


Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCert.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain

113
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Active vEdge on vManage


- Navigate to Configuration ➔ Devices

- Note and use the Chassis Number and Token number for the 3nd vEdge from vManage.
- Use the information from the previous step in the following command on the vEdge3 console

Request vedge-cloud activate chassis-number <chassis number> <token>

request vedge-cloud activate chassis-number XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX token

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- You should see the vEdge in the vManage console with a Certificate issued.

114
Download PNETLab Platform
PNETLAB Store
PNETLab.com

115
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 11 – Initializing cEdge – CLI


cEDGE-1
Task 1 – Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : cEdge5
o Organization: SDWAN
o System-IP: 118.1.5.25
o Site ID: 5
o vbond Address: 100.1.1.4
o Timezone: Based on the appropriate Timezone

Note: Default username: admin Default password: admin

cEdge1

config-transaction
hostname cEdge1
system
system-ip 118.1.5.25
site-id 5
organization-name SDWAN
vbond 100.1.1.4
exit
clock timezone America/Antigua
commit

Task 2 – Configure the Interface and Tunnel Parameters


- Configure the Interface parameters based on the following:
o GigabitEthernet1 Parameters
▪ IP Address: 118.1.5.1/24
▪ Default Route: 118.1.5.2
o Tunnel Parameters Parameters
▪ Tunnel Interface: Tunnel1
▪ Tunnel Source: GigabitEthernet1
▪ Tunnel Mode: SDWAN
o SDWAN Interface Parameters
▪ Interface: GigabitEthernet1
▪ Encapsulation: IPSec
▪ Color: default
▪ Tunnel Services (All, NetConf, SSHD)

116
Download PNETLab Platform
PNETLAB Store
PNETLab.com

cEdge1:

cEdge1
config-transaction
interface GigabitEthernet1
no shutdown
ip address 118.1.5.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 118.1.5.2

interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color default
allow-service all
allow-service sshd
allow-service netconf
exit
exit
commit

117
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 12 – Registering cEdges in vManage


cEDGE-1
Task 1 – Upload the Root Certificate to the cEdge
- Open the TFTP Application on the Windows Server.
- Configure the Default Folder as the Downloads Folder and using the 100.1.1.5 as the TFTP
Interface.

- Connect to the console of cEdge1 and copy the RootCert.cer file to flash: using the following
command: copy tftp://100.1.1.5/RootCert.cer flash:

118
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Install the Root Certificate on cEdge1


Connect to the console of cEdge1 and issue the following command: request platform software sdwan
root-cert-chain install bootflash:RootCert.cer

119
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 - Activate cEdge on vManage


- Navigate to Configuration -> Devices
- Note and use the Chassis Number and Token number for the 1st CSR Device from vManage.

- Use the information from the previous step in the following command on the cEdge1 console.

request platform software sdwan vedge_cloud activate chassis-number CSR-XXXXXXXX-XXXX-XXXX-


XXXXXXXXXXXXXXXX token XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- You should see the vEdge in the vManage console with a Certificate issued

120
Download PNETLab Platform
PNETLAB Store
PNETLab.com

121
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 13 – Configuring Feature Template –System


Task 1 – Configure the System Template to be used by all vEdgeCloud Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Basic
Information ➔ System
- Configure the System parameters based on the following:
o Template Name: VE-System
o Description: VE-System
o Site ID ➔ Device Specific
o System IP ➔ Device Specific
o Hostname ➔ Device Specific
o Timezone ➔ Global: America/Antigua
o Console Baud Rate ➔ 9600
- Click Save to save the Template.

122
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure the System Template to be used by all cEdgeCloud Devices


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR 1000v ➔ Basic
Information ➔ Cisco System
- Configure the System parameters based on the following:
o Template Name : CE-System
o Description: CE-System
o Site ID ➔ Device Specific
o System IP ➔ Device Specific
o Hostname ➔ Device Specific
o Timezone ➔ Global : America/Antigua
o Console Baud Rate ➔ 9600
- Click Save to save the Template.

123
Download PNETLab Platform
PNETLAB Store
PNETLab.com

124
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure the System Template to be used by all vSmart Device


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Basic
Information ➔ System
- Configure the System parameters based on the following:
o Template Name : Vsmart-System
o Description : Vsmart-System
o Site ID ➔ Device Specific
o System IP ➔ Device Specific
o Hostname ➔ Device Specific
o Timezone ➔ Global : America/Antigua
- Click Save to save the Template.

125
Download PNETLab Platform
PNETLAB Store
PNETLab.com

126
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 14 – Configuring Feature Template –Banner


Task 1 – Configure the Banner Template to be used by all vEdgeCloud Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ OTHER
TEMPLETES ➔ Banner
- Configure the Banner parameters based on the following:
o Template Name : VE-Banner
o Description : VE-Banner
o Login Banner: PNETLAB Authorized Users Only !!!
o MOTD: Welcome To SD-PNETLAB !!!
- Click Save to save the Template.

127
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure the Banner Template to be used by all cEdgeCloud Devices


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR 1000v ➔ OTHER
TEMPLETES ➔ Cisco Banner
- Configure the Banner parameters based on the following:
o Template Name: CE-Banner
o Description: CE-Banner
o Banner: PNETLAB Authorized Users Only !!!
o MOTD: Welcome To SD-PNETLAB !!!
- Click Save to save the Template.

128
Download PNETLab Platform
PNETLAB Store
PNETLab.com

129
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 15 - Configuring Feature Templates -VPN & VPN Interfaces for VPN 0
& 512 ––Branch Site(vEdges)
Task 1 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPN-VPN0
o Description: BR-VE-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global: Transport VPN
IPv4 Route
o Prefix ➔ Global: 0.0.0.0/0
o Next Hop ➔ Device Specific
- Click Save to save the Template.

130
Download PNETLab Platform
PNETLAB Store
PNETLab.com

131
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
512
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPN-VPN512
o Description: BR-VE-VPN-VPN512
Basic Configuration
o VPN ➔ Global: 512
o Name ➔ Global: MGMT VPN
- Click Save to save the Template.

132
Download PNETLab Platform
PNETLAB Store
PNETLab.com

133
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud


Devices for VPN 0 for Interface G0/0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPNINT-VPN0-G0
o Description: BR-VE-VPNINT-VPN0-G0
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: Ge0/0
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Inteface ➔ Global: On
o Color ➔ Global: MPLS
Allow Service
o All ➔ Global: On
134
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o NETCONF ➔ Global: On
o SSH ➔ Global: On
- Click Save to save the Template.

135
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud


Devices for VPN 0 for Interface G0/1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPNINT-VPN0-G1
o Description: BR-VE-VPNINT-VPN0-G1
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: Ge0/1
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Inteface ➔ Global: On
o Color ➔ Global: BIZ-Internet
Allow Service
o All ➔ Global: On
136
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o NETCONF ➔ Global: On
o SSH ➔ Global: On
- Click Save to save the Template.

137
Download PNETLab Platform
PNETLAB Store
PNETLab.com

138
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud


Devices for VPN 512 for Interface Eth0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPNINT-VPN512-Eth0
o Description: BR-VE-VPNINT-VPN512-Eth02
Basic Configuration
o Shutdown -> Global: No
o Interface Name -> Global: Eth0
o IPv4 Address -> Dynamic
- Click Save to save the Template

139
Download PNETLab Platform
PNETLAB Store
PNETLab.com

140
Download PNETLab Platform
PNETLAB Store
PNETLab.com

141
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 16 - Configuring Feature Templates –External Routing - OSPF for


VPN 0 –Branch Site (vEdges)
Task 1 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN
0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Other
Templates ➔ OSPF
- Configure the OSPF parameters based on the following:
o Template Name: BR-VE-OSPF-VPN0
o Description: BR-VE-OSPF-VPN0
Area Configuration
o Area Number ➔ Global: 0
o Area Type ➔ Default
Interface Configuration
o Interface Name: Ge0/0
Advanced
o OSPF Network Type: Point-to-Point
- Click Add to add the Interface and Click Add to add OSPF.
- Click Save to save the Template.

142
Download PNETLab Platform
PNETLAB Store
PNETLab.com

143
Download PNETLab Platform
PNETLAB Store
PNETLab.com

144
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 17 - Configuring and Deploying Device Templates for vEdge – Branch


Site(vEdge2)
Task 1 – Configure a Device Template for Branch vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vEdge
Cloud
- Configure the Device Template based on the following:
o Template Name: BR-VE-TEMP
o Description: BR-VE-TEMP
Basic Information
o System ➔ VE-System
Transport & Management
o VPN 0: BR-VE-VPN-VPN0
o VPN Interface: BR-VE-VPNINT-VPN0-G0
o VPN Interface: BR-VE-VPNINT-VPN0-G1
o OSPF: BR-VE-OSPF-VPN0
o VPN 512: BR-VE-VPN-VPN512
o VPN Interface: BR-VE-VPNINT-VPN512-Eth0
- Click Create to save the Template.

145
Download PNETLab Platform
PNETLAB Store
PNETLab.com

146
Download PNETLab Platform
PNETLAB Store
PNETLab.com

147
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Attach vEdge2 to the Device Template


- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP.
- Click on “…” towards the right-hand side.
- Click Attach Devices.
- Select vEdge2 and click the “➔“ button.
- Click Attach.

148
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure the Variable Parameters for the Feature Templates


- vEdge2 will appear in the window.
- Click on “…” towards the right-hand side.
- Click Edit Device Template.
- Configure the variables based on the following:
o Default Gateway for VPN0: 118.1.2.2
o Interface IP for Ge0/1: 118.1.2.1/24
o Interface IP for Ge0/0: 10.1.12.1/24
o Hostname: vEdge-2
o System IP: 118.1.2.22
o Site ID: 2
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.
- Verify the configuration on vEdge2. You can do that by verify OSPF Neighbor relationship with
the MPLS Router by issuing the Show ospf neighbor command on vEdge2.

149
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the MPLS
Router.

150
Download PNETLab Platform
PNETLAB Store
PNETLab.com

151
Download PNETLab Platform
PNETLAB Store
PNETLab.com

152
Download PNETLab Platform
PNETLAB Store
PNETLab.com

153
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 18 - Configuring Internal Routing Protocols on the Internal Routing


Devices – HQ & All Branches
Interface Configuration
Site-1

Interface IP address Mask


E 0/0 172.171.1.2 255.255.255.0
Loopback1 192.168.11.1 255.255.255.0
Loopback2 192.168.12.1 255.255.255.0
Loopback3 192.168.13.1 255.255.255.0

Site-2
Interface IP Address Subnet Mask
E 0/0 172.172.1.2 255.255.255.0
Loopback1 192.168.21.1 255.255.255.0
Loopback2 192.168.22.1 255.255.255.0
Loopback3 192.168.23.1 255.255.255.0
Loopback4 192.168.234.2 255.255.255.255

Site-3
Interface IP Address Subnet Mask
E 0/0 172.173.1.2 255.255.255.0
Loopback1 192.168.31.1 255.255.255.0
Loopback2 192.168.32.1 255.255.255.0
Loopback3 192.168.33.1 255.255.255.0
Loopback4 192.168.234.3 255.255.255.255

Site-4
Interface IP Address Subnet Mask
E 0/0 172.174.1.2 255.255.255.0
Loopback1 192.168.41.1 255.255.255.0
Loopback2 192.168.42.1 255.255.255.0
Loopback3 192.168.43.1 255.255.255.0
Loopback4 192.168.234.4 255.255.255.255

Site-5
Interface IP Address Subnet Mask
E 0/0 172.175.1.2 255.255.255.0
Loopback1 192.168.51.1 255.255.255.0
Loopback2 192.168.52.1 255.255.255.0
Loopback3 192.168.53.1 255.255.255.0

154
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 1 – Internal Site Router Configurations


- Configure the Interfaces based on the Logical Diagram
- Configure OSPF as the IGP to communicate with the vEdge/cEdge devices. Enable all the
interfaces under OSPF.
- Configure the Loopback Interfaces as OSPF Network Point-to-point Interfaces.

Site-1
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-1
!
Interface E 0/0
ip address 172.171.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.11.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback2
ip address 192.168.12.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback3
ip address 192.168.13.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 1
network 172.171.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0

Site-2
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-2
!
Interface E 0/0
ip address 172.172.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.21.1 255.255.255.0

155
Download PNETLab Platform
PNETLAB Store
PNETLab.com

ip ospf network point-to-point


!
Interface Loopback2
ip address 192.168.22.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback3
ip address 192.168.23.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback4
ip address 192.168.234.2 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
network 172.174.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0

Site-3
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-3
!
Interface E 0/0
ip address 172.173.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.31.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback2
ip address 192.168.32.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback3
ip address 192.168.33.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback4
ip address 192.168.234.3 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
network 172.173.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
156
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Site-4
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-4
!
Interface E 0/0
ip address 172.174.1.2 255.255.255.0
no shut

Interface Loopback1
ip address 192.168.41.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback2
ip address 192.168.42.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback3
ip address 192.168.43.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback4
ip address 192.168.234.4 255.255.255.255
ip ospf network point-to-point
!
router ospf 1
network 172.174.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0

Site-5
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-5
!
Interface E0/0
ip address 172.175.1.2 255.255.255.0
ip ospf network point-to-point
no shut
!
Interface Loopback1
ip address 192.168.51.1 255.255.255.0
157
Download PNETLab Platform
PNETLAB Store
PNETLab.com

ip ospf network point-to-point


!
Interface Loopback2
ip address 192.168.52.1 255.255.255.0
ip ospf network point-to-point
!
Interface Loopback3
ip address 192.168.53.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 1
network 172.175.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0

158
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 19 - Configuring Feature Templates –Service VPN – VPN, VPN


Interface and Internal Routing – Branch Site (vEdges)
Task 1 - Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPN-VPN1
o Description: BR-VE-VPN-VPN1
Basic Configuration
o VPN ➔ Global: 1
o Name ➔ Global: Data VPN
- Click Save to save the Template.

159
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud


devices for VPN 1 for Interface G0/2
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-VE-VPNINT-VPN1-G2
o Description: BR-VE-VPNINT-VPN1-G2
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: Ge0/2
o IPv4 Address ➔ Static ➔ Device Specific
- Click Save to save the Template.

160
Download PNETLab Platform
PNETLAB Store
PNETLab.com

161
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN
1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Other
Templates ➔ OSPF
- Configure the OSPF parameters based on the following:
o Template Name: BR-VE-OSPF-VPN1
o Description: BR-VE-OSPF-VPN1
Redistribution
o Protocol: OMP
- Area Configuration
o Area Number ➔ Global : 0
o Area Type ➔ Default
Interface Configuration
o Interface Name: Ge0/2
- Click Add to add the Interface and Click Add to add OSPF.
- Click Save to save the Template.
162
Download PNETLab Platform
PNETLAB Store
PNETLab.com

163
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 20 - Implementing a Service VPN using Templates – Branch Site


(vEdge2)
Task 1 – Edit the BR-VE-TEMP Device Template for Branch vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP ➔ “…” ➔ Edit
- Edit the BR-VE-TEMP Device Template based on the following:
Service VPN
o VPN 1: BR-VE-VPN-VPN1
o VPN Interface: BR-VE-VPNINT-VPN1-G2
o OSPF: BR-VE-OSPF-VPN1
- Click Save to save the Template

Task 2 – Configure the Variable Parameters for the Feature Templates


- vEdge2 will appear in the window.
- Click on “…” towards the right-hand side & click Edit Device Template.
- Configure the variables based on the following:

164
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Interface IP for Ge0/2: 172.172.1.1/24


- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.
- Verify the configuration on vEdge2. You can do that by verify OSPF Neighbor relationship with
the Site-2 Router by issuing the Show ospf neighbor command on vEdge2.
- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the Internal Site
Router.

165
Download PNETLab Platform
PNETLAB Store
PNETLab.com

166
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 21 - Pushing Template to configure other Branch Sites - – Branch


Site(vEdge3 & vEdge4)
Task 1 – Attach the BR-VE-TEMP Device Template for Branch vEdge Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP ➔ “…” ➔ Attach
Devices.
- Click Attach Devices.
- Select vEdge3 & vEdge4 and click the “➔“ button.
- Click Attach.
- vEdge3 & vEdge4 will appear in the window.
- Click on “…” towards the right-hand side for both devices, one at a time click Edit Device
Template.
- Configure the variables based on the following:
vEdge-3
o Interface IP for ge0/2: 172.173.1.1/24
o Default Gateway for VPN0: 118.1.3.2
o Interface IP for ge0/1: 118.1.3.1/24
o Interface IP for ge0/0: 10.1.13.1/24
o Hostname: vEdge-3
o System IP: 118.1.3.23
o Site ID: 3
- Click Update.
vEdge-4
o Interface IP for ge0/2: 172.174.1.1/24
o Default Gateway for VPN0: 118.1.4.2
o Interface IP for ge0/1: 118.1.4.1/24
o Interface IP for ge0/0: 10.1.14.1/24
o Hostname: vEdge-4
o System IP: 118.1.4.24
o Site ID: 4
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.
- Verify the configuration on vEdge3 & vEdge4. You can do that by verify OSPF Neighbor
relationship with the Internal Site Router by issuing the Show ospf neighbor command on the
vEdges.
- Type Show Ip route on Internal Site Routers to verify that you are receiving OSPF routes from
the other Sites.
- Verify reachability between the sites by Pinging the Internal Loopback to Loopback networks.

167
Download PNETLab Platform
PNETLAB Store
PNETLab.com

168
Download PNETLab Platform
PNETLAB Store
PNETLab.com

169
Download PNETLab Platform
PNETLAB Store
PNETLab.com

170
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 22 – Configuring Feature Templates for HQ-Site(vEdge1) – VPNs,


VPN Interfaces, External & Internal Routing
VPN 0
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPN-VPN0
o Description: HQ-VE-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global: Transport VPN
IPv4 Route
o Prefix ➔ Global: 0.0.0.0/0
o Next Hop ➔ Device Specific
- Click Save to save the Template.

171
Download PNETLab Platform
PNETLAB Store
PNETLab.com

172
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for


VPN 0 for Interface G0/0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPNINT-VPN0-G0
o Description: HQ-VE-VPNINT-VPN0-G0
Basic Configuration
o Shutdown ➔ Global : No
o Interface Name ➔ Global: ge0/0
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Interface ➔ Global: On
o Color ➔ Default
Allow Service
o All ➔ Global: On
173
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o NETCONF ➔ Global: On
o SSH ➔ Global: On
- Click Save to save the Template.

Task 3 – Configure a BGP Template to be used by HQ vEdge-Cloud Devices for VPN 0


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Other
Templates ➔ BGP
- Configure the BGP parameters based on the following:
o Template Name: HQ-VE-BGP-VPN0
o Description: HQ-VE-BGP-VPN0
- Basic Configuration
o Shutdown ➔ Global: No
o AS Number ➔ Global: 65001
- Neighbor
o Address ➔ Global: 119.1.1.2
o Remote AS ➔ Global: 65001
o Address Family ➔ Global: On
o Address Family ➔ Global: IPv4-Unicast

174
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Click Add to add the Interface and Click Add to add BGP Neighbor.
- Click Save to save the Template.

175
Download PNETLab Platform
PNETLAB Store
PNETLab.com

176
Download PNETLab Platform
PNETLAB Store
PNETLab.com

VPN 512
Task 1 – Configure a VPN Template to be used by HQ vEdge-Cloud Devices for VPN 512
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPN-VPN512
o Description: HQ-VE-VPN-VPN512
Basic Configuration
o VPN ➔ Global: 512
o Name ➔ Global: MGMT VPN
- Click Save to save the Template.

177
Download PNETLab Platform
PNETLAB Store
PNETLab.com

178
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for


VPN 512 for Interface Eth0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPNINT-VPN512-E0
o Description: HQ-VE-VPNINT-VPN512-E0
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: eth0
o IPv4 Address ➔ Dynamic
- Click Save to save the Template

179
Download PNETLab Platform
PNETLAB Store
PNETLab.com

180
Download PNETLab Platform
PNETLAB Store
PNETLab.com

VPN 1
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPN-VPN1
o Description: HQ-VE-VPN-VPN1
Basic Configuration
o VPN ➔ Global: 1
o Name ➔ Global: Data VPN
- Click Save to save the Template.

181
Download PNETLab Platform
PNETLAB Store
PNETLab.com

182
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for


VPN 1 for Interface G0/2
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: HQ-VE-VPNINT-VPN1-G2
o Description: HQ-VE-VPNINT-VPN1-G2
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: ge0/2
o IPv4 Address ➔ Static ➔ Device Specific
- Click Save to save the Template.

183
Download PNETLab Platform
PNETLAB Store
PNETLab.com

184
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a OSPF Template to be used by HQ vEdge-Cloud Devices for VPN 1


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Other
Templates ➔ OSPF
- Configure the OSPF parameters based on the following
o Template Name: HQ-VE-OSPF-VPN1
o Description: HQ-VE-OSPF-VPN1
Redistribution
o Protocol: OMP
- Area Configuration
o Area Number ➔ Global: 0
o Area Type ➔ Default
Interface Configuration
o Interface Name: ge0/2
- Click Add to add the Interface and Click Add to add OSPF.
- Click Save to save the Template.

185
Download PNETLab Platform
PNETLAB Store
PNETLab.com

186
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 23 - Configuring Device Templates for HQ-Site(vEdge1) to deploy


VPN 0, 1 and 512.
Task 1 – Configure a Device Template for HQ vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vEdge
Cloud
- Configure the Device Template based on the following:
o Template Name: HQ-VE-TEMP
o Description: HQ-VE-TEMP
Basic Information
o System ➔ VE-System
Transport & Management
o VPN 0: HQ-VE-VPN-VPN0
o VPN Interface: HQ-VE-VPNINT-VPN0-G0
o BGP: HQ-VE-BGP-VPN0
o VPN 512: HQ-VE-VPN-VPN512
o VPN Interface: HQ-VE-VPNINT-VPN512-E0
Service VPN
o VPN 1: HQ-VE-VPN-VPN1
o VPN Interface: HQ-VE-VPNINT-VPN1-G2
o OSPF: HQ-VE-OSPF-VPN1
- Click Save to save the Template.

187
Download PNETLab Platform
PNETLAB Store
PNETLab.com

188
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Attach vEdge1 to the Device Template


- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ HQ-VE-TEMP.
- Click on “…” towards the right-hand side.
- Click Attach Devices.
- Select vEdge1 and click the “➔“ button.
- Click Attach.

189
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure the Variable Parameters for the Feature Templates


- vEdge1 will appear in the window.
- Click on “…” towards the right-hand side.
- Click Edit Device Template.
- Configure the variables based on the following:
o Interface IP for ge0/2:172.171.1.1/24
o Default Gateway for VPN0: 119.1.1.2
o Interface IP for ge0/0:119.1.1.1/24
o Hostname: vEdge-1
o System IP: 119.1.1.21
o Site ID: 1
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.
- Verify the configuration on vEdge1. You can do that by verify OSPF Neighbor relationship with
the Internal Router by issuing the Show ospf neighbor command on vEdge1.

190
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the MPLS
Router.
- Type Show Ip route on Internal Site Routers to verify that you are receiving OSPF routes from
the other Sites.
- Verify reachability between the sites by Pinging the Internal Loopback to Loopback networks.

191
Download PNETLab Platform
PNETLAB Store
PNETLab.com

192
Download PNETLab Platform
PNETLAB Store
PNETLab.com

193
Download PNETLab Platform
PNETLAB Store
PNETLab.com

194
Download PNETLab Platform
PNETLAB Store
PNETLab.com

195
Download PNETLab Platform
PNETLAB Store
PNETLab.com

196
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 24 – Configuring Feature Templates for CSR – VPNs, VPN Interfaces,


External & Internal Routing
VPN 0
Task 1 – Configure a VPN Template by CSR for VPN 0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ Cisco
VPN
- Configure the VPN parameters based on the following:
o Template Name: BR-CSR-VPN-VPN0
o Description: BR-CSR -VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global: Transport VPN
IPv4 Route
o Prefix ➔ Global: 0.0.0.0/0
o Next Hop ➔ Device Specific
- Click Save to save the Template.

197
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 0 for Interface
GigabitEthernet1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-CSR-VPNINT-VPN0-G1
o Description: BR-CSR-VPNINT-VPN0-G1
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: GigabitEthernet1
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Inteface ➔ Global: On
o Color ➔ Default
Allow Service
o All ➔ Global: On
o NETCONF ➔ Global: On
o SSH ➔ Global: On
- Click Save to save the Template.

198
Download PNETLab Platform
PNETLAB Store
PNETLab.com

199
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a VPN Interface Template to be used by CSR for VPN 0 for Interface
GigabitEthernet3
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: BR-CSR-VPNINT-VPN0-G3
o Description: BR-CSR-VPNINT-VPN0-G3
- Basic Configuration
o Shutdown ➔ Global : No
o Interface Name ➔ Global: GigabitEthernet3
o IPv4 Address ➔ Static ➔ Device Specific
- Tunnel
o Tunnel Interface ➔ Global: On
o Color ➔ MPLS
- Allow Service
o All ➔ Global : On
200
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o NETCONF ➔ Global : On
o SSH ➔ Global : On
- Click Save to save the Template.

201
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Configure a OSPF Template to be used by CSR for VPN 0


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ Other
Templates ➔ Cisco OSPF
- Configure the OSPF parameters based on the following:
o Template Name: BR-CSR-OSPF-VPN0
o Description: BR-CSR-OSPF-VPN0
Area Configuration
o Area Number ➔ Global: 0
o Area Type ➔ Default
Interface Configuration
o Interface Name: GigabitEthernet3
o OSPF Network Type: Point-to-Point
- Click Add to add the Interface and Click Add to add OSPF.
- Click Save to save the Template.

202
Download PNETLab Platform
PNETLAB Store
PNETLab.com

VPN 512
Task 1 – Configure a VPN Template to be used by CSR for VPN 512
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ Cisco
VPN
- Configure the VPN parameters based on the following:
- o Template Name : BR-CSR-VPN-VPN512
- o Description : BR-CSR-VPN-VPN512
- Basic Configuration
- o VPN ➔ Global : 512
- o Name ➔ Global : MGMT VPN
- Click Save to save the Template.

203
Download PNETLab Platform
PNETLAB Store
PNETLab.com

204
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 512 for Interface
GigabitEthernet4
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ Cisco
VPN Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name : BR-CSR-VPNINT-VPN512-G4
o Description : BR-CSR-VPNINT-VPN512-G4
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: GigabitEthernet4
o IPv4 Address ➔ Dynamic
- Click Save to save the Template

205
Download PNETLab Platform
PNETLAB Store
PNETLab.com

206
Download PNETLab Platform
PNETLAB Store
PNETLab.com

VPN 1
Task 1 – Configure a VPN Template for CSR for VPN 1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ Cisco
VPN
- Configure the VPN parameters based on the following:
o Template Name : BR-CSR-VPN-VPN1
o Description : BR-CSR-VPN-VPN1
Basic Configuration
o VPN ➔ Global : 1
o Name ➔ Global : Data VPN
- Click Save to save the Template.

207
Download PNETLab Platform
PNETLAB Store
PNETLab.com

208
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 1 for Interface G2
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR ➔ VPN ➔ Cisco VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name : BR-CSR-VPNINT-VPN1-G2
o Description : BR-CSR-VPNINT-VPN1-G2
- Basic Configuration
o Shutdown ➔ Global : No
o Interface Name ➔ Global : GigabitEthernet2
o IPv4 Address ➔ Static -> Device Specific
- Click Save to save the Template.

209
Download PNETLab Platform
PNETLAB Store
PNETLab.com

210
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a OSPF Template to be used by CSR for VPN 1


- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ Other
Templates ➔ Cisco OSPF
- Configure the OSPF parameters based on the following:
o Template Name : BR-CSR-OSPF-VPN1
o Description : BR-CSR-OSPF-VPN1
Redistribution
o Protocol : OMP
Area Configuration
o Area Number ➔ Global : 0
o Area Type ➔ Default
Interface Configuration
o Interface Name: GigabitEthernet2
- Click Add to add the Interface and Click Add to add OSPF.
- Click Save to save the Template.

211
Download PNETLab Platform
PNETLAB Store
PNETLab.com

212
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 25 - Configuring Device Templates for CSR to deploy VPN 0, 1 and


512
Task 1 – Configure a Device Template for CSR Branch Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔
CSR1000v
- Configure the Device Template based on the following:
o Template Name : BR-CSR-TEMP
o Description : BR-CSR-TEMP
Basic Information
o System ➔ CE-System
Transport & Management
o VPN 0 : BR-CSR-VPN-VPN0
o VPN Interface : BR-CSR-VPNINT-VPN0-G1
o VPN Interface : BR-CSR-VPNINT-VPN0-G3
o OSPF : BR-CSR-OSPF-VPN0
o VPN 512 : BR-CSR-VPN-VPN512
o VPN Interface : BR-CSR-VPNINT-VPN512-G4
Service VPN
o VPN 1 : BR-CSR-VPN-VPN1
o VPN Interface : BR-CSR-VPNINT-VPN1-G2
o OSPF : BR-CSR-OSPF-VPN1
- Click Save to save the Template.

213
Download PNETLab Platform
PNETLAB Store
PNETLab.com

214
Download PNETLab Platform
PNETLAB Store
PNETLab.com

215
Download PNETLab Platform
PNETLAB Store
PNETLab.com

216
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Attach cEdge1 to the Device Template


- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRCSR-TEMP.
- Click on “…” towards the right-hand side.
- Click Attach Devices.
- Select cEdge1 and click the “➔“ button.
- Click Attach.

217
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure the Variable Parameters for the Feature Templates


- cEdge1 will appear in the window.
- Click on “…” towards the right-hand side.
- Click Edit Device Template.
- Configure the variables based on the following:
o Interface IP for GigabitEthernet3: 10.1.15.1/24
o Default Gateway for VPN0: 118.1.5.2
o Interface IP for GigabitEthernet2: 172.175.1.1/24
o Interface IP for GigabitEthernet1: 118.1.5.1/24
o Hostname: cEdge-1
o System IP: 118.1.5.25
o Site ID: 5
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.

218
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Verify the configuration on cEdge1. You can do that by verify OSPF Neighbor relationship with
the Internal Router by issuing the Show ip ospf neighbor command on cEdge1.
- Type Show Ip route on cEdge1 to verify that you are receiving OSPF routes from the MPLS
Router.
- Type Show Ip route on Internal Site Routers to verify that you are receiving OSPF routes from
the other Sites.
- Verify reachability between the sites by Pinging the Internal Loopback to Loopback networks.

219
Download PNETLab Platform
PNETLAB Store
PNETLab.com

220
Download PNETLab Platform
PNETLAB Store
PNETLab.com

221
Download PNETLab Platform
PNETLAB Store
PNETLab.com

222
Download PNETLab Platform
PNETLAB Store
PNETLab.com

223
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 26 - Configuring and Deploying Feature and Device Templates for


vSmart Controllers
Task 1 – Configure a VPN Template to be used by vSmart Controllers for VPN 0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vSmart ➔ VPN ➔ VPN
- Configure the VPN parameters based on the following:
o Template Name: vSmart-VPN-VPN0
o Description: vSmart-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global : Transport VPN
IPv4 Route
o Prefix ➔ Global: 0.0.0.0/0
o Next Hop ➔ Global: 100.1.1.1
- Click Save to save the Template.

224
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure a VPN Template to be used by vSmart Controllers for VPN 512
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vSmart ➔ VPN ➔ VPN
- Configure the VPN parameters based on the following:
o Template Name: vSmart -VPN-VPN512
o Description: vSmart -VPN-VPN512
Basic Configuration
o VPN ➔ Global : 512
o Name ➔ Global : MGMT VPN
- Click Save to save the Template.

225
Download PNETLab Platform
PNETLAB Store
PNETLab.com

226
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Configure a VPN Interface Template to be used by vSmart Controllers for VPN 0
for Interface Eth1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vSmart ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: vSmart-VPNINT-VPN0-E1
o Description: vSmart-VPNINT-VPN0-E1
Basic Configuration
o Shutdown ➔ Global : No
o Interface Name ➔ Global : eth1
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Inteface ➔ Global : On
o Color ➔ default
Allow Service
o All ➔ Global: On
o NETCONF ➔ Global: On
o SSH ➔ Global: On
- Click Save to save the Template.

227
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Configure a VPN Interface Template to be used vSmart Controllers for VPN 512
for Interface Eth0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vSmart ➔ VPN ➔ VPN
Interface Ethernet
- Configure the VPN parameters based on the following:
o Template Name: vSmart-VPNINT-VPN512-E0
o Description: vSmart-VPNINT-VPN512-E0
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: eth0
o IPv4 Address ➔ Static ➔ Device-Specific
- Click Save to save the Template

228
Download PNETLab Platform
PNETLAB Store
PNETLab.com

229
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5 – Configure a Device Template for vSmart Controllers.


- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vSmart
- Configure the Device Template based on the following:
o Template Name: vSmart-TEMP
o Description: vSmart-TEMP
Basic Information
o System ➔ Vsmart-System
Transport & Management
o VPN 0: vSmart-VPN-VPN0
o VPN Interface: vSmart-VPNINT-VPN0-E1
o VPN 512: vSmart-VPN-VPN512
o VPN Interface: vSmart-VPNINT-VPN512-E0
- Click Save to save the Template.

230
Download PNETLab Platform
PNETLAB Store
PNETLab.com

231
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6 – Attach vSmart to the Device Template


- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ vSmart-TEMP
- Click on “…” towards the right-hand side.
- Click Attach Devices.
- Select vSmart and click the “➔“ button.
- Click Attach.

Task 7 – Configure the Variable Parameters for the Feature Templates


- vSmart will appear in the window.
- Click on “…” towards the right-hand side.
- Click Edit Device Template.
- Configure the variables based on the following:
o Interface IP for Eth1: 100.1.1.3/24
o Interface IP for Eth0:192.168.1.2/24
o Hostname: vSmart-1
o System IP: 100.1.1.12
o Site ID: 1
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.

232
Download PNETLab Platform
PNETLAB Store
PNETLab.com

233
Download PNETLab Platform
PNETLAB Store
PNETLab.com

234
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 27 - Configuring Application Aware Policies using Telnet and Web


Requirements:

- Dubai (Site-2) & Hongkong (Site-3) Sites should use the MPLS Transport for Telnet
- Traffic and the Biz-Internet Transport for Web Traffic.
- Telnet Should have a SLA based on the following:
o Loss – 5%
o Latency – 200
o Jitter – 100ms
- Web Should have a SLA based on the following:
o Loss – 10%
o Latency – 500
o Jitter – 100ms
- Create the Sites for Dubai and Hongkong.
- Create the VPN for VPN ID 1.

Task 1 – Configure Groups of Interests/List that will be used for Telnet & Web Application
Aware Routing (AAR) Policy
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Lists.
- Click SLA Class and select New SLA Class list. Create 2 policies based on the following:
o Name: SLA-Telnet
o Loss: 30% (because in lab, packet lost is high)
o Latency: 200
o Jitter: 100ms
o Name: SLA-Web
o Loss: 40% (because in lab, packet lost is high)
o Latency: 500
o Jitter: 100ms
- Click VPN and select New VPN list. Create 1 policy based on the following:
o Name: VPN1
o ID: 1
- Click Site and select New Site list. Create 2 policies based on the following:
o Name: Dubai
o Site ID: 2
o Name: Hongkong
o Site ID: 3

235
Download PNETLab Platform
PNETLAB Store
PNETLab.com

236
Download PNETLab Platform
PNETLAB Store
PNETLab.com

237
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure an AAR policy based on the Requirements


- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Traffic Policy.
- Configure 2 App Routes based on the following:
o Policy Name: TELNET-WEB-Policy
o Description: TELNET-WEB-Policy
Telnet Sequence
Match Conditions:
o Protocol: 6
o Port: 23
Action
o SLA Class List: SLA-Telnet
o Color: mpls
o Backup Preferred Color: biz-internet
o Click Save Match and Actions to save the Sequence.
Web Sequence
Match Conditions:
o Protocol: 6
o Port: 80
Action
o SLA Class List: SLA-Web

238
Download PNETLab Platform
PNETLAB Store
PNETLab.com

o Color : biz-internet
o Backup Preferred Color: mpls
o Click Save Match and Actions to save the Sequence.
o Save the Policy.

239
Download PNETLab Platform
PNETLAB Store
PNETLab.com

240
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Create a Centralized Policy and call the Traffic Policy


- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Add Centralized Policy
- Click Next on the “Group of Interests” page as we have already created the required lists.
- Click Next on the “Topology and VPN Membership” page as we are not using any Control
Policies.
- Click Add Policy on the “Configure Traffic Rules” page.
- Click “Import Existing” and select the TELNET-WEB-POLICY from the drop-down list and click
Import.
- Click Next to move to the “Apply Policy to Sites and VPNs” Page.
- Click the “Appliacation-Aware Policy” tab.
- The TELNET-WEB-Policy will be there. Click “New Site List and VPN List” button.
- Select Dubai and Hongkong in the Site List.
- Select VPN1 in the Site List.
- Click Add.
- Assign the Policy a name and Desription based on the following:
o Policy Name: Main-Central-Policy
o Description: Main-Central-Policy
- Click the Save Policy button towards the button.
- Activate the policy.
- Wait for it to push the policy to the reachable vSmart Controller(s).

241
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Verify the policy by using the Monitor ➔ Network ➔ vEdge3 ➔ Troubleshooting ➔ Simulate
Flows Tool.
- Telnet from Dubai or Hongkong should only use the mpls transport.
- Web from Dubai or Hongkong should only use the biz-internet transport.
- Normal Ping from Dubai or Hongkong should use both the Transports.

242
Download PNETLab Platform
PNETLAB Store
PNETLab.com

243
Download PNETLab Platform
PNETLAB Store
PNETLab.com

244
Download PNETLab Platform
PNETLAB Store
PNETLab.com

245
Download PNETLab Platform
PNETLAB Store
PNETLab.com

246
Download PNETLab Platform
PNETLAB Store
PNETLab.com

247
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 28 - Manipulating Traffic flow using TLOCs


Requirements:

- Paris should only the MPLS TLOC as the preferred color while communicating to Dubai. The
Internet TLOC should be backup TLOC.

Task 1 – Configure Groups of Interests/List that will be used for Traffic Engineering Policy
for DUBAI
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Lists.
- Click TLOCs and select New TLOC list. Create a policy based on the following:
o Name: DB-TLOC-MPLS-INT
o TLOC#1:
▪ IP Address: 118.1.2.22
▪ Color: MPLS
▪ Encapsulation: IPSec
▪ Preference: 300
o TLOC#2:
▪ IP Address: 118.1.2.22
▪ Color: Biz-internet
▪ Encapsulation: IPSec
▪ Preference: 200

248
Download PNETLab Platform
PNETLAB Store
PNETLab.com

249
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure Control/Topology policy based on the Requirements


- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Topology.
- Configure 1 Route Policy based on the following:
o o Policy Name : DB-MPLS-INT
o o Description : DB-MPLS-INT
Route Sequence
Match Conditions:
o Site List: Dubai
o VPN List: VPN1
Action
o TLOC/TLOC List: DB-MPLS-INT
o Click Save Match and Actions to save the Sequence.
Default Sequence
Action
o Accept
o Click Save Match and Actions to save the Sequence.
o Save the Policy

250
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology
Policy
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Lists ➔ Site
- Create new site list Paris with site id 4.

251
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔


Main-Central-Policy ➔ Click “…” ➔ Edit.
- Click Topology on the Top of the page.
- Click Add Topology.
- Click “Import Existing” and select the DB-MPLS-INT from the dropdown list and click Import.
- Click Policy Application on the Top of the page.
- Click the “Topology” tab.
- The DB-MPLS-INT -Policy will be there. Click “New Site” button.
- Select Paris in the Outbound Site List.
- Click Add.
- Click the Save Policy button towards the button.
- Activate the policy.
- Wait for it to push the policy to the reachable vSmart Controller(s).
- Verify by using the Show IP route vpn 1 command on the Paris vEdge (vEdge4).
- It should only have 1 TLOC for Dubai routes (118.1.2.22– MPLS), whereas it will have 2 TLOCs for
Hongkong (118.1.3.23-MPLS, 118.1.3.23-Biz-Internet).

252
Download PNETLab Platform
PNETLAB Store
PNETLab.com

253
Download PNETLab Platform
PNETLAB Store
PNETLab.com

254
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 29 - Configuring Route Filtering


Requirements:

- The 172.16.234.2/32, 172.16.234.3/24 & 172.16.234.4/24 should not be propagated to the


Newyork Site (Site 1).

Task 1 – Configure Groups of Interests/List that will be used for Route Filtering Policy for
Newyork
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Lists.
- Click Prefix and select New Prefix list. Create a policy based on the following:
o Name: PL-234
o Prefix List Entry: 192.168.234.0/24 le 32
- Click Site and select New Site list. Create a policy based on the following:
o Name : Newyork
o Site ID : 1

255
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2 – Configure Control/Topology policy based on the Requirements


- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Topology.
- Configure 1 Route Policy based on the following:
o Policy Name : PREF-234-NOT-2-NY
o Description : PREF-234-NOT-2-NY
Route Sequence
Match Conditions:
o Prefix List: PL-234
Action: Reject
o Click Save Match and Actions to save the Sequence.
Default Sequence
Action
o Accept
o Click Save Match and Actions to save the Sequence.
o Save the Policy

256
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology
Policy
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Main-Central-Policy ➔ Click “…” ➔ Edit.
- Click Topology on the Top of the page.
- Click Add Topology.
- Click “Import Existing” and select the PREF-234-NOT-2-NY from the drop-down list and click
Import.
- Click Policy Application on the Top of the page.
- Click the “Topology” tab.
- The PREF-234-NOT-2-NY will be there. Click “New Site” button.
- Select Newyork in the Outbound Site List.
- Click Add.
- Click the Save Policy button towards the button.
- Activate the policy.
- Wait for it to push the policy to the reachable vSmart Controller(s).
- Verify by using the Show IP route vpn 1 command on the Newyork vEdge (vEdge1).
- It should all the routes from the Branches except the 192.168.234.X/32routes.
- These routes should be present in the vEdge2, vEdge3 and vEdge4 routers. You can use the
Show IP route vpn 1 command to verify.

257
Download PNETLab Platform
PNETLAB Store
PNETLab.com

258
Download PNETLab Platform
PNETLAB Store
PNETLab.com

259
Download PNETLab Platform
PNETLAB Store
PNETLab.com

260

You might also like