***********************************************************************************

***********************************************************************************
*********************************
system
host-name vSmart
system-ip 10.100.0.12
site-id 100
organization-name "viptela sdwan"
vbond 223.1.1.11
!
vpn 0
interface eth0
ip address 223.1.1.12/24
tunnel-interface
allow-service all
!
vpn 0
ip route 0.0.0.0/0 223.1.1.1
!
request root-cert-chain uninstall
!
request download http://admin:[email protected]/PKI.ca
!
request root-cert-chain install /home/admin/PKI.ca
!
Once above is done, please login into GUI of Vmanage
Dashboard on left hand side
1) Select Administration --> Setting--> Organization Name---> VBond Address ---->
Controller Certificate Authorization--->Enterprise Root CA

Go to LAB_CA
Global config mode-- crypto pki export PKI pem terminal

Copy paste root Cert from IOS CA server to Vmanage

Tick Set CSR Properties

Domain name- lab.local

Organization Unit and Organization - viptela sdwan
City, state, Email, Country
Validity- 3 years

Click on Import and Save

Now Go to Configuration--> Certiicates--> controller---> Right hand side--->

Generate CSR
Take this CSR to IOS CA and get it signed

LAB_CA#crypto pki server PKI request pkcs10 terminal

With this command we will get the certiifcate of Vmanage signed by CA server and
get it added to Vamange under install certificate option.

Now Move to VBond

vBond# request root-cert-chain uninstall

Successfully uninstalled the root certificate chain
vBond# request download http://admin:[email protected]/PKI.ca
--2021-09-28 12:06:13-- http://admin:*password*@223.1.1.13/PKI.ca
Connecting to 223.1.1.13:80... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authentication selected: Basic realm="level_15 or view_access"
Connecting to 223.1.1.13:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1131 (1.1K)
Saving to: 'PKI.ca'

PKI.ca 100%[===================>] 1.10K --.-KB/s in 0s

2021-09-28 12:06:14 (31.8 MB/s) - 'PKI.ca' saved [1131/1131]

vBond# request root-cert-chain install home/admin/PKI.ca

Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/PKI.ca via VPN 0
Installing the new root certificate chain
Installing the new root certificate chain
Successfully installed the root certificate chain

Now go to configuration ----> devices--->controller---> Add controller --->Vbond

Certificates---> Controller--> VBond--> Generate CSR ---->

Get this cert signed by CA

VBond will be added to Vmanage

show orchestrator connection is the command to validate the control connection

VSmart
vSmart# show running-config system
system
host-name vSmart
system-ip 10.100.0.12
site-id 100
admin-tech-on-failure
organization-name "viptela sdwan"
vbond 223.1.1.11

Repeat all steps of Vbond to Vsmart and get it added to Vmanage.

request nms all status

This command flavours will help you stop and start different services on Vmanage
***********************************************************************************
***********************************************************************************
****************************
CA Server config

Command Set On LAB_CA

crypto key generate rsa label PKI modulus 2048

ip ssh version 2
ip http server

crypto pki server PKI

database url unix:
database level complete
issuer-name cn=root.ca.lab.local
hash sha256
database archive pkcs12 password cisco123
grant auto
no shutdown
!
crypto pki export PKI pem url unix:
!
tftp-server unix:PKI.ca
ip http server
ip http path unix:
ip http authentication local
username admin privilege 15 password cisco

***********************************************************************************
***********************************************************************************
*************************************