Lab 1: SDWAN Device Bring Up
Lab 1: SDWAN Device Bring Up
LAB Topology:
This Lab was developed on Cisco SD-WAN cloud routers and controllers running on software version 19.3.0 and IOS Routers running on version 15.0.
Task 1: Initial Configuration of vManage:
Step 1: Configure vManage with overlay and underlay parameters.
viptela 19.3.0 vmanage login: admin Password: Welcome to Viptela CLI admin connected from 127.0.0.1 using console on vmanage vmanage# conf Entering configuration mode terminal vmanage(config)# system vmanage(config-system)# system-ip 123.123.123.123 vmanage(config-system)# site-id 123 vmanage(config-system)# organization-name "rstforum" vmanage(config-system)# vbond 200.0.3.200 vmanage(config-system)# vpn 0 vmanage(config-vpn-0)# no interface eth0 vmanage(config-vpn-0)# interface eth1 vmanage(config-interface-eth1)# ip add 200.0.5.123/24 vmanage(config-interface-eth1)# tunnel-interface vmanage(config-tunnel-interface)# exit vmanage(config-interface-eth1)# no shut vmanage(config-interface-eth1)# ip route 0.0.0.0/0 200.0.5.10 vmanage(config-vpn-0)# vpn 512 vmanage(config-vpn-512)# interface eth0 vmanage(config-interface-eth0)# ip add 10.0.0.123/24 vmanage(config-interface-eth0)# no shut vmanage(config-interface-eth0)# commit and-quit Commit complete. vmanage#
Step 2: Configure vManage to act as Certificate Authority. Start by taking shell access of vManage console and start by generating key pair using rsa algorithm.
vmanage# vmanage# vshell vmanage:~$ openssl genrsa -out ROOTCA.key 2048 Generating RSA private key, 2048 bit long modulus …………….. …………………… e is 65537 (0x10001) vmanage:~$
Step 3: Generate a root certificate with a validity of 2000 days. This certificate will be the CA’s certificate that will be used across SD-WAN overlay network to authenticate the overlay devices i.e. vManage, vSmart, vEdge and vBond.
vmanage:~$ vmanage:~$ openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=IN/ST=MH/L=MH/O=rstforum/CN=vmanage.lab" -out ROOTCA.pem vmanage:~$
Step 4: The previous step must have generated a CA’s certificate “ROOTCA.pem”. Now in this step we will copy the content of the “ROOTCA.pem” and the paste it onto the GUI of the vManage. Which can then be used by vManage to verify itself and other devices on the overlay network.
vmanage:~$ vmanage:~$ cat ROOTCA.pem -----BEGIN CERTIFICATE----- BAYTAklOMQswCQYDVQQIDAJNSDELMAkGA1UEBwwCTUgxETAPBgNVBAoMCHJzdGZv cnVtMRQwEgYDVQQDDAt2bWFuYWdlLmxhYjAeFw0yMDEwMDMxODIwMThaFw0yNjAz MjYxODIwMThaMFAxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJNSDELMAkGA1UEBwwC Fp1Ie20VAESdluqFQFQorPFCbz+yCwkAkDM2EryEnirrE2t+XRpbb5NhPp/pFOGq DM7CY1sa/KvdQatMpr/UiQfE50zmY/jHt+Hlx2zP88rwszC2CfIWFnE+JYWR6t8j moipdTDi4TZCKQ8agnfpV1G9O5cE+MIK3L2594ksuNqueks6HKyMRL+MGsRRYwgr g6xcYtqhZykwzSfa/B4JbLtB9+EmqIAQiy/WGDf3MPEZ6OoN6C/tfJTAeNWaxKSY TBGW6Z7ixWFe9pqbyXElX6xax9c0IPbaoZXVNtvkpOKD5aHEuoXbNicEz70CAwEA AaNQME4wHQYDVR0OBBYEFHNys9HMNVZp2xnyYmo0WUq4D7iaMB8GA1UdIwQYMBaA FHNys9HMNVZp2xnyYmo0WUq4D7iaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBAHaKBf9H1oYQ74lDY7EQoInaT+fllDSkcPsb4rn8Xvszw6BgLlU/ifHy tLIuqtB9bc1OhZyY+Apfa79uv/e3tBEpwpICVEA91Cy4UUbqunFdyUHKb1opdZQ8 D48aegW9Wkhv0D6qZt2upA1TEmW0RfAKeu+P5PuFFtwO5e9hs48aGgjay726Q/x9 rdQoW73NZnYIjutKygupqB4mjSyo0YrdzmrsxV9wWdzwZUpvbfdHWawp8ee+bc+k -----END CERTIFICATE----- vmanage:~$
Step 5: After Copying the content from the previous step, now we will paste these contents inside vManage GUI. Navigate to vManage GUI Portal, Administration > Settings >.
Add organization name “rstforum”, vbond ip “200.0.3.200” and Edit Controller Certificate Authorization and select “Enterprise” and then paste all the content copied from Step 4 and then click and import.
Step 6: Now navigate to Configuration > Certificate > Controllers > vManage > . . . > Generate CSR.
Now navigate back to vshell and sign the CSR.
vmanage:~$ openssl x509 -req -in vmanage_csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vmanage.crt -days 2000 -sha256 Signature ok subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vmanage-04af6304-7935-433f-aac1-5b2afd9d883e-2.viptela.com/emailAddress=support@viptela.com Getting CA Private Key vmanage:~$ vmanage:~$ cat vmanage.crt -----BEGIN CERTIFICATE----- MBIGA1UEAwwLdm1hbmFnZS5sYWIwHhcNMjAxMDAzMTg0NTI0WhcNMjYwMzI2MTg0 NTI0WjCBxzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs YSBMTEMxQzBBBgNVBAMTOnZtYW5hZ2UtMDRhZjYzMDQtNzkzNS00MzNmLWFhYzEt NWIyYWZkOWQ4ODNlLTIudmlwdGVsYS5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHBv cnRAdmlwdGVsYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh 17RYfiQOyU6C3kjmC+D7f8vTD0zDLOa+7d+GWI2t+3adtDnhrUXbt+VL0bIM3zVY YC96S9f0wWdQnqQz8xbXUzim4qf+CC6ceiQjHs4UiL1Rl8pAzYckAa1JWUrBINsd 6tuWP+iHustt8bsw3Ysxvc5XZId0D3kFUfGv8YFK8owloiAe1sU5Ev9aJZwXmmHt /7G2EfoN3o15xkaWoXNLjDsqHMQzlYt82KKHtBQ/yu9vddkq3OsrnG3YJaU90vRn XNn9m2TlMjFP9W5rr9KbBDTCctxCFlxQBPciZDk456M5TMwc3Saq9KYpqXikHosL cVSBhAd4eA6J8dDRswtvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFBr2xt+eNFn U8FS34fe48SQ25KqDLu7jiM3lvPBOm4rShvw6ivzeUXwic1j0q5aKf1YbUWrZCrZ jRv5mdoyHD0x/JS4zQT0FDy+XOPCfmc2VptGzSxlZ6QxH1svToJp1BjomS7fKUi1 SRtMibMcq0g= -----END CERTIFICATE----- vmanage:~$
Step 7: Now navigate to Configuration > Certificate > Controllers > Install Certificate. And paste the content from vshell here and hit INSTALL.
Task 2: Initial Configuration of vBond:
Step 1: Configure vBond with overlay and underlay parameters.
viptela 19.3.0 vedge login: admin Password: Welcome to Viptela CLI admin connected from 127.0.0.1 using console on vedge vedge# vedge# conf Entering configuration mode terminal vedge(config)# system vedge(config-system)# host-name vbond vedge(config-system)# system-ip 200.200.200.200 vedge(config-system)# site-id 123 vedge(config-system)# organization-name "rstforum" vedge(config-system)# vbond 200.0.3.200 local vbond-only vedge(config-system)# vpn 0 vedge(config-vpn-0)# interface ge0/0 vedge(config-interface-ge0/0)# no tunnel-interface vedge(config-interface-ge0/0)# ip add 200.0.3.200/24 vedge(config-interface-ge0/0)# no shut vedge(config-interface-ge0/0)# ip route 0.0.0.0/0 200.0.3.10 vedge(config-vpn-0)# vpn 512 vedge(config-vpn-512)# interface eth0 vedge(config-interface-eth0)# ip add 10.0.0.200/24 vedge(config-interface-eth0)# no shut vedge(config-interface-eth0)# commit and Commit complete. vbond#
Step 2: In this step we will add vBond controller to vManage GUI.
Go to Configuration > Devices > Controllers > Add Controllers > vBond.
vBond IP = 200.0.3.200, Username = admin, Password = admin and let the Generate CSR be ticked and click add.
Step 3: Navigate to Configuration > Certificates> Controllers> vBond> … > View CSR and copy all text from here.
Step 4: Now go back to vManage vshell and create a file name vbond.csr and copy the content in it and get this certificate signed by ROOT CA. Once signed, copy it.
vmanage:~$ vmanage:~$ vim vbond.csr -----BEGIN CERTIFICATE REQUEST----- OTFmMS0zMjMzNDNjZDRlOTYtMC52aXB0ZWxhLmNvbTEiMCAGCSqGSIb3DQEJARYT c3VwcG9ydEB2aXB0ZWxhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKEbGldxENwrMFqimTF8UAs/s1j+G4OvDdrTRtMa0CS/pcTSfDkjef1+auok oHJMn6GTHPJLttPE/YQIjh8M7MQR/6FU65F6T0pxAbs8oUYrpDKtq3GKRViGoBmj bLccznBHVFzVrbnDV6b3BqOKUahsgT/x6baqNSNNLqEdMUIA2zJh62pM5iZRLhOV xlKp2SD3etREnKC8w3Fufe3FAKlQqz07N8D01vMj11ELds78f4KdSvQufqQeDGO6 mb7ary70xEDP6V9aJq9wyAnbu6coToB23HrE/tO3YWRW/7Fy+2FmaPyTZ7qsh34t LKI9R4QdXmFVfVcexHk9UhfXkpkCAwEAAaA7MDkGCSqGSIb3DQEJDjEsMCowCQYD VR0TBAIwADAdBgNVHQ4EFgQUvOlE0jlaMHUA3l3LLdvx1xZws10wDQYJKoZIhvcN AQELBQADggEBABbjM3fz5tTCrLB3mBZyirW98D6jOcLwVdRO7Dc6/+DZ568mMzx9 47N0DOQaJyiarDvxSppHsfRzisWgl9SwfdFeWd9GVJmObiiY1pZ/khGlfyL8Q6Qw dP1IaBSTP0P4uRpVytrKMLuAPkiVIdNWFMpKWP5uiVUA1xz/iwW5FMkNJgHoB5Hn utoOw4RToA8pzvr2nmcRfedeDw0M/MUUF0RpjHpUuQ5vzohoKVa9+tSW0rtyoOuh -----END CERTIFICATE REQUEST----- ~ ~ ~ :wq! vmanage:~$ openssl x509 -req -in vbond.csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vbond.crt -days 2000 -sha256 Signature ok subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vbond-6b102286-ee19-4a19-91f1-323343cd4e96-0.viptela.com/emailAddress=support@viptela.com Getting CA Private Key vmanage:~$ cat vbond.crt -----BEGIN CERTIFICATE----- MzM1WjCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs MzM0M2NkNGU5Ni0wLnZpcHRlbGEuY29tMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0 QHZpcHRlbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRsa V3EQ3CswWqKZMXxQCz+zWP4bg68N2tNG0xrQJL+lxNJ8OSN5/X5q6iSgckyfoZMc 8ku208T9hAiOHwzsxBH/oVTrkXpPSnEBuzyhRiukMq2rcYpFWIagGaNstxzOcEdU XNWtucNXpvcGo4pRqGyBP/Hptqo1I00uoR0xQgDbMmHrakzmJlEuE5XGUqnZIPd6 1EScoLzDcW597cUAqVCrPTs3wPTW8yPXUQt2zvx/gp1K9C5+pB4MY7qZvtqvLvTE QM/pX1omr3DICdu7pyhOgHbcesT+07dhZFb/sXL7YWZo/JNnuqyHfi0soj1HhB1e YVV9Vx7EeT1SF9eSmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAHta+ZlUBGCPe GE0OZ9kvg1JMsCLWRF1yXN06t3H5L8Z4yIMchIA+xraU5UH6DC2fa65mPjjiXEOQ mAKMnJsOMfx1cHbxR6urieWJHkmirnBmJgjocyfalLeALYcnP6GAasbsaiv5WWl/ cgXqPzlYwiBqa2eBqhcIP9mVt3H+ipcrpv+hye2JPZhJ5RIdKZ4Bbn4NveMhOiuY -----END CERTIFICATE----- vmanage:~$
Step 5: Now Navigate to Configuration > Certificate > Controllers > Install Certificate and paste the copied content.
Step 6: Once we see successful prompt. Now we can go again to vBond console and enable the tunnel-interface on transport interface.
vbond# conf t Entering configuration mode terminal vbond(config)# vpn 0 vbond(config-vpn-0)# interface ge0/0 vbond(config-interface-ge0/0)# tunnel-interface vbond(config-tunnel-interface)# encapsulation ipsec vbond(config-tunnel-interface)# exit vbond(config-interface-ge0/0)# no shutdown vbond(config-interface-ge0/0)# commit and-quit Commit complete. vbond#
Task 3: Initial Configuration of vSmart:
Step 1: Configure vSmart with overlay and underlay parameters.
viptela 19.3.0 vsmart login: admin Password: Welcome to Viptela CLI admin connected from 127.0.0.1 using console on vsmart vsmart# vsmart# config Entering configuration mode terminal vsmart(config)# system vsmart(config-system)# system-ip 100.100.100.100 vsmart(config-system)# site-id 123 vsmart(config-system)# organization-name "rstforum" vsmart(config-system)# vbond 200.0.3.200 vsmart(config-system)# vpn 0 vsmart(config-vpn-0)# no interface eth0 vsmart(config-vpn-0)# interface eth1 vsmart(config-interface-eth1)# ip add 200.0.4.100/24 vsmart(config-interface-eth1)# no shut vsmart(config-interface-eth1)# ip route 0.0.0.0/0 200.0.4.10 vsmart(config-vpn-0)# vpn 512 vsmart(config-vpn-512)# interface eth0 vsmart(config-interface-eth0)# ip add 10.0.0.100/24 vsmart(config-interface-eth0)# no shut vsmart(config-interface-eth0)# commit and Commit complete. vsmart#
Step 2: Navigate to Configuration > Devices > Controllers > Add Controllers > vSmart
add details vSmart IP = 200.0.4.100 Username=admin Password=admin and let the Generate CSR be ticked and click add.
Step 3: Now Navigate to Configuration > Certificates> Controllers> vSmart> … > View CSR and copy all text from here.
Step 4: Back to vManage vshell and create a file name “vsmart.csr” and follow the same process like that of vbond.
vmanage:~$ vim vsmart.csr -----BEGIN CERTIFICATE REQUEST----- MIIDRzCCAi8CAQAwgcYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MREwDwYDVQQHEwhTYW4gSm9zZTERMA8GA1UECxMIcnN0Zm9ydW0xFDASBgNVBAoT C1ZpcHRlbGEgTExDMUIwQAYDVQQDEzl2c21hcnQtNGQ4MzJlYjUtYjUwOC00OTBm LWE1Y2ItYzNhNzk3OTdjY2NhLTIudmlwdGVsYS5jb20xIjAgBgkqhkiG9w0BCQEW E3N1cHBvcnRAdmlwdGVsYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCpBWy/szv2CODFmi32VFonWFDnb4uVrM+ChjlLgMX0ree69bi2LeXCoTiy XxO0FppZJDb07eD6MZjQJTyHAZDAcAXSk/95rbJz4onoxZZCNZjmQ4EaVe0cfME2 I9ECMqU7xsgsrOtuvSfsbxq9oto0JfAVfEmWaAmyM/kfqfwmNw9+bkaCpro2Wxgu mpGTtlkpZCK3JB9Xoqy781OC29Qh/OtuuVSOYI0gcP8jpgBf1I7dKt2nZE+Bbx2U CvqesMrIR7zwEhsm/oSiM7JH+ZOI4o3uBtOAbBBddev5i8PKQtaQ18HOeJupHI03 f5xD0AKvNgDnBp+xf0Casv5jQ7fpAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMAkG A1UdEwQCMAAwHQYDVR0OBBYEFL7NGwP6bWdvpu4eRgqGbt9w2bwqMA0GCSqGSIb3 DQEBCwUAA4IBAQAFBu8JATAws5LGDG2lvvGzmSQ2iATFcHakFiAEQK3tguHIj93z Ls+qq0vGTJbslYK/QThw/RN6pnGPIqpBsMuNy6MtBfoWyOxUX0LIywx3k5CWCY0o lG6XJYFlZPp4DUMUVb5ncGOPgeEF5WqLhxm2oQvVZzde1FY8sZvZebdzlXz3ojma 6VLacVL6t8BVGHHbcJCZQK0katG1CsqtrE+uF3d4vqJpIhk1mk4IPqjvrxCjz3Uf 0CCYTmAtG9nj/lPT5nvPcF883i/UgexZuOf388GmY7ps9JaPK6ETE0nJvIbXtuz4 QTlfDHvQs9vfpN5tgn4HmKccCSr4nmIQZx5U Wq!
Step 5: Now we will sign the smart’s csr using CA’s key. And then paste it back to vManage GUI.
vmanage:~$ openssl x509 -req -in vsmart.csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vsmart.crt -days 2000 -sha256 Signature ok subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vsmart-4d832eb5-b508-490f-a5cb-c3a79797ccca-2.viptela.com/emailAddress=support@viptela.com Getting CA Private Key vmanage:~$ cat vsmart.crt -----BEGIN CERTIFICATE----- NDEwWjCBxjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs YSBMTEMxQjBABgNVBAMTOXZzbWFydC00ZDgzMmViNS1iNTA4LTQ5MGYtYTVjYi1j M2E3OTc5N2NjY2EtMi52aXB0ZWxhLmNvbTEiMCAGCSqGSIb3DQEJARYTc3VwcG9y dEB2aXB0ZWxhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkF bL+zO/YI4MWaLfZUWidYUOdvi5Wsz4KGOUuAxfSt57r1uLYt5cKhOLJfE7QWmlkk NvTt4PoxmNAlPIcBkMBwBdKT/3mtsnPiiejFlkI1mOZDgRpV7Rx8wTYj0QIypTvG yCys6269J+xvGr2i2jQl8BV8SZZoCbIz+R+p/CY3D35uRoKmujZbGC6akZO2WSlk IrckH1eirLvzU4Lb1CH86265VI5gjSBw/yOmAF/Ujt0q3adkT4FvHZQK+p6wyshH vPASGyb+hKIzskf5k4jije4G04BsEF116/mLw8pC1pDXwc54m6kcjTd/nEPQAq82 AOcGn7F/QJqy/mNDt+kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAXYVtugeo6FjR -----END CERTIFICATE----- vmanage:~$
Step 6: Copy the content from ‘vsmart.crt’. Now navigate to Configuration > Certificate > Controllers > install certificate and paste the content.
Step 7: Once we get successful message. Now we will go and enable the tunnel-interface on the transport interface.
vsmart# config Entering configuration mode terminal vsmart(config)# vpn 0 vsmart(config-vpn-0)# interface eth1 vsmart(config-interface-eth1)# tunnel-interface vsmart(config-tunnel-interface)# exit vsmart(config-interface-eth1)# no shutdown vsmart(config-interface-eth1)# commit and-quit Commit complete. vsmart#
Step 8: Verify the connections from vManage Dashboard
Task 4: Initial Configuration of vEdge Routers:
Step 1: Configure vEdge with overlay and underlay parameters. Similar Configuration with different IP addresses is to be done on all the other vEdge routes (refer LAB Topology).
viptela 19.3.0 vedge login: admin Password: Welcome to Viptela CLI admin connected from 127.0.0.1 using console on vedge vedge# config Entering configuration mode terminal vedge(config)# system vedge(config-system)# system-ip 150.0.0.1 vedge(config-system)# site-id 1 vedge(config-system)# organization-name "rstforum" vedge(config-system)# vbond 200.0.3.200 vedge(config-system)# vpn 0 vedge(config-vpn-0)# no interface ge0/1 vedge(config-vpn-0)# interface ge0/0 vedge(config-interface-ge0/0)# ip add 200.0.0.1/24 vedge(config-interface-ge0/0)# no shut vedge(config-interface-ge0/0)# tunnel-interface vedge(config-tunnel-interface)# encapsulation ipsec vedge(config-tunnel-interface)# allow-service all vedge(config-tunnel-interface)# no shut vedge(config-tunnel-interface)# ip route 0.0.0.0/0 200.0.0.10 vedge(config-vpn-0)# vpn 1 vedge(config-vpn-1)# interface ge0/1 vedge(config-interface-ge0/1)# ip add 100.0.0.10/24 vedge(config-interface-ge0/1)# no shut vedge(config-interface-ge0/1)# vpn 512 vedge(config-vpn-512)# interface eth0 vedge(config-interface-eth0)# ip add 10.0.0.11/24 vedge(config-interface-eth0)# no shut vedge(config-interface-eth0)# commit and Commit complete. vedge#
Step 2: Navigate to Configuration > Devices > Upload WAN Edge List
now Upload the serial file acquired from Cisco Smart account Portal and check the box “Validate the uploaded vEdge list ….”
Step 3: Now after success message Navigate to Configuration > Device > WAN Edge List > vEdge Cloud > … > Generate Bootstrap Configuration.
NOTE** if using KVM select Cloud-Init and For VMWare use Encoded String.
Step 4: Now Close the Generate Bootstrap Configuration Window and go to vEdge Console and download the ROOT CA certificate. This will install CA’s certificate in vEdge Router.
vedge# request root-cert-chain install vpn 512 scp://admin@10.0.0.123:/home/admin/ROOTCA.pem
Step 5: Now we will enrol the vEdge device with the same chassis-number and token number with was generated in vManage.
vedge# request vedge-cloud activate chassis-number 2d65e5a0-ffe4-ee4e-XXXX-XXXXXXXXXX token a38892fd6310f07c5XXXXXXXXXXXX
Step 6: The above step should be repeated for vEdge 2 and vEdge 3. Once configuration is done on all the three vEdge Routers, then we can verify all the devices on vManage Dashboard.
Step 7: Some verification commands for SD-WAN.
vedge# show ip route Codes Proto-sub-type: IA -> ospf-intra-area, IE -> ospf-inter-area, E1 -> ospf-external1, E2 -> ospf-external2, N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2, e -> bgp-external, i -> bgp-internal Codes Status flags: F -> fib, S -> selected, I -> inactive, B -> blackhole, R -> recursive PROTOCOL NEXTHOP NEXTHOP NEXTHOP VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS --------------------------------------------------------------------------------------------------------------------------------------------- 0 150.0.0.1/32 connected - system - - - - - F,S 0 200.0.0.0/24 connected - ge0/0 - - - - - F,S 1 100.0.0.0/24 connected - ge0/1 - - - - - F,S 512 10.0.0.0/24 connected - eth0 - - - - - F,S vedge# show interface | tab IF IF IF TCP AF ADMIN OPER TRACKER ENCAP SPEED MSS RX TX VPN INTERFACE TYPE IP ADDRESS STATUS STATUS STATUS TYPE PORT TYPE MTU HWADDR MBPS DUPLEX ADJUST UPTIME PACKETS PACKETS ---------------------------------------------------------------------------------------------- 0 ge0/0 ipv4 200.0.0.1/24 Up Up NA null transport 1500 00:0c:29:a5:b7:d6 1000 full 1416 0:01:46:24 1 939 0 system ipv4 150.0.0.1/32 Up Up NA null loopback 1500 00:00:00:00:00:00 0 full 1416 0:00:12:35 0 0 1 ge0/1 ipv4 100.0.0.10/24 Up Up NA null service 1500 00:0c:29:a5:b7:e0 1000 full 1416 0:00:12:29 2 7 512 eth0 ipv4 10.0.0.11/24 Up Up NA null service 1500 00:0c:29:a5:b7:cc 0 full 0 0:01:46:23 3058 811