SD-WAN Lab 1: SD-WAN Device Bring Up

SD-WAN Device Bring Up

In Lab 1: SD-WAN Device Bring Up, participants typically focus on the initial deployment and configuration of SD-WAN (Software-Defined Wide Area Network) devices. This lab involves bringing up SD-WAN devices, which could be edge routers or appliances, and connecting them to the SD-WAN fabric. Participants may perform tasks such as provisioning device interfaces, establishing connectivity with the SD-WAN controller, and configuring basic parameters like IP addresses and routing protocols. The lab often includes the verification of device connectivity, ensuring that the SD-WAN devices are successfully integrated into the overall network infrastructure. Through Lab 1, participants gain hands-on experience in the foundational steps of deploying SD-WAN, setting the stage for more advanced configurations and optimizations in subsequent labs.

Lab:

LAB Topology:

This Lab was developed on Cisco SD-WAN cloud routers and controllers running on software version 19.3.0 and IOS Routers running on version 15.0.

Task 1: Initial Configuration of vManage:

Step 1: Configure vManage with overlay and underlay parameters.

viptela 19.3.0

vmanage login: admin
Password:
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vmanage
vmanage# conf
Entering configuration mode terminal
vmanage(config)# system
vmanage(config-system)# system-ip 123.123.123.123
vmanage(config-system)# site-id 123
vmanage(config-system)# organization-name "rstforum"
vmanage(config-system)# vbond 200.0.3.200
vmanage(config-system)# vpn 0
vmanage(config-vpn-0)# no interface eth0
vmanage(config-vpn-0)# interface eth1
vmanage(config-interface-eth1)# ip add 200.0.5.123/24
vmanage(config-interface-eth1)# tunnel-interface
vmanage(config-tunnel-interface)# exit
vmanage(config-interface-eth1)# no shut
vmanage(config-interface-eth1)# ip route 0.0.0.0/0 200.0.5.10
vmanage(config-vpn-0)# vpn 512
vmanage(config-vpn-512)# interface eth0
vmanage(config-interface-eth0)# ip add 10.0.0.123/24
vmanage(config-interface-eth0)# no shut
vmanage(config-interface-eth0)# commit and-quit
Commit complete.
vmanage#

Step 2:Configure vManage to act as Certificate Authority. Start by taking shell access of vManage console and start by generating key pair using rsa algorithm.**

vmanage#
vmanage# vshell
vmanage:~$ openssl genrsa -out ROOTCA.key 2048
Generating RSA private key, 2048 bit long modulus
……………..
……………………
e is 65537 (0x10001)
vmanage:~$

Step 3:Generate a root certificate with a validity of 2000 days. This certificate will be the CA’s certificate that will be used across SD-WAN overlay network to authenticate the overlay devices i.e. vManage, vSmart, vEdge and vBond.

vmanage:~$
vmanage:~$ openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=IN/ST=MH/L=MH/O=rstforum/CN=vmanage.lab" -out ROOTCA.pem
vmanage:~$

Step 4:The previous step must have generated a CA’s certificate “ROOTCA.pem”. Now in this step we will copy the content of the “ROOTCA.pem” and the paste it onto the GUI of the vManage. Which can then be used by vManage to verify itself and other devices on the overlay network.

vmanage:~$
vmanage:~$ cat ROOTCA.pem
-----BEGIN CERTIFICATE-----
BAYTAklOMQswCQYDVQQIDAJNSDELMAkGA1UEBwwCTUgxETAPBgNVBAoMCHJzdGZv
cnVtMRQwEgYDVQQDDAt2bWFuYWdlLmxhYjAeFw0yMDEwMDMxODIwMThaFw0yNjAz
MjYxODIwMThaMFAxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJNSDELMAkGA1UEBwwC
Fp1Ie20VAESdluqFQFQorPFCbz+yCwkAkDM2EryEnirrE2t+XRpbb5NhPp/pFOGq
DM7CY1sa/KvdQatMpr/UiQfE50zmY/jHt+Hlx2zP88rwszC2CfIWFnE+JYWR6t8j
moipdTDi4TZCKQ8agnfpV1G9O5cE+MIK3L2594ksuNqueks6HKyMRL+MGsRRYwgr
g6xcYtqhZykwzSfa/B4JbLtB9+EmqIAQiy/WGDf3MPEZ6OoN6C/tfJTAeNWaxKSY
TBGW6Z7ixWFe9pqbyXElX6xax9c0IPbaoZXVNtvkpOKD5aHEuoXbNicEz70CAwEA
AaNQME4wHQYDVR0OBBYEFHNys9HMNVZp2xnyYmo0WUq4D7iaMB8GA1UdIwQYMBaA
FHNys9HMNVZp2xnyYmo0WUq4D7iaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAHaKBf9H1oYQ74lDY7EQoInaT+fllDSkcPsb4rn8Xvszw6BgLlU/ifHy
tLIuqtB9bc1OhZyY+Apfa79uv/e3tBEpwpICVEA91Cy4UUbqunFdyUHKb1opdZQ8
D48aegW9Wkhv0D6qZt2upA1TEmW0RfAKeu+P5PuFFtwO5e9hs48aGgjay726Q/x9
rdQoW73NZnYIjutKygupqB4mjSyo0YrdzmrsxV9wWdzwZUpvbfdHWawp8ee+bc+k
-----END CERTIFICATE-----
vmanage:~$

Step 5:After Copying the content from the previous step, now we will paste these contents inside vManage GUI. Navigate to vManage GUI Portal, Administration > Settings >.

Add organization name “rstforum”, vbond ip “200.0.3.200” and Edit Controller Certificate Authorization and select “Enterprise” and then paste all the content copied from Step 4 and then click and import.

Step 6: Now navigate to Configuration > Certificate > Controllers > vManage > . . . > Generate CSR.

Now navigate back to vshell and sign the CSR.

vmanage:~$ openssl x509 -req -in vmanage\_csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vmanage.crt -days 2000 -sha256
Signature ok
subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vmanage-04af6304-7935-433f-aac1-5b2afd9d883e-2.viptela.com/emailAddress=support@viptela.com
Getting CA Private Key
vmanage:~$
vmanage:~$ cat vmanage.crt
-----BEGIN CERTIFICATE-----
MBIGA1UEAwwLdm1hbmFnZS5sYWIwHhcNMjAxMDAzMTg0NTI0WhcNMjYwMzI2MTg0
NTI0WjCBxzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV
BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs
YSBMTEMxQzBBBgNVBAMTOnZtYW5hZ2UtMDRhZjYzMDQtNzkzNS00MzNmLWFhYzEt
NWIyYWZkOWQ4ODNlLTIudmlwdGVsYS5jb20xIjAgBgkqhkiG9w0BCQEWE3N1cHBv
cnRAdmlwdGVsYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh
17RYfiQOyU6C3kjmC+D7f8vTD0zDLOa+7d+GWI2t+3adtDnhrUXbt+VL0bIM3zVY
YC96S9f0wWdQnqQz8xbXUzim4qf+CC6ceiQjHs4UiL1Rl8pAzYckAa1JWUrBINsd
6tuWP+iHustt8bsw3Ysxvc5XZId0D3kFUfGv8YFK8owloiAe1sU5Ev9aJZwXmmHt
/7G2EfoN3o15xkaWoXNLjDsqHMQzlYt82KKHtBQ/yu9vddkq3OsrnG3YJaU90vRn
XNn9m2TlMjFP9W5rr9KbBDTCctxCFlxQBPciZDk456M5TMwc3Saq9KYpqXikHosL
cVSBhAd4eA6J8dDRswtvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFBr2xt+eNFn
U8FS34fe48SQ25KqDLu7jiM3lvPBOm4rShvw6ivzeUXwic1j0q5aKf1YbUWrZCrZ
jRv5mdoyHD0x/JS4zQT0FDy+XOPCfmc2VptGzSxlZ6QxH1svToJp1BjomS7fKUi1
SRtMibMcq0g=
-----END CERTIFICATE-----
vmanage:~$

Step 7: Now navigate to Configuration > Certificate > Controllers > Install Certificate. And paste the content from vshell here and hit INSTALL.

Task 2: Initial Configuration of vBond:

Step 1:Configure vBond with overlay and underlay parameters.

viptela 19.3.0
vedge login: admin
Password:
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vedge
vedge#
vedge# conf
Entering configuration mode terminal
vedge(config)# system
vedge(config-system)# host-name vbond
vedge(config-system)# system-ip 200.200.200.200
vedge(config-system)# site-id 123
vedge(config-system)# organization-name "rstforum"
vedge(config-system)# vbond 200.0.3.200 local vbond-only
vedge(config-system)# vpn 0
vedge(config-vpn-0)# interface ge0/0
vedge(config-interface-ge0/0)# no tunnel-interface
vedge(config-interface-ge0/0)# ip add 200.0.3.200/24
vedge(config-interface-ge0/0)# no shut
vedge(config-interface-ge0/0)# ip route 0.0.0.0/0 200.0.3.10
vedge(config-vpn-0)# vpn 512
vedge(config-vpn-512)# interface eth0
vedge(config-interface-eth0)# ip add 10.0.0.200/24
vedge(config-interface-eth0)# no shut
vedge(config-interface-eth0)# commit and
Commit complete.
vbond#

Step 2: In this step we will add vBond controller to vManage GUI.

Go to Configuration > Devices > Controllers > Add Controllers > vBond.
vBond IP = 200.0.3.200, Username = admin, Password = admin and let the Generate CSR be ticked and click add.

Step 3: Navigate to Configuration > Certificates> Controllers> vBond> … > View CSR and copy all text from here.

Step 4: Now go back to vManage vshell and create a file name vbond.csr and copy the content in it and get this certificate signed by ROOT CA. Once signed, copy it.

vmanage:~$
vmanage:~$ vim vbond.csr
-----BEGIN CERTIFICATE REQUEST-----
OTFmMS0zMjMzNDNjZDRlOTYtMC52aXB0ZWxhLmNvbTEiMCAGCSqGSIb3DQEJARYT
c3VwcG9ydEB2aXB0ZWxhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKEbGldxENwrMFqimTF8UAs/s1j+G4OvDdrTRtMa0CS/pcTSfDkjef1+auok
oHJMn6GTHPJLttPE/YQIjh8M7MQR/6FU65F6T0pxAbs8oUYrpDKtq3GKRViGoBmj
bLccznBHVFzVrbnDV6b3BqOKUahsgT/x6baqNSNNLqEdMUIA2zJh62pM5iZRLhOV
xlKp2SD3etREnKC8w3Fufe3FAKlQqz07N8D01vMj11ELds78f4KdSvQufqQeDGO6
mb7ary70xEDP6V9aJq9wyAnbu6coToB23HrE/tO3YWRW/7Fy+2FmaPyTZ7qsh34t
LKI9R4QdXmFVfVcexHk9UhfXkpkCAwEAAaA7MDkGCSqGSIb3DQEJDjEsMCowCQYD
VR0TBAIwADAdBgNVHQ4EFgQUvOlE0jlaMHUA3l3LLdvx1xZws10wDQYJKoZIhvcN
AQELBQADggEBABbjM3fz5tTCrLB3mBZyirW98D6jOcLwVdRO7Dc6/+DZ568mMzx9
47N0DOQaJyiarDvxSppHsfRzisWgl9SwfdFeWd9GVJmObiiY1pZ/khGlfyL8Q6Qw
dP1IaBSTP0P4uRpVytrKMLuAPkiVIdNWFMpKWP5uiVUA1xz/iwW5FMkNJgHoB5Hn
utoOw4RToA8pzvr2nmcRfedeDw0M/MUUF0RpjHpUuQ5vzohoKVa9+tSW0rtyoOuh
-----END CERTIFICATE REQUEST-----
~
~
~
:wq!
vmanage:~$ openssl x509 -req -in vbond.csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vbond.crt -days 2000 -sha256
Signature ok
subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vbond-6b102286-ee19-4a19-91f1-323343cd4e96-0.viptela.com/emailAddress=support@viptela.com
Getting CA Private Key
vmanage:~$ cat vbond.crt
-----BEGIN CERTIFICATE-----
MzM1WjCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV
BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs
MzM0M2NkNGU5Ni0wLnZpcHRlbGEuY29tMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0
QHZpcHRlbGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRsa
V3EQ3CswWqKZMXxQCz+zWP4bg68N2tNG0xrQJL+lxNJ8OSN5/X5q6iSgckyfoZMc
8ku208T9hAiOHwzsxBH/oVTrkXpPSnEBuzyhRiukMq2rcYpFWIagGaNstxzOcEdU
XNWtucNXpvcGo4pRqGyBP/Hptqo1I00uoR0xQgDbMmHrakzmJlEuE5XGUqnZIPd6
1EScoLzDcW597cUAqVCrPTs3wPTW8yPXUQt2zvx/gp1K9C5+pB4MY7qZvtqvLvTE
QM/pX1omr3DICdu7pyhOgHbcesT+07dhZFb/sXL7YWZo/JNnuqyHfi0soj1HhB1e
YVV9Vx7EeT1SF9eSmQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBAHta+ZlUBGCPe
GE0OZ9kvg1JMsCLWRF1yXN06t3H5L8Z4yIMchIA+xraU5UH6DC2fa65mPjjiXEOQ
mAKMnJsOMfx1cHbxR6urieWJHkmirnBmJgjocyfalLeALYcnP6GAasbsaiv5WWl/
cgXqPzlYwiBqa2eBqhcIP9mVt3H+ipcrpv+hye2JPZhJ5RIdKZ4Bbn4NveMhOiuY
-----END CERTIFICATE-----
vmanage:~$

Step 5: Now Navigate to Configuration > Certificate > Controllers > Install Certificate and paste the copied content.

Step 6: Once we see successful prompt. Now we can go again to vBond console and enable the tunnel-interface on transport interface.

vbond# conf t
Entering configuration mode terminal
vbond(config)# vpn 0
vbond(config-vpn-0)# interface ge0/0
vbond(config-interface-ge0/0)# tunnel-interface
vbond(config-tunnel-interface)# encapsulation ipsec
vbond(config-tunnel-interface)# exit
vbond(config-interface-ge0/0)# no shutdown
vbond(config-interface-ge0/0)# commit and-quit
Commit complete.
vbond#

Task 3: Initial Configuration of vSmart:

Step 1: Configure vSmart with overlay and underlay parameters.

viptela 19.3.0

vsmart login: admin
Password:
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vsmart
vsmart#
vsmart# config
Entering configuration mode terminal
vsmart(config)# system
vsmart(config-system)# system-ip 100.100.100.100
vsmart(config-system)# site-id 123
vsmart(config-system)# organization-name "rstforum"
vsmart(config-system)# vbond 200.0.3.200
vsmart(config-system)# vpn 0
vsmart(config-vpn-0)# no interface eth0
vsmart(config-vpn-0)# interface eth1
vsmart(config-interface-eth1)# ip add 200.0.4.100/24
vsmart(config-interface-eth1)# no shut
vsmart(config-interface-eth1)# ip route 0.0.0.0/0 200.0.4.10
vsmart(config-vpn-0)# vpn 512
vsmart(config-vpn-512)# interface eth0
vsmart(config-interface-eth0)# ip add 10.0.0.100/24
vsmart(config-interface-eth0)# no shut
vsmart(config-interface-eth0)# commit and
Commit complete.
vsmart#

Step 2: Navigate to Configuration > Devices > Controllers > Add Controllers > vSmart

add details vSmart IP = 200.0.4.100 Username=admin Password=admin and let the Generate CSR be ticked and click add.

Step 3: Now Navigate to Configuration > Certificates> Controllers> vSmart> … > View CSR and copy all text from here.

Step 4:Back to vManage vshell and create a file name “vsmart.csr” and follow the same process like that of vbond.

vmanage:~$ vim vsmart.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIDRzCCAi8CAQAwgcYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MREwDwYDVQQHEwhTYW4gSm9zZTERMA8GA1UECxMIcnN0Zm9ydW0xFDASBgNVBAoT
C1ZpcHRlbGEgTExDMUIwQAYDVQQDEzl2c21hcnQtNGQ4MzJlYjUtYjUwOC00OTBm
LWE1Y2ItYzNhNzk3OTdjY2NhLTIudmlwdGVsYS5jb20xIjAgBgkqhkiG9w0BCQEW
E3N1cHBvcnRAdmlwdGVsYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCpBWy/szv2CODFmi32VFonWFDnb4uVrM+ChjlLgMX0ree69bi2LeXCoTiy
XxO0FppZJDb07eD6MZjQJTyHAZDAcAXSk/95rbJz4onoxZZCNZjmQ4EaVe0cfME2
I9ECMqU7xsgsrOtuvSfsbxq9oto0JfAVfEmWaAmyM/kfqfwmNw9+bkaCpro2Wxgu
mpGTtlkpZCK3JB9Xoqy781OC29Qh/OtuuVSOYI0gcP8jpgBf1I7dKt2nZE+Bbx2U
CvqesMrIR7zwEhsm/oSiM7JH+ZOI4o3uBtOAbBBddev5i8PKQtaQ18HOeJupHI03
f5xD0AKvNgDnBp+xf0Casv5jQ7fpAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMAkG
A1UdEwQCMAAwHQYDVR0OBBYEFL7NGwP6bWdvpu4eRgqGbt9w2bwqMA0GCSqGSIb3
DQEBCwUAA4IBAQAFBu8JATAws5LGDG2lvvGzmSQ2iATFcHakFiAEQK3tguHIj93z
Ls+qq0vGTJbslYK/QThw/RN6pnGPIqpBsMuNy6MtBfoWyOxUX0LIywx3k5CWCY0o
lG6XJYFlZPp4DUMUVb5ncGOPgeEF5WqLhxm2oQvVZzde1FY8sZvZebdzlXz3ojma
6VLacVL6t8BVGHHbcJCZQK0katG1CsqtrE+uF3d4vqJpIhk1mk4IPqjvrxCjz3Uf
0CCYTmAtG9nj/lPT5nvPcF883i/UgexZuOf388GmY7ps9JaPK6ETE0nJvIbXtuz4
QTlfDHvQs9vfpN5tgn4HmKccCSr4nmIQZx5U
Wq!

Step 5: Now we will sign the smart’s csr using CA’s key. And then paste it back to vManage GUI.

vmanage:~$ openssl x509 -req -in vsmart.csr -CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial -out vsmart.crt -days 2000 -sha256
Signature ok
subject=/C=US/ST=California/L=San Jose/OU=rstforum/O=Viptela LLC/CN=vsmart-4d832eb5-b508-490f-a5cb-c3a79797ccca-2.viptela.com/emailAddress=support@viptela.com
Getting CA Private Key
vmanage:~$ cat vsmart.crt
-----BEGIN CERTIFICATE-----
NDEwWjCBxjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNV
BAcTCFNhbiBKb3NlMREwDwYDVQQLEwhyc3Rmb3J1bTEUMBIGA1UEChMLVmlwdGVs
YSBMTEMxQjBABgNVBAMTOXZzbWFydC00ZDgzMmViNS1iNTA4LTQ5MGYtYTVjYi1j
M2E3OTc5N2NjY2EtMi52aXB0ZWxhLmNvbTEiMCAGCSqGSIb3DQEJARYTc3VwcG9y
dEB2aXB0ZWxhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkF
bL+zO/YI4MWaLfZUWidYUOdvi5Wsz4KGOUuAxfSt57r1uLYt5cKhOLJfE7QWmlkk
NvTt4PoxmNAlPIcBkMBwBdKT/3mtsnPiiejFlkI1mOZDgRpV7Rx8wTYj0QIypTvG
yCys6269J+xvGr2i2jQl8BV8SZZoCbIz+R+p/CY3D35uRoKmujZbGC6akZO2WSlk
IrckH1eirLvzU4Lb1CH86265VI5gjSBw/yOmAF/Ujt0q3adkT4FvHZQK+p6wyshH
vPASGyb+hKIzskf5k4jije4G04BsEF116/mLw8pC1pDXwc54m6kcjTd/nEPQAq82
AOcGn7F/QJqy/mNDt+kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAXYVtugeo6FjR
-----END CERTIFICATE-----
vmanage:~$

Step 6: Copy the content from ‘vsmart.crt’. Now navigate to Configuration > Certificate > Controllers > install certificate and paste the content.

Step 7: Once we get successful message. Now we will go and enable the tunnel-interface on the transport interface.

vsmart# config
Entering configuration mode terminal
vsmart(config)# vpn 0
vsmart(config-vpn-0)# interface eth1
vsmart(config-interface-eth1)# tunnel-interface
vsmart(config-tunnel-interface)# exit
vsmart(config-interface-eth1)# no shutdown
vsmart(config-interface-eth1)# commit and-quit
Commit complete.
vsmart#

Step 8: Verify the connections from vManage Dashboard

Task 4: Initial Configuration of vEdge Routers:

Step 1: Configure vEdge with overlay and underlay parameters. Similar Configuration with different IP addresses is to be done on all the other vEdge routes (refer LAB Topology).

viptela 19.3.0

vedge login: admin
Password:
Welcome to Viptela CLI
admin connected from 127.0.0.1 using console on vedge
vedge# config
Entering configuration mode terminal
vedge(config)# system
vedge(config-system)# system-ip 150.0.0.1
vedge(config-system)# site-id 1
vedge(config-system)# organization-name "rstforum"
vedge(config-system)# vbond 200.0.3.200
vedge(config-system)# vpn 0
vedge(config-vpn-0)# no interface ge0/1
vedge(config-vpn-0)# interface ge0/0
vedge(config-interface-ge0/0)# ip add 200.0.0.1/24
vedge(config-interface-ge0/0)# no shut
vedge(config-interface-ge0/0)# tunnel-interface
vedge(config-tunnel-interface)# encapsulation ipsec
vedge(config-tunnel-interface)# allow-service all
vedge(config-tunnel-interface)# no shut
vedge(config-tunnel-interface)# ip route 0.0.0.0/0 200.0.0.10
vedge(config-vpn-0)# vpn 1
vedge(config-vpn-1)# interface ge0/1
vedge(config-interface-ge0/1)# ip add 100.0.0.10/24
vedge(config-interface-ge0/1)# no shut
vedge(config-interface-ge0/1)# vpn 512
vedge(config-vpn-512)# interface eth0
vedge(config-interface-eth0)# ip add 10.0.0.11/24
vedge(config-interface-eth0)# no shut
vedge(config-interface-eth0)# commit and
Commit complete.
vedge#

Step 2: Navigate to Configuration > Devices > Upload WAN Edge List

now Upload the serial file acquired from Cisco Smart account Portal and check the box “Validate the uploaded vEdge list ….”

Step 3: Now after success message Navigate to Configuration > Device > WAN Edge List > vEdge Cloud > … > Generate Bootstrap Configuration.

NOTE** if using KVM select Cloud-Init and For VMWare use Encoded String.

Step 4:Now Close the Generate Bootstrap Configuration Window and go to vEdge Console and download the ROOT CA certificate. This will install CA’s certificate in vEdge Router.

vedge# request root-cert-chain install vpn 512 scp://admin@10.0.0.123:/home/admin/ROOTCA.pem

Step 5:Now we will enrol the vEdge device with the same chassis-number and token number with was generated in vManage.

vedge# request vedge-cloud activate chassis-number 2d65e5a0-ffe4-ee4e-XXXX-XXXXXXXXXX token a38892fd6310f07c5XXXXXXXXXXXX

Step 6:The above step should be repeated for vEdge 2 and vEdge 3. Once configuration is done on all the three vEdge Routers, then we can verify all the devices on vManage Dashboard.

Step 7: Some verification commands for SD-WAN.

vedge# **show ip route**
Codes Proto-sub-type:
  IA -> ospf-intra-area, IE -> ospf-inter-area,
  E1 -> ospf-external1, E2 -> ospf-external2,
  N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
  e -> bgp-external, i -> bgp-internal
Codes Status flags:
  F -> fib, S -> selected, I -> inactive,
  B -> blackhole, R -> recursive
                                            PROTOCOL  NEXTHOP     NEXTHOP          NEXTHOP                                                  
VPN    PREFIX              PROTOCOL         SUB TYPE  IF NAME     ADDR             VPN      TLOC IP          COLOR            ENCAP  STATUS 
---------------------------------------------------------------------------------------------------------------------------------------------
0      150.0.0.1/32        connected        -         system      -                -        -                -                -      F,S    
0      200.0.0.0/24        connected        -         ge0/0       -                -        -                -                -      F,S    
1      100.0.0.0/24        connected        -         ge0/1       -                -        -                -                -      F,S    
512    10.0.0.0/24         connected        -         eth0        -                -        -                -                -      F,S    
vedge# **show interface | tab**
                                     IF      IF      IF                                                                 TCP                                  
                AF                   ADMIN   OPER    TRACKER  ENCAP                                      SPEED          MSS                 RX       TX      
VPN  INTERFACE  TYPE  IP ADDRESS     STATUS  STATUS  STATUS   TYPE   PORT TYPE  MTU   HWADDR             MBPS   DUPLEX  ADJUST  UPTIME      PACKETS  PACKETS 
----------------------------------------------------------------------------------------------
0    ge0/0      ipv4  200.0.0.1/24   Up      Up      NA       null   transport  1500  00:0c:29:a5:b7:d6  1000   full    1416    0:01:46:24  1        939     
0    system     ipv4  150.0.0.1/32   Up      Up      NA       null   loopback   1500  00:00:00:00:00:00  0      full    1416    0:00:12:35  0        0       
1    ge0/1      ipv4  100.0.0.10/24  Up      Up      NA       null   service    1500  00:0c:29:a5:b7:e0  1000   full    1416    0:00:12:29  2        7       
512  eth0       ipv4  10.0.0.11/24   Up      Up      NA       null   service    1500  00:0c:29:a5:b7:cc  0      full    0       0:01:46:23  3058     811