Cisco SD-WAN

Cisco SD-WAN Installation

This document explains setting up a new SD-WAN Lab for testing and training purpose .

Steps required to do installation

  1. First collect SD-WAN Images
  2. Get serial.viptela file generated from Cisco smart account portal
  3. Make sure you have around 32GB minimum with 12 processors
  4. Install vmanage as first device
  5. Make sure you have a CA Server in your network (i am using vmanage as CA Server)
  6. Use vbond as second install
  7. Vsmart as third install
  8. Vedges as many as you like based on your topology
  9. You would need couple of backbone routers as well

Before we start ,Here are some links to download important resources

SD-WAN images for ESXI 19.2

SD-WAN Images for EV-NG

Now Let us start with Generating CA certificate for our First Device in the NetworkLogin to CLI of  vmanage which we installed in previous step and give following commands

Put a skinny configuration on vmanage first


host-name vmanage-lab


site-id 1001


sp-organization-name nhindialab

organization-name nhindialab


Step 1:

#vshell#openssl genrsa -out ROOTCA.key 2048(This command is to create a Root CA Key and

will keep your Vmanage as ROOT CA for this organization)

Step 2

Go to vmanage :settings

configure org name ,vbond ip and go to certificate and make it enterprise ca

Step 3

#openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=AU/ST=NSW/L=NSW/O=nhindialab/CN=vmanage.lab"  -out ROOTCA.pem

Step 4

Authenticate your certificate

request root-cert-chain install /home/admin/ROOTCA.pem

Step 5

Create CSR Request on Vmanage certificate

openssl x509 -req -in vmanage_csr \

-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \

-out vmanage.crt -days 2000 -sha256

Step 6

Now copy the CRT file using Winscp and install the same in vmanage certificate >Install certificate option

Repeat same process for all devices in network including vbond ,vsmart ,all vedges etc

For Vbond

We donot need to repeat whole process for vbond as its not a CA Server . Only vmanage is acting as a CA in our scenerio .

First put skinny configuration on vbond

config t


host-name vmanage-lab


site-id 1002


organization-name "nhindialab"

vbond local vbond-only

vpn 0

interface g0/0

ip add

no shut

Just copy root certificate from vmanage server and install it

scp root@ .


request root-cert-chain install /home/admin/ROOTCA.pem

(Do same for vsmart and other devices)

Now go to vmanage and add vbond controller and also a csr using vmanage

Now vond_csr file is generated on vbond manchine

copy this to vmanage using following command

scp admin@ .

Now on vmanage -sign this file using following command

openssl x509 -req -in vbond_csr -CA ROOTCA.pem -CAkey ROOTCA.key \

-CAcreateserial -out vbond.crt -days 2000 -sha256

install this certificate in vmanage and verify if your vmanage can see vbond

Repeat the same for vsmart (exactly same process)