Cisco SD-WAN


Cisco SD-WAN Installation

This document explains setting up a new SD-WAN Lab for testing and training purpose .

Steps required to do installation

  1. First collect SD-WAN Images
  2. Get serial.viptela file generated from Cisco smart account portal
  3. Make sure you have around 32GB minimum with 12 processors
  4. Install vmanage as first device
  5. Make sure you have a CA Server in your network (i am using vmanage as CA Server)
  6. Use vbond as second install
  7. Vsmart as third install
  8. Vedges as many as you like based on your topology
  9. You would need couple of backbone routers as well

Before we start ,Here are some links to download important resources


SD-WAN images for ESXI 19.2

SD-WAN Images for EV-NG

Now Let us start with Generating CA certificate for our First Device in the NetworkLogin to CLI of  vmanage which we installed in previous step and give following commands

Put a skinny configuration on vmanage first

system

host-name vmanage-lab

system-ip 9.9.9.9

site-id 1001

admin-tech-on-failure

sp-organization-name nhindialab

organization-name nhindialab

vbond vbond.networkershome.com

Step 1:

#vshell#openssl genrsa -out ROOTCA.key 2048(This command is to create a Root CA Key and

will keep your Vmanage as ROOT CA for this organization)

Step 2

Go to vmanage :settings

configure org name ,vbond ip and go to certificate and make it enterprise ca

Step 3

#openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 -subj "/C=AU/ST=NSW/L=NSW/O=nhindialab/CN=vmanage.lab"  -out ROOTCA.pem

Step 4

Authenticate your certificate

request root-cert-chain install /home/admin/ROOTCA.pem

Step 5

Create CSR Request on Vmanage certificate

openssl x509 -req -in vmanage_csr \

-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \

-out vmanage.crt -days 2000 -sha256

Step 6

Now copy the CRT file using Winscp and install the same in vmanage certificate >Install certificate option



Repeat same process for all devices in network including vbond ,vsmart ,all vedges etc

For Vbond


We donot need to repeat whole process for vbond as its not a CA Server . Only vmanage is acting as a CA in our scenerio .


First put skinny configuration on vbond


config t

system

host-name vmanage-lab

system-ip 9.9.9.9

site-id 1002

admin-tech-on-failure

organization-name "nhindialab"

vbond 192.168.10.231 local vbond-only


vpn 0

interface g0/0

ip add 192.168.10.231/24

no shut


Just copy root certificate from vmanage server and install it


scp root@192.168.10.230:ROOTCA.pem .

exit


request root-cert-chain install /home/admin/ROOTCA.pem


(Do same for vsmart and other devices)


Now go to vmanage and add vbond controller and also a csr using vmanage


Now vond_csr file is generated on vbond manchine


copy this to vmanage using following command


scp admin@192.168.10.231:vbond_csr .

Now on vmanage -sign this file using following command

openssl x509 -req -in vbond_csr -CA ROOTCA.pem -CAkey ROOTCA.key \

-CAcreateserial -out vbond.crt -days 2000 -sha256

install this certificate in vmanage and verify if your vmanage can see vbond


Repeat the same for vsmart (exactly same process)