Scribd
Upload
253 views35 pages

NJ SDWAN - Workbook v7.0

The document provides details about the lab topology, access credentials, and IP schema for the SD-WAN lab. It includes the hostnames, management IPs, usernames, and passwords for the vManage, vBond, vSmart, and other devices. It also lists the site IDs, organization name, interfaces, VPN memberships and IP addresses for each device.

Uploaded by

Mateen Virk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
253 views35 pages

NJ SDWAN - Workbook v7.0

The document provides details about the lab topology, access credentials, and IP schema for the SD-WAN lab. It includes the hostnames, management IPs, usernames, and passwords for the vManage, vBond, vSmart, and other devices. It also lists the site IDs, organization name, interfaces, VPN memberships and IP addresses for each device.

Uploaded by

Mateen Virk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

Page 1 of 35

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088

SDWAN WORKBOOK

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 2 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

CISCO VIPTELA SDWAN LAB WORKBOOK


Table of Contents
Changelog ............................................................................................................................................... 3
Lab Topology .......................................................................................................................................... 4
Access Credentials .................................................................................................................................. 4
IP Schema ............................................................................................................................................... 5
Lab31: Verify current Mode on vSmart (CLI / vManage) and apply a template if required................ 6
Task31.1: Verify current mode on vSmart (CLI / vManage).............................................................. 6
Task31.2: Configure System Feature Template for vSmart .............................................................. 6
Task31.3: Configure VPN0 Feature Template for vSmart ................................................................. 7
Task31.4: Configure VPN0 Interface Feature Template for vSmart ................................................. 9
Task31.5: Configure VPN512 Feature Template for vSmart ........................................................... 10
Task31.5: Configure VPN512 Interface Feature Template for vSmart ........................................... 10
Task31.6: Configure Device Template for vSmart ........................................................................... 11
Task31.7: Attach Device Template to be used by vSmart .............................................................. 12
Task31.8: Configure Variables in Device Template to be used by vSmart ..................................... 13
Task31.9: Apply Device Template to be used by vSmart ................................................................ 14
Task31.10: Verify new mode on vSmart (CLI / vManage)............................................................... 14
Lab32: Control Plane Policy – Blocking Subnets.................................................................................. 15
Task32.1: Create Lists ....................................................................................................................... 15
Task32.2: Create Topology (Control Policies) .................................................................................. 18
Task32.3: Add Policy ........................................................................................................................ 21
Task32.4: Pre-Verification // Verify routes from Delta LAN Segment to SW2-ETA ....................... 24
Task32.5: Activate the policy ........................................................................................................... 25
Task32.6: Post-Verification || Verify routes from Delta LAN Segment to SW2-ETA ..................... 26
Lab33: Data Plane Policy – Blocking Telnet Access ............................................................................. 27
Task33.1: Create Lists ....................................................................................................................... 27
Task33.2: Create Traffic Rules (Data Policies) ................................................................................. 30
Task33.3: Pre-Verification // Verify telnet from Delta Site to Zeta Site ........................................ 34
Task33.4: Activate the policy ........................................................................................................... 34
Task33.5: Post-Verification // Verify telnet from Delta Site to Zeta Site....................................... 35

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 3 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Changelog
V7.0 Added Lab 31 to Lab 33

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 4 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Lab Topology

Access Credentials
Device Hostname Access Method Management IP Username Password
vManage CLI/GUI 192.168.30.1 admin admin
vBond CLI 192.168.30.2 admin admin
vSmart CLI 192.168.30.3 admin admin
CA Server CLI 192.168.30.4 Administrator Test123
vEdge1-DELTA CLI admin admin
vEdge1-ZETA CLI admin admin
vEdge1-GAMMA CLI admin admin
vEdge2-GAMMA CLI admin admin
vEdge1-ETA CLI admin admin
vEdge2-ETA CLI admin admin
CSR1-BETA CLI admin admin
MPLS Router CLI admin cisco
Internet Router CLI admin cisco
4G-LTE Router CLI admin cisco
HQ1-Alpha Router CLI admin cisco
Docker CLI 192.168.30.10 admin cisco
SW1-ETA CLI admin cisco
SW2-ETA CLI admin cisco
SW1-GAMMA CLI admin cisco
SW1-ZETA CLI admin cisco
SW1-DELTA CLI admin cisco
SW1-BETA CLI admin cisco

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 5 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

IP Schema
Device Hostname SITE ID Org Name Interface VPN Interface IP
Number/Name Membership
vManage 30 njsdwan eth0 vpn 0 203.0.113.1
eth1 vpn 512 198.168.30.1
system-ip 30.1.1.1
vBond 30 njsdwan ge0/0 vpn 0 203.0.113.2
ge0/1 vpn 512 198.168.30.2
system-ip 30.1.1.2
vSmart 30 njsdwan eth0 vpn 0 203.0.113.3
eth1 vpn 512 198.168.30.3
system-ip 30.1.1.3
CA Server 30 njsdwan e0 vpn 0 203.0.113.4
e1 vpn 512 198.168.30.4
vEdge1-DELTA 25 njsdwan G0/4 vpn 0 172.16.25.4
system-ip 25.1.1.1
vEdge1-ZETA 20 njsdwan G0/1 vpn 0 10.1.20.1
system-ip 20.1.1.1
vEdge1-GAMMA 15 njsdwan G0/1 vpn 0 10.1.15.1
system-ip 15.1.1.1
vEdge2-GAMMA 15 njsdwan G0/2 vpn 0 100.64.15.2
system-ip 15.1.1.2
vEdge1-ETA 10 njsdwan G0/1 vpn 0 10.1.10.1
system-ip 10.1.1.1
vEdge2-ETA 10 njsdwan G0/1 vpn 0 10.1.11.1
system-ip 10.1.1.2
CSR1-BETA 5 njsdwan G1 vpn0 10.1.5.1
System-ip 5.1.1.1
MPLS Router e0/0 10.1.5.254
e0/1 10.1.2.254
e0/2 10.1.15.254
e0/3 10.1.10.254
e1/0 10.1.11.254
e1/1 10.1.20.254
Internet Router e0/0 100.64.5.254
e0/1 100.64.11.254
e0/2 100.64.2.254
e0/3 100.64.20.254
e1/0 100.64.15.254
e1/1 100.64.10.254
e1/2 100.64.25.254
4G-LTE Router e0/0 172.16.25.254
e0/1 172.16.20.254
e1/0 172.16.2.254
HQ1-Alpha e0/0 203.0.113.5
Router e0/1 10.1.2.5
e0/2 100.64.2.5
e1/0 172.16.2.5
Docker 192.168.30.10

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 6 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Lab31: Verify current Mode on vSmart (CLI / vManage) and apply a


template if required
To configure Centralized policies, our vSmart should be managed by vManage and not through CLI
mode.

Task31.1: Verify current mode on vSmart (CLI / vManage)


• Navigate to Configuration > Devices > Controller
o Verify current mode (CLI / vManage)

Since vSmart is currently managed by CLI, we will have to apply a template so that vSmart will be
managed by vManage.

Task31.2: Configure System Feature Template for vSmart


• Navigate to Configuration > Template > Feature Templates > Add Template > Select vSmart >
System Template
o Select Timezone as: Asia/Kolkata

vSmart-System template is created.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 7 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.3: Configure VPN0 Feature Template for vSmart


• Navigate to Configuration > Template > Feature Templates > Add Template > Select vSmart >
VPN
o Configure VPN0 (Transport VPN)
o Configure Default route towards HQ1-ALPHA with 1 next-hop

Add Next Hop

Verify Next HOP and click Add

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 8 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

vSmart-VPN0 template is created.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 9 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.4: Configure VPN0 Interface Feature Template for vSmart


• Navigate to Configuration > Template > Feature Templates > Add Template > Select vSmart >
VPN Interface Ethernet
o Configure VPN0-Eth0 Interface Template
o Configure IP address: 203.0.113.3/24
o Enable Tunnel interface
o Allow Service – ALL, NETCONF, SSH

vSmart-VPN0-Eth0 template is created.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 10 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.5: Configure VPN512 Feature Template for vSmart


• Navigate to Configuration > Template > Feature Templates > Add Template > Select vSmart >
VPN
o Configure VPN512 (Management VPN)
o We do not need a Default route

vSmart-VPN512 template is created.

Task31.5: Configure VPN512 Interface Feature Template for vSmart


• Navigate to Configuration > Template > Feature Templates > Add Template > Select vSmart >
VPN Interface Ethernet
o Configure VPN512-Eth1 Interface Template
o Interface Name: Eth1
o Configure IP address: 192.168.30.3/24

vSmart-VPN512-Eth1 template is created.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 11 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.6: Configure Device Template for vSmart


• Navigate to Configuration > Template > Device Templates > Add from Feature Template >
Select vSmart
o Select Feature Templates
 vSmart-System
 vSmart -VPN0
 vSmart -VPN0-Eth0
 vSmart -VPN512
 vSmart -VPN512- ETH1

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 12 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.7: Attach Device Template to be used by vSmart


• Select Template Name > Navigate to
o Attach Devices - vSmart

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 13 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.8: Configure Variables in Device Template to be used by vSmart


• Select System IP > Navigate to
o Edit Device Template & fill variables for vSmart

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 14 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task31.9: Apply Device Template to be used by vSmart


• Navigate to Device (vSmart) > Config Diff > Inline Diff
o Click on Configure Device to push template to vSmart device

Task31.10: Verify new mode on vSmart (CLI / vManage)


• Navigate to Configuration > Devices > Controller
o Verify current mode (CLI / vManage)

Since vSmart is currently managed by vManage, so we are good to configure policies and apply them
as per our requirement.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 15 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Lab32: Control Plane Policy – Blocking Subnets


• Requirement:
o Block below two prefixes from DELTA Site to ETA site, however the routes should
appear at other sites.
192.168.28.0
192.168.29.0

Task32.1: Create Lists


• We need to create following lists:
o Prefix List
o VPN List
o Site List

• Prefix List:
o Navigate to Configuration > Policies > Custom Options > Centralized Policies > Lists >
Select Prefix
o New Prefix List
 Prefix List Name: DELTA-PREFIXES
 Add Prefix: 192.168.28.0/24, 192.168.29.0/24

• VPN List:
o Navigate to Configuration > Policies > Custom Options > Centralized Policies >
Lists > Select VPN
o New VPN List
 VPN List Name: VPN-100
 Add VPN: 100

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 16 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Site List:
Navigate to Configuration > Policies > Custom Options > Centralized Policies > Lists > Select Site
o > New Site List
 Site List Name: ETA-SITE
 Add Site: 10
o > New Site List
 Site List Name: ZETA-SITE
 Add Site: 20
o > New Site List
 Site List Name: DELTA-SITE
 Add Site: 25

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 17 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Verify Site List for all 3 sites

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 18 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task32.2: Create Topology (Control Policies)


• Navigate to Configuration > Policies > Custom Options > Centralized Policies > Topology
o Add Topology > Custom Control (Route & TLOC)
 Sequence Type > Route
 Sequence Rule > Match > Select match conditions
 Match Conditions > Select match lists - Prefix | VPN | Site
 Default Action > Edit > Select Accept > Save
 Save Control Policy

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 19 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 20 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 21 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task32.3: Add Policy


• Navigate to Configuration > Policies > Centralized Policies > Add Policy
o Add Topology > Custom Control (Route & TLOC)

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 22 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 23 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

At this point the policy is build but not activated. Before activating we will do some verifications.

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 24 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task32.4: Pre-Verification // Verify routes from Delta LAN Segment to SW2-ETA


• Login to SW2-ETA > show ip route
o We are learning 192.168.28.0/24 & 192.168.29.0/24 from Delta Site

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 25 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task32.5: Activate the policy


• Select Policy > Navigate to > Activate
o > Activate

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 26 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task32.6: Post-Verification || Verify routes from Delta LAN Segment to SW2-ETA


• Login to SW2-ETA > show ip route
o We are no more learning 192.16828.0/24 & 192.168.29.0/24 from Delta Site

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 27 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Lab33: Data Plane Policy – Blocking Telnet Access

• Requirement:
o Block telnet access from Delta Site to Zeta Site but they should be able to ping each
other
o Telnet to ETA Site from Delta Site should be allowed

Task33.1: Create Lists


• We need to create following lists:
o Data Prefix List
o Site List
o VPN List

• Prefix List:
o Navigate to Configuration > Policies > Custom Options > Centralized Policies > Lists >
Select Data Prefix
o New Data Prefix List
 Data Prefix List Name: DATA-PREFIX
 Add Prefix: 192.168.120.0/24

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 28 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 29 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 30 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task33.2: Create Traffic Rules (Data Policies)


• Navigate to Configuration > Policies > Centralized Policies > Add Policy
o Configure Traffic Rules > Traffic Data
 Sequence Type > Application Firewall
 Sequence Rule > Match > Select match conditions
 Match Conditions > Select match lists – Destination Data Prefix | Destination
Port-23
 Action - Drop
 Default Action > Edit > Select Accept > Save
 Next

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 31 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 32 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 33 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

• Apply Policies to Sites & VPNs


o Traffic Data > New Site List & VPN List
o From Service
 Select Site List – Delta Site, Zeta Site
 Select VPN List – VPN100
o Save Policy

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 34 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task33.3: Pre-Verification // Verify telnet from Delta Site to Zeta Site


• Login to SW1-DELTA > telnet 192.168.120.50
o Telnet Access is allowed from Delta site to Zeta Site

Task33.4: Activate the policy


• Select Policy > Navigate to > Activate
o > Activate

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088
Page 35 of 35
Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:
https://wa.me/919739521088

Task33.5: Post-Verification // Verify telnet from Delta Site to Zeta Site


• Login to SW1-DELTA > telnet 192.168.120.50
o Telnet Access is blocked from Delta site to Zeta Site
o Although ping from Delta site to Zeta Site is allowed
o Telnet Access is allowed from Delta site to Eta Site

Trainer Shank || SD WAN 300-415 || www.networkjourney.com || For enrollment: [email protected] || Whatsapp:


https://wa.me/919739521088

You might also like