Scribd
Upload
10 views12 pages

2. Configuration

The document outlines the configuration steps for various network devices including vSmart, vManage, vBond, and routers, detailing commands for setting system parameters, interfaces, and VPNs. It also includes instructions for certificate management and onboarding controllers via GUI. Additionally, it provides configurations for switches and routers, emphasizing BGP setup and IP addressing for different interfaces.

Uploaded by

networktroves
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
10 views12 pages

2. Configuration

The document outlines the configuration steps for various network devices including vSmart, vManage, vBond, and routers, detailing commands for setting system parameters, interfaces, and VPNs. It also includes instructions for certificate management and onboarding controllers via GUI. Additionally, it provides configurations for switches and routers, emphasizing BGP setup and IP addressing for different interfaces.

Uploaded by

networktroves
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Configuration

 vsmart(config)# system
o vsmart(config-system)# host-name vSmart
o vsmart(config-system)# organization-name nb007
o vsmart(config-system)# site-id 100
o vSmart(config-system)# vbond 100.1.1.13
o vsmart(config-system)# clock timezone UTC
o vsmart(config-system)# system-ip 2.2.2.2
o vsmart(config-system)# exit
 vSmart(config)# vpn 0
o vSmart(config-vpn-0)# ip route 0.0.0.0/0 100.1.1.254
o vsmart(config-vpn-0)# interface eth0
 vsmart(config-interface-eth0)# no shutdown
 vsmart(config-interface-eth0)# ip add 100.1.1.12/24
 vsmart(config-interface-eth0)# tunnel-interface
 vsmart(config-tunnel-interface)# allow-service all
 vsmart(config-tunnel-interface)# allow-service netconf
 vsmart(config-tunnel-interface)# allow-service sshd
 vsmart(config-tunnel-interface)# commit
 vmanage# conf t
o vmanage(config)# system
 vmanage(config-system)# system-ip 1.1.1.1
 vmanage(config-system)# organization-name nb
 vmanage(config-system)# site-id 100
 vmanage(config-system)# vbond 100.1.1.13
 vmanage(config-system)# host-name NMS
 vmanage(config-system)# exit
 vmanage(config)# vpn 0
 vmanage(config-vpn-0)# ip route 0.0.0.0/0 100.1.1.254
 vmanage(config-vpn-0)# interface eth0
o vmanage(config-interface-eth0)# no shut
 vmanage(config-interface-eth0)# ip add 100.1.1.11/24
 vmanage(config-interface-eth0)# tunnel-interface
 vmanage(config-tunnel-interface)# allow-
service all
 vmanage(config-tunnel-interface)# allow-
service netconf
 vmanage(config-tunnel-interface)# allow-
service sshd
 vmanage(config-tunnel-interface)# exit
 vmanage(config-interface-eth0)# exit
 vmanage(config-vpn-0)# exit
 vmanage(config)# vpn 512
 vmanage(config-vpn-512)# ip route 0.0.0.0/0 192.168.110.2
 vmanage(config-vpn-512)# interface eth1
 vmanage (config-interface-eth1)# no shutdown
 vmanage(config-interface-eth1)# ip add 192.168.110.114/24
 vmanage(config-interface-eth1)# commit
 Commit complete.
 NMS# ping 192.168.110.2 vpn 512
 Stop with ctrl + C
 vedge(config)# system
 vedge(config-system)# host-name vbond
 vedge(config-system)# system-ip 3.3.3.3
 vedge(config-system)# site-id 100
 vedge(config-system)# admin-tech-on-failure
 vedge(config-system)# organization-name nb007
 vedge(config-system)# vbond 100.1.1.13 local
 vedge(config-system)#exit
 vedge(config-system)# vpn 0
 vedge(config-vpn-0)# interface ge0/0
 vedge(config-interface-ge0/0)# ip address 100.1.1.13/24
 vedge(config-interface-ge0/0)# ipv6 dhcp-client
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service dhcp
 vedge(config-tunnel-interface)# allow-service dns
 vedge(config-tunnel-interface)# allow-service icmp
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# no allow-service ntp
 vedge(config-tunnel-interface)# no allow-service stun
 vedge(config-tunnel-interface)# allow-service https
 vedge(config-tunnel-interface)# !
 vedge(config-tunnel-interface)# no shutdown
 vedge(config-tunnel-interface)# !
 vedge(config-tunnel-interface)# ip route 0.0.0.0/0 100.1.1.254
 vedge(config-vpn-0)#
 vedge(config-vpn-0)#commit
 Router(config)#hostname ROOT_CA
 ROOT_CA(config)#int g0/0
o ROOT_CA(config-if)#ip add 100.1.1.14 255.255.255.0
o ROOT_CA(config-if)#no sh
o ROOT_CA(config-if)#exit
o ROOT_CA(config)#ip route 0.0.0.0 0.0.0.0 100.1.1.254
 ROOT_CA(config)#ip http server
 ROOT_CA(config)#ip http authentication local
 ROOT_CA(config)#username admin privilege 15 password cisco
 ROOT_CA(config)#ip http path flash:
 ROOT_CA(config)#crypto key generate rsa label ROOT modulus 2048
 ROOT_CA(config)#ip ssh version 2
 ROOT_CA(config)#crypto pki server ROOT
 ROOT_CA(cs-server)#database url flash:
 ROOT_CA(cs-server)#database archive pkcs12 password cisco123
 ROOT_CA(cs-server)#database level complete
 ROOT_CA(cs-server)#hash sha256
 ROOT_CA(cs-server)#issuer-name cn=nblab.local
 ROOT_CA(cs-server)#grant auto
 ROOT_CA(cs-server)#no shutdown
 ROOT_CA(config)#crypto pki export ROOT pem url flash:
 Sh flash
 ROOT_CA(config)#crypto pki export ROOT pem terminal

 NMS# show control local-properties
 NMS# request root-cert-chain uninstall
 NMS# request download http://admin:[email protected]/ROOT.ca
 NMS# vshell
 NMS:~$ ls
 NMS# request root-cert-chain install home/admin/ROOT.ca
 Do same on V manage , V bond , v smart

Now onboard controller on GUI


 Administration
o Setting
1. Organisation name
 Nb007
2. Vbond
 100.1.1.13
3. Controller certificate authorization
 Enterprise root certificate (select)
 Copy root certificate from Root_CA
o ROOT_CA(config)#crypto pki export ROOT pem terminal
o Domain (nblab.local)
o Organ.(Nb007)
o City (gurgoan)
o State (HR)
o Email ([email protected])
o Country code (IN)
o Validity ( 3 year)
o Save
 Configuration
o Devices
1. Controller
 Add controller
o Vbond
 100.1.1.13
 Username / pass = admin
 Not generate CSR
o Vsmart
 100.1.1.12
 Username / pass = admin
 Not generate CSR
 Save
 Configuration
o Certificate
1. Controller
 Vmanage
o Generate CSR
 Ctrl+ A (select amd then copy )
 Then go on Root CA
 ROOT_CA# crypto pki server ROOT requeset
pkcs10 terminal
 Paste that certificate then enter
 Then it will give granted certificate copy it and
then install certificate and paste it.
 Same on V bond and V smart
 Port number
o 12346
o 12446
o 12346
 Authentication
o Organization name
1. Name should be same
o Install
1. CA certificate
 Your edge device and controller should get certificate from same CA
 Edge list
o white-list
1. Configuration >Devices >upload wan edge list > the upload
2. Validate.
o Devices
o Manually

Switch
o Switch(config)#
o Switch(config)#int vlan 1
o Switch(config-if)#ip add 100.1.1.254 255.255.255.0
o Switch(config-if)#no shut
o Switch(config-if)#no shutdown
o Switch(config)#int gi1/0
o Switch(config-if)#no switchport
o Switch(config-if)#no shut
o Switch(config-if)#
o Switch(config-if)#ip address 199.1.1.254 255.255.255.0
o Switch(config-if)#exit
o Switch(config)#int gi 1/1
o Switch(config-if)#no switchport
o Switch(config-if)#no shut
o Switch(config-if)#ip add 172.16.100.254 255.255.255.0
o Switch(config-if)#exit
o Switch(config)#
o Switch(config)#
o Switch(config)#router bgp 65100
o Switch(config-router)#neighbor 199.1.1.1 remote-as 200
o Switch(config-router)#neighbor 172.16.100.1 remote-as 100
o Switch(config-router)#network 100.1.1.0 mask 255.255.255.0
o Switch(config-router)#exit
o Switch(config)#
o Switch(config)#do wr

BR1-1 configuration

 vedge(config)#
 vedge(config)# system
 vedge(config-system)# host-name BR1-1
 vedge(config-system)# organization-name nb007
 vedge(config-system)# system-ip 172.16.0.101
 vedge(config-system)# site-id 101
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# vpn 0
 vedge(config-vpn-0)# ip route 0.0.0.0/0 101.1.1.1
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# no shut
 vedge(config-interface-ge0/0)# ip add 101.1.1.2/24
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# commit
 Commit complete.
 BR1-1# request root-cert-chain uninstall
 BR1-1# request download http://admin:[email protected]/ROOT.ca
 BR1-1# request root-cert-chain install home/admin/ROOT.ca
 IN gui – setting  configuration  device then copy from … ( generate bootstrap configuration)
chassis number and token number (otp)
 Then run command
 BR1-1# request vedge-cloud activate chassis-number 5c272c51-f0b0-2640-c696-d5abfeab705f
token 1fbf77c87769313a1628b2650bf17fc3

Internet router
 NT_R(config)#int e0/2
 INT_R(config-if)#no shut
 INT_R(config-if)#ip add 111.1.1.1 255.255.255.0
 INT_R(config-if)#exit
 INT_R(config)#int e0/3
 INT_R(config-if)#no shut
 INT_R(config-if)#ip add 102.1.1.1 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)#int e1/1
 INT_R(config-if)#ip add 103.1.1.1 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)#int e1/0
 INT_R(config-if)#
 INT_R(config-if)#ip add 198.1.1.2 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)#
 INT_R(config)#int e1/3
 INT_R(config-if)#ip add 203.1.1.1 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)#int e1/2
 INT_R(config-if)#no shut
 INT_R(config-if)#ip add 202.1.1.1 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#
 INT_R(config-if)#int e2/0
 INT_R(config-if)#ip add 201.1.1.1 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)#
 INT_R(config)#int e2/1
 INT_R(config-if)#ip add 99.1.1.2 255.255.255.0
 INT_R(config-if)#no sh
 INT_R(config-if)#exit
 INT_R(config)# router bgp 200
 INT_R(config-router)#neighbor 192.1.1.1 remote-as 100
 INT_R(config-router)#exit
 INT_R(config)#do wr
 Building configuration...
 [OK]

BR1-2 configuration

 vedge(config)# system
 vedge(config-system)# system-ip 172.16.0.111
 vedge(config-system)# organization-name nb007
 vedge(config-system)# site-id 101
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# host-name BR1-2
 vedge(config-system)# exit
 vedge(config)# vpn 0
 vedge(config-vpn-0)# ip route 0.0.0.0/0 111.1.1.1
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# ip add 111.1.1.2/24
 vedge(config-interface-ge0/0)# no shut
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# commit
 BR1-2(config-tunnel-interface)# exit
 BR1-2(config-interface-ge0/0)# exit
 BR1-2(config-vpn-0)# exit
 BR1-2(config)# exit
 BR1-2# ping 100.1.1.14 ( root ca)
 BR1-2# show control local-properties
 BR1-2# request root-cert-chain uninstall
 BR1-2# request download http://admin:[email protected]/ROOT.ca
 BR1-2# request root-cert-chain install home/admin/ROOT.ca
 Generating CSR manually
o BR1-2# request csr upload home/admin/csr.cert
 Uploading CSR via VPN 0
 Enter organization-unit name : nb007
 Re-enter organization-unit name : nb007
o Now BR1-2 have CSR ( Identity certificate)
o Then BR1-2 will send CSR (certificate singing request) toward ROOT CA.
o Now copy from BR1-2 and paste on ROOT CA. Then , root ca will sing CSR and
o Then again paste on BR1-2 and install it.
o Now chassis number and certificate install krte hi iske pass serial number a jaye ye serial
number, digital certificate ka serial number hota hai . fr ye chassis number or serial
number sare controller per add krna peg a jise ye new device ko on board kra le.
o BR1-2# vshell
o BR1-2:~$ ls
o ROOT.ca archive_id_rsa.pub csr.cert
o BR1-2:~$ more csr.cert
o Then copy it and paste on ROOT CA
o ROOT_CA#crypto pki server ROOT request pkcs10 terminal
o Paste it , enter and get granted certificate and paste in BR1-2
o BR1-2:~$ cat > root.cert
o BR1-2:~$ (copy certificate then do ctrl + c )
o BR1-2:~$ ls
 ROOT.ca archive_id_rsa.pub csr.cert root.cert
o Request certificate install home admin
o BR1-2# request certificate install home/admin/root.cert
o BR1-2# show certificate serial
o Then copy on controller chassis number and serial number.
 vManage# request vedge add chassis-num 271b6611-7e56-4015-bbb4-
06083913efbe serial-num 06 (paste this same command on V smart and V bond.

BR2
 vedge(config)# system
 vedge(config-system)# host-name BR2
 vedge(config-system)# system-ip 172.16.0.102
 vedge(config-system)# site-id 102
 vedge(config-system)# organization-name nb007
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# exit
 vedge(config)# vpn 0
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# ip add 102.1.1.2/24
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# no shut
 vedge(config-tunnel-interface)#
 vedge(config-tunnel-interface)# ip route 0.0.0.0/0 102.1.1.1
 vedge(config-vpn-0)# commit
 Commit complete.
 BR2(config-vpn-0)#
 BR2# request root-cert-chain uninstall
 BR2# request download http://admin:[email protected]/ROOT.ca
 BR2# request root-cert-chain install home/admin/ROOT.ca
 Then , go In Vmanage GUI and copy serial number and token number from gui
o Setting >configuration > … > generate bootstamp
o Then copy on BR2
 BR2# request vedge-cloud activate chassis-number 5c272c51-f0b0-2640-c696-d5abfeab705f
token c61ce043bf817d2e8cd9a41143a0f

BR3
 vedge# conf t
 Entering configuration mode terminal
 vedge(config)# system
 vedge(config-system)# site-id 103
 vedge(config-system)# system-ip 172.16.0.13
 vedge(config-system)# organization-name nb007
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# host-name BR3
 vedge(config-system)# exit
 vedge(config)# vpn 0
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# ip add 103.1.1.2/24
 vedge(config-interface-ge0/0)# no shut
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# exit
 vedge(config-interface-ge0/0)#
 vedge(config-interface-ge0/0)# ip route 0.0.0.0/0 103.1.1.1
 vedge(config-vpn-0)# commit
 Commit complete.
 BR3(config-vpn-0)#

 BR3# request root-cert-chain uninstall
 BR3# request download http://admin:[email protected]/ROOT.ca


 BR3# request root-cert-chain install home/admin/ROOT.ca
 BR3# request vedge-cloud activate chassis-number 1ef20c70-8a35-d001-fde5-cad78a647170
token 29b5a529665ecd3cb998873a1ced3bd1
 BR3#

HQ1
 vedge# conf t
 Entering configuration mode terminal
 vedge(config)# system
 vedge(config-system)# site-id 1
 vedge(config-system)# host-name HQ1
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# system-ip 172.16.0.11
 vedge(config-system)# organization-name nb007
 vedge(config-system)# exit
 vedge(config)# vpn 0
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# ip add 202.1.1.2/24
 vedge(config-interface-ge0/0)# no shut
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# exit
 vedge(config-interface-ge0/0)# ip route 0.0.0.0/0 202.1.1.1
 vedge(config-vpn-0)# commit
 Commit complete.
 HQ1(config-vpn-0)#
 HQ1(config-vpn-0)# exit
 HQ1(config)#
 HQ1(config)# exit
 HQ1# request root-cert-chain uninstall
 HQ1# request download http://admin:[email protected]/ROOT.ca

 HQ1# request root-cert-chain install home/admin/ROOT.ca
 HQ1#
 HQ1# request vedge-cloud activate chassis-number 85d3cd20-4ba7-306e-296c-f1c18f83dd90
token 169f3cc6ede2fc1f57b6a1b0975ce05c
 HQ1#
 HQ1#

HQ2
 vedge(config)# system
 vedge(config-system)# site-id 1
 vedge(config-system)# organization-name nb007
 vedge(config-system)# vbond 100.1.1.13
 vedge(config-system)# system-ip 172.16.0.12
 vedge(config-system)# host-name HQ2
 vedge(config-system)# exit
 vedge(config)# vpn 0
 vedge(config-vpn-0)# int ge0/0
 vedge(config-interface-ge0/0)# ip add 203.1.1.2/24
 vedge(config-interface-ge0/0)# no shut
 vedge(config-interface-ge0/0)# tunnel-interface
 vedge(config-tunnel-interface)# allow-service all
 vedge(config-tunnel-interface)# allow-service netconf
 vedge(config-tunnel-interface)# allow-service sshd
 vedge(config-tunnel-interface)# exit
 vedge(config-interface-ge0/0)# ip route 0.0.0.0/0 203.1.1.1
 vedge(config-vpn-0)# commit
 Commit complete.
 HQ2(config-vpn-0)#
 HQ2(config-vpn-0)# end
 HQ2# request root-cert-chain uninstall
 HQ2# request download http://admin:[email protected]/ROOT.ca
 HQ2#
 HQ2# request root-cert-chain install home/admin/ROOT.ca
 HQ2# request vedge-cloud activate chassis-number 551a46e0-8581-092d-cb05-6664896e653c
token ad090a6033371ac79fa4d15499ff2e9a

You might also like