Sdwan Practice Lab 1 v1.1

Download PNETLab Platform
PNETLAB Store
PNETLab.com
SD-WAN Practice LAB 1 – PNETLab.com
Lab Topology
1
PNETLAB Store
PNETLab.com
Table of Contents
VERSION HISTORY ......................................................................................................................................... 7
HOW TO SETUP LAB ...................................................................................................................................... 8
Hardware Requirement ............................................................................................................................ 8
Link to download lab and Setup ............................................................................................................. 10
Account login to the devices in the SD-WAN LAB................................................................................... 22
Lab 1: Configuring the WAN Components .................................................................................................. 24
Task 1 – HQ Router Configuration .......................................................................................................... 24
Task 2 – MPLS Cloud Router Configuration ............................................................................................ 25
Task 3- Internet Cloud Router Configuration .......................................................................................... 26
Lab 2: Installing the Enterprise Certificate Server ...................................................................................... 27
Task 1- Configure the interface............................................................................................................... 27
Task 2- Installing the Enterprise Root Certificate Server ........................................................................ 28
Task 2 Install WinSCP .............................................................................................................................. 34
Lab 3- Initializing vManage -CLI .................................................................................................................. 35
Task 1- Configuring the System Component........................................................................................... 35
Task 2- Configured the VPN parameters................................................................................................. 35
Lab 4- Initializing vManage – GUI................................................................................................................ 37
Task 1- Organization name & vBond Address......................................................................................... 37
Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root Certificate. .. 37
Task 3- Generate a CSR for vManage...................................................................................................... 44
Task 4 – Request a Certificate from the CA Server ................................................................................. 46
Task 5 – Issue the Certificate from the CA Server................................................................................... 49
Task 6- Downloading the Issueed Certificate.......................................................................................... 50
Task 7- Installing the Identity Certificate for vManage........................................................................... 55
Lab 5- Initializing vBond – CLI ..................................................................................................................... 58
Task 1- Configuring the System component ........................................................................................... 58
Task 2 – Configure the vpn parameters .................................................................................................. 58
Lab 6- Initializing vBond -GUI ...................................................................................................................... 60
Task 1 – Add vBond to vManage............................................................................................................. 60
Task 2 – View the generated CSR for vBond and copy it ........................................................................ 61
Task 3- Request a certificate from the CA Server ................................................................................... 63
2
PNETLAB Store
PNETLab.com
Task 5- Downloading the Issued Certificate............................................................................................ 67

Lab 7 – Initializing vSmart – CLI................................................................................................................... 75
Task 1 - Configuring the System Component .......................................................................................... 75
Task 2 – Configured the vpn parameters ................................................................................................ 75
Lab 8 – Initializing vSmart – GUI ................................................................................................................. 77
Task 1- Add vSmart to vManage ............................................................................................................ 77
Task 2 – View the generated CSR for vSmart and Copy it ...................................................................... 78
Task 3 – Request a Certificate from the CA Server ................................................................................. 80
Task 5- Downloading the Issued Certificate............................................................................................ 84
Lab 9 – initializing vEdge – CLI .................................................................................................................... 92
Task 1 – Upload the WAN Edge List ........................................................................................................ 92
Task 1 – Configuring the System Component ......................................................................................... 95
Task 2 – Configure the vpn parameters ................................................................................................ 100
Lab 10 – Registering vEdges in vManage .................................................................................................. 101
Task 1- Upload the Root Certificate to the vEdge................................................................................. 101
Task 2- Install the Root Certificate on vEdge1 ...................................................................................... 102
Task 3- Active vEdge on vManage......................................................................................................... 103
Task 1 – Upload the Root Certificate to the vEdge ............................................................................... 104
3
PNETLAB Store
PNETLab.com

Lab 11 – Initializing cEdge – CLI ................................................................................................................ 117
Task 1 – Configuring the System Component ....................................................................................... 117
Task 2 – Configure the Interface and Tunnel Parameters .................................................................... 117
Lab 12 – Registering cEdges in vManage .................................................................................................. 119
Task 1 – Upload the Root Certificate to the cEdge ............................................................................... 119
Task 2 – Install the Root Certificate on cEdge1..................................................................................... 120
Task 3 - Activate cEdge on vManage..................................................................................................... 121
Lab 13 – Configuring Feature Template –System ..................................................................................... 123
Task 1 – Configure the System Template to be used by all vEdgeCloud Devices ................................. 123
Task 2 – Configure the System Template to be used by all cEdgeCloud Devices ................................. 124
Task 3 – Configure the System Template to be used by all vSmart Device .......................................... 126
Lab 14 – Configuring Feature Template –Banner ..................................................................................... 128
Task 1 – Configure the Banner Template to be used by all vEdgeCloud Devices ................................. 128
Task 2 – Configure the Banner Template to be used by all cEdgeCloud Devices ................................. 129
Lab 15 - Configuring Feature Templates -VPN & VPN Interfaces for VPN 0 & 512 ––Branch Site(vEdges)
.................................................................................................................................................................. 131
Task 1 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 0 ............. 131
Task 2 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 512 ......... 133
Task 3 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN 0
for Interface G0/0 ................................................................................................................................. 135
Task 4 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN 0
for Interface G0/1 ................................................................................................................................. 137
Task 5 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud Devices for VPN
512 for Interface Eth0 ........................................................................................................................... 140
Lab 16 - Configuring Feature Templates –External Routing - OSPF for VPN 0 –Branch Site (vEdges) ...... 143
Task 1 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN 0 ........... 143
Lab 17 - Configuring and Deploying Device Templates for vEdge – Branch Site(vEdge2) ........................ 146
Task 1 – Configure a Device Template for Branch vEdge Devices. ....................................................... 146
Task 2 – Attach vEdge2 to the Device Template................................................................................... 149
Task 3 – Configure the Variable Parameters for the Feature Templates ............................................. 150
Lab 18 - Configuring Internal Routing Protocols on the Internal Routing Devices – HQ & All Branches.. 155
Task 1 – Internal Site Router Configurations ........................................................................................ 156
4
PNETLAB Store
PNETLab.com
Lab 19 - Configuring Feature Templates –Service VPN – VPN, VPN Interface and Internal Routing –
Branch Site (vEdges).................................................................................................................................. 160
Task 1 - Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN 1 ............. 160
Task 2 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud devices for VPN 1
for Interface G0/2 ................................................................................................................................. 161
Task 3 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN 1 ........... 163
Lab 20 - Implementing a Service VPN using Templates – Branch Site (vEdge2) ....................................... 165
Task 1 – Edit the BR-VE-TEMP Device Template for Branch vEdge Devices. ........................................ 165
Lab 21 - Pushing Template to configure other Branch Sites - – Branch Site(vEdge3 & vEdge4) .............. 168
Task 1 – Attach the BR-VE-TEMP Device Template for Branch vEdge Devices..................................... 168
Lab 22 – Configuring Feature Templates for HQ-Site(vEdge1) – VPNs, VPN Interfaces, External & Internal
Routing ...................................................................................................................................................... 172
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 0 ....................................... 172
Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for VPN 0 for
Interface G0/0 ....................................................................................................................................... 174
Task 3 – Configure a BGP Template to be used by HQ vEdge-Cloud Devices for VPN 0 ...................... 175
Task 1 – Configure a VPN Template to be used by HQ vEdge-Cloud Devices for VPN 512 .................. 178
Interface Eth0........................................................................................................................................ 180
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 1 ....................................... 182
Interface G0/2 ....................................................................................................................................... 184
Task 3 – Configure a OSPF Template to be used by HQ vEdge-Cloud Devices for VPN 1 ..................... 186
Lab 23 - Configuring Device Templates for HQ-Site(vEdge1) to deploy VPN 0, 1 and 512. ...................... 188
Task 1 – Configure a Device Template for HQ vEdge Devices. ............................................................. 188
Task 2 – Attach vEdge1 to the Device Template................................................................................... 190
Lab 24 – Configuring Feature Templates for CSR – VPNs, VPN Interfaces, External & Internal Routing . 198
Task 1 – Configure a VPN Template by CSR for VPN 0 .......................................................................... 198
Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 0 for Interface
GigabitEthernet1 ................................................................................................................................... 199
Task 4 – Configure a OSPF Template to be used by CSR for VPN 0 ...................................................... 203
5
PNETLAB Store
PNETLab.com
Task 1 – Configure a VPN Template to be used by CSR for VPN 512 .................................................... 204
Task 1 – Configure a VPN Template for CSR for VPN 1 ......................................................................... 208
Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 1 for Interface G2 .............. 210
Task 3 – Configure a OSPF Template to be used by CSR for VPN 1 ...................................................... 212
Lab 25 - Configuring Device Templates for CSR to deploy VPN 0, 1 and 512 ........................................... 214
Task 1 – Configure a Device Template for CSR Branch Devices. ........................................................... 214
Task 2 – Attach cEdge1 to the Device Template ................................................................................... 218
Lab 26 - Configuring and Deploying Feature and Device Templates for vSmart Controllers ................... 225
Task 1 – Configure a VPN Template to be used by vSmart Controllers for VPN 0................................ 225
Task 2 – Configure a VPN Template to be used by vSmart Controllers for VPN 512............................ 226
Task 3 – Configure a VPN Interface Template to be used by vSmart Controllers for VPN 0 for Interface
Eth1 ....................................................................................................................................................... 228
Task 4 – Configure a VPN Interface Template to be used vSmart Controllers for VPN 512 for Interface
Eth0 ....................................................................................................................................................... 229
Task 5 – Configure a Device Template for vSmart Controllers. ............................................................ 231
Task 6 – Attach vSmart to the Device Template ................................................................................... 233
Lab 27 - Configuring Application Aware Policies using Telnet and Web .................................................. 236
Task 1 – Configure Groups of Interests/List that will be used for Telnet & Web Application Aware
Routing (AAR) Policy ............................................................................................................................. 236
Task 2 – Configure an AAR policy based on the Requirements ............................................................ 239
Task 3 – Create a Centralized Policy and call the Traffic Policy ............................................................ 242
Lab 28 - Manipulating Traffic flow using TLOCs ........................................................................................ 249
Task 1 – Configure Groups of Interests/List that will be used for Traffic Engineering Policy for DUBAI
.............................................................................................................................................................. 249
Task 2 – Configure Control/Topology policy based on the Requirements ........................................... 251
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology Policy ... 252
Lab 29 - Configuring Route Filtering ........................................................................................................ 256
Task 1 – Configure Groups of Interests/List that will be used for Route Filtering Policy for Newyork 256
Task 2 – Configure Control/Topology policy based on the Requirements ........................................... 257
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology Policy ... 258
6
PNETLAB Store
PNETLab.com
VERSION HISTORY
No Version Comment
1 1 Released workbook
Fixed:
+ Organization-name from “SDWAN” to "viptela sdwan"
2 1.1
+ Timer mismatched between Certificate and Controller
+ Correct ip address on E0/1 of HQ Router
7
PNETLAB Store
PNETLab.com
HOW TO SETUP LAB

Hardware Requirement
- CPU: 12v CPU
- RAM: 32GB
- HDD: 100GB
Note: Recommended Rack Rental (if you do not have a PC or server to practice).
- Join the Telegram group support: https://t.me/rackrental

- Pricing: 25 USD/1 week
o Dedicated IP, Server for pactice SD-WAN LAB.
o Included: all in one (IOS, Licensed, Workbook…) just practice only.
o Support: 24/7
8
PNETLAB Store
PNETLab.com
9
PNETLAB Store
PNETLab.com
Link to download lab and Setup

Note: Lab devices
- VIPTELA 20.3.1: vManager, vBond, vSmart, vEdge.

- Layer 2 Switches: L2-Advan-15.2-IRON
- Layer 3 Router: L3-Advan-15.4
- CRS: CRS1000vng-SDWAN
- ServerCA: Winserver-2008R2
1. How to upload images into PNETLab

a. Prerequirement:
- Download PNETLab platform and lab in the link:
o Link to download PNETLab Platform and setup: https://pnetlab.com/pages/download
o Link to download Lab from Store:
https://user.pnetlab.com/store/labs/detail?id=16052623645692
o Download WINSCP in the link then setup: https://winscp.net/eng/download.php
- Download all images in the link:
magnet:?xt=urn:btih:F1BD30B97284C7ABF46B5DEAC28E415676E0FCEB&dn=viptela
b. Upload Images into PNETLab:

- Step 1: Start PNETLab then login with WinSCP (using your ip address, username and password as
root and pnet respectively)
10
PNETLAB Store
PNETLab.com
11
PNETLAB Store
PNETLab.com
- Step 2: Upload Qemu Images and IOS as shown below:

o Upload All Qemu Images to folder: /opt/unetlab/addons/qemu
12
PNETLAB Store
PNETLab.com
13
PNETLAB Store
PNETLab.com
o Upload All IOS Images to folder: /opt/unetlab/addons/iol/bin
14
PNETLAB Store
PNETLab.com
15
PNETLAB Store
PNETLab.com
o Upload tempalte file for SD-WAN devices to Folder: /opt/unetlab/html/templates
If you skip this step, SD-WAN devices cannot start properly
Link to download Template file:

https://drive.google.com/file/d/1CZqoBv27HBJH3aUTwVDlfPXBr6KX3N5p/view?usp=sharing
Backup Link: https://mega.nz/file/uzxEEKLK#LvfeYdKR_SFi-msYcJgDHQ2vdRrpBltEKqcLChcCiRs
Unzip and copy to folder /opt/unetlab/html/templates in PNETLab
Note: If you are using PNETLab Version from 4.2.0, You do not need to do this step
16
PNETLAB Store
PNETLab.com
- Step 3: Fixpermissions
o Login to PNETLab platform (note: logging with online account)
17
PNETLAB Store
PNETLab.com
o Go to: System ➔ System Setting
o Click to Fix permission button
18
PNETLAB Store
PNETLab.com
2. How to setup and practice Lab

a. Licensing on SD-WAN devices
- Link to download file serial licence: https://drive.google.com/file/d/1KFqwBLHz-
xB7DXgTWudryedKlEK0lfKy/view?usp=sharing
o Backup Link:
https://mega.nz/file/jyZnSIhJ#rSprYR4z9XY_o2Ryyw3CCBdto5JxEU5AUVzRXRruX-Y
- Save that file to your PC then using this license file for Lab 9
b. ServerCA – Windows Server 2008

- We already set up all tools for SD-WAN Lab in serverCA, just download in the link above (we
shared in session: Link to download Lab and Setup).
- How to login to ServerCA:
o Click to ServerCA then download RDP file and Open, Login with account:
administrator/Pnetlab@123
19
PNETLAB Store
PNETLab.com
20
PNETLAB Store
PNETLab.com
21
PNETLAB Store
PNETLab.com
Account login to the devices in the SD-WAN LAB

- Default username and password to login vManager, vSmart, vBond, vEdge is: admin/admin
- Default username and password to login to ServerCA: administrator/Pnetlab@123
Note: Remember before you start the lab, wipe all nodes:
22
PNETLAB Store
PNETLab.com
========Some key notes for practing this lab========
1. If you see all 4 vEdge and cEdge down in Vmanage, almost problem by Switch, you should stop
and start those switch
2. If only 4 vEdge down but cEdge are okay then you can start/stop 4 vEdges. Sometime they are
not stable in lab.
23
PNETLAB Store
PNETLab.com
Lab 1: Configuring the WAN Components

Interface Configuration
HQ
Interface IP address Subnet Mask

E0/0 100.1.1.1 255.255.255.0
E0/1 119.1.1.2 255.255.255.0
E0/2 10.1.11.1 255.255.255.0
E0/3 118.1.6.1 255.255.255.0
MPLS-Cloud

E0/0 10.1.11.2 255.255.255.0
E0/1 10.1.12.2 255.255.255.0
E0/2 10.1.13.2 255.255.255.0
E0/3 10.1.14.2 255.255.255.0
E1/0 10.1.15.2 255.255.255.0
Interface-Cloud

E0/0 118.1.6.2 255.255.255.0
E0/1 118.1.2.2 255.255.255.0
E0/2 118.1.3.2 255.255.255.0
E0/3 118.1.4.2 255.255.255.0
E1/0 118.1.5.2 255.255.255.0
Task 1 – HQ Router Configuration

- Configure the Interfaces based on the Logical Diagram
- Configure OSPF as the IGP to communicate with the MPLS Cloud. Enable all the interfaces.
- Make sure OSPF only sends and receives OSPF packets on the link towards the MPLS Cloud using
the Passive-interface command.
- Configure a default route on the router towards the Internet. The IP Address of the Internet
Router is 192.1.101.254
- Configure BGP between vEdge1 (199.1.1.17) in 65001 and HQ router. Redistribute OPSF into BGP.
HQ Router
hostname HQ
!
interface Ethernet0/0
ip address 100.1.1.1 255.255.255.0
!
24
PNETLAB Store
PNETLab.com
ip address 119.1.1.2 255.255.255.0

!
ip address 10.1.11.1 255.255.255.0
!
ip address 118.1.6.1 255.255.255.0
!
router ospf 1
passive-interface default
no passive-interface Ethernet0/2
network 10.1.11.0 0.0.0.255 area 0
network 100.1.1.0 0.0.0.255 area 0
network 118.1.1.0 0.0.0.255 area 0
network 119.1.1.0 0.0.0.255 area 0
!
router bgp 65001
bgp log-neighbor-changes
redistribute ospf 1
neighbor 199.1.1.17 remote-as 65001
!
ip route 0.0.0.0 0.0.0.0 118.1.1.2
Task 2 – MPLS Cloud Router Configuration

- Configure the Interfaces based on the Logical Diagram.
- Configure OSPF as the IGP on all the interfaces.
MPLS Cloud Router
hostname MPLS
!
ip address 10.1.11.2 255.255.255.0
!
ip address 10.1.12.2 255.255.255.0
ip ospf network point-to-point
!
ip address 10.1.13.2 255.255.255.0
!
ip address 10.1.14.2 255.255.255.0
!
ip address 10.1.15.2 255.255.255.0
25
PNETLAB Store
PNETLab.com
!
router ospf 1
network 10.1.11.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.13.0 0.0.0.255 area 0
network 10.1.14.0 0.0.0.255 area 0
network 10.1.15.0 0.0.0.255 area 0
Task 3- Internet Cloud Router Configuration

- Configure a static route on the Router for the 100.1.1.0/24 network. The Next-hop should point
towards the Internet IP of the HQ Router
Internet Cloud Router
hostname Internet
!
no ip domain lookup
ip cef
!
ip address 118.1.1.2 255.255.255.0
!
ip address 118.1.2.1 255.255.255.0
!
ip address 118.1.3.2 255.255.255.0
!
ip address 118.1.4.2 255.255.255.0
!
ip address 118.1.5.2 255.255.255.0
!
ip route 100.1.1.0 255.255.255.0 118.1.1.1
26
PNETLAB Store
PNETLab.com
Lab 2: Installing the Enterprise Certificate Server

Task 1- Configure the interface
- First Ethernet Interface: Connected_to_192
- Ip address: 192.168.100.4
- Subnet: 255.255.255.0
- Third Ethernet Interface: Connected_to_100

- Ip address: 100.1.1.5
- Netmask: 255.255.255.0
- Gateway: 100.1.1.1
27
PNETLAB Store
PNETLab.com
Task 2- Installing the Enterprise Root Certificate Server

- Open Server Manager -> click Roles-> Next
28
PNETLAB Store
PNETLab.com
- Click Next
29
PNETLAB Store
PNETLab.com
- Select the “Active Directory Certificate Services" and click Next
- Click Next
- Select “Certification authority Web enrollment” and click Next
30
PNETLAB Store
PNETLab.com
- Leave it as Standalone and click Next
- Leave it as Root CA and click Next
- Leave “Create a new private key” and click Next

31
PNETLAB Store
PNETLab.com
- Leave the default for the Cryptography for CA and click Next
32
PNETLAB Store
PNETLab.com
- Set the Common name as PNETLAB-CA and click Next
- Leave the default for the Validity Period and click Next
33
PNETLAB Store
PNETLab.com
- Click Next ➔ Install
Task 2 Install WinSCP

- Download WinSCP in this link: https://winscp.net/eng/download.php
- Double-click the WinSCP installation file
- Do a Default installation
34
PNETLAB Store
PNETLab.com
Lab 3- Initializing vManage -CLI

Task 1- Configuring the System Component
- Configure the System parameters based on the following:
o Hostname: vManage1
o Organization: "viptela sdwan"
o System-IP: 100.1.1.12
o SiteID: 1
o Vbond Address: 100.1.1.4
o Timezone: based on the appropriate Timezone
Note:
- Default username: admin, default password:admin
Then log in with admin/admin
vManage
config
!
system
host-name vManage1
system-ip 100.1.1.12
site-id 1
organization-name "viptela sdwan"
clock timezone America/Antigua
vbond 100.1.1.4
!
commit
Task 2- Configured the VPN parameters

- Configure the VPN parameters based on the following:
o Vpn0
▪ Interface eth1
▪ IP address: 100.1.1.2/24
▪ Tunnel Interface
▪ Tunel Services (All, NetConf, SSHD)
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.2/24
35
PNETLAB Store
PNETLab.com
vManage
config
!
vpn 0
no interface eth0
interface eth1
ip address 100.1.1.2/24
tunnel-interface
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.2/24
no shut
!
commit
36
PNETLAB Store
PNETLab.com
Lab 4- Initializing vManage – GUI

Task 1- Organization name & vBond Address
- Login into the vManage from the Server by browsing to https://192.168.100.2:8443 using
username of admin and password of admin
- Navigate to Administration -> Settings

- Click Edit on the Organization name and set it to "viptela sdwan". Confirm the
Organization name. Click OK.
- Click Edit on the vBond address and change it to 100.1.1.4. Confirm and click OK.
Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root
Certificate.
- Browse to http://100.1.1.5/certsrv
- Click “Download Root Certificate”.
37
PNETLAB Store
PNETLab.com
- Select “Base 64”.

- Click “Download CA Certificate”.
38
PNETLAB Store
PNETLab.com
- Open Explorer and navigate to the downloads folder.

- Change the name of the Downloaded file “Certnew” to “RootCert”.
39
PNETLAB Store
PNETLab.com
- Open the “RootCert.cer” file using Notepad.

- Copy using CTRL-A and CTRL-C.
40
PNETLAB Store
PNETLab.com
- In vManage, Navigate to Administration ➔ Settings ➔ Controller Certiticate

Authorization.
- Change the “Certificate Signing by:” to “Enterprise Root Certificate”.
- Paste the RootCert.cer that you had copied by using CTRL-V.
41
PNETLAB Store
PNETLab.com
- Set the CSR Parameters with the Organization name, City, State, Country. Set the
Time to 3 Years and save.
42
PNETLAB Store
PNETLab.com
Note: with sdwan version 20, You must uncheck “Set CSR Properties” due to the bug on the version
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp75927
43
PNETLAB Store
PNETLab.com
Task 3- Generate a CSR for vManage

- Navigate to Configuration -> Certificates -> Controllers -> vManage -> Generate CSR
- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C
44
PNETLAB Store
PNETLab.com
45
PNETLAB Store
PNETLab.com
Task 4 – Request a Certificate from the CA Server

- Browser to http://192.168.1.5/certsrv
- Click “Request a Certificate”
- Select “Advanced”
46
PNETLAB Store
PNETLab.com
- Paste the CSR in the box by using CTRL-V and click submit
47
PNETLAB Store
PNETLab.com
48
PNETLAB Store
PNETLab.com
Task 5 – Issue the Certificate from the CA Server

- Open Server Manager ➔ Roles ➔ Active Directory Certificate Server ➔ PNETLAB-CA ➔
Pending Request.
- Right-click the request ➔ more action ➔ all tasks and click “Issue”
49
PNETLAB Store
PNETLab.com
Task 6- Downloading the Issueed Certificate

- Click “Check on Pending Certificate Request”
- The issued certificate link will show up. Click on the link
50
PNETLAB Store
PNETLab.com
- Select “Base 64” and click “Download”
51
PNETLAB Store
PNETLab.com
- Open explorer and navigate to the downloads folder.

- Change the name of the Downloaded file “Certnew” to “vManage”
52
PNETLAB Store
PNETLab.com
- Open the “vManage.cer” file using Notepad

- Copy using CTRL-A and CTRL-C
53
PNETLAB Store
PNETLab.com
54
PNETLAB Store
PNETLab.com
Task 7- Installing the Identity Certificate for vManage

- In vManage, Navigate to Configuration ➔ Certificate ➔ Controller
- Click on the “install” button at the top right corner
- Paste the Certificate (CTRL-V) and Install
55
PNETLAB Store
PNETLab.com
- The identity certificate should be installed on vManage
56
PNETLAB Store
PNETLab.com
57
PNETLAB Store
PNETLab.com
Lab 5- Initializing vBond – CLI

Task 1- Configuring the System component
o Hostname: vBond1
o System-IP: 100.1.1.14
o Site ID: 1
o vbond Address: 100.1.1.4
o Timezone: based on the appropriate timezone
Note:
Default username: admin, default password: admin
vBond
config
!
system
host-name vBond1
site-id 1
vbond 100.1.1.4 local
!
commit
Task 2 – Configure the vpn parameters

o Vpn 0
▪ Interface ge0/0
▪ Ip address: 100.1.1.4/24
▪ Tunnel interface
▪ Tunnel Services (all, Netconf, sshhd)
▪ Encapsulation: IPSec
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.4
vBond
config
!
vpn 0
no interface eth0
58
PNETLAB Store
PNETLab.com
interface ge0/0
ip address 100.1.1.4/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.4/24
no shut
!
commit
59
PNETLAB Store
PNETLab.com
Lab 6- Initializing vBond -GUI

Task 1 – Add vBond to vManage
- Navigate to Configuration ➔ Devices ➔ Controllers ➔ Add Controllers – vBond and specify the
following to add the vBond in vManage.
o IP Address: 100.1.1.4
o Username: admin
o Password: admin
o Check Generate CSR
o Click OK
60
PNETLAB Store
PNETLab.com
Task 2 – View the generated CSR for vBond and copy it

- Navigate to Configuration ➔ Certificates ➔ Controllers ➔ vBond ➔ view CSR
- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C
61
PNETLAB Store
PNETLab.com
62
PNETLAB Store
PNETLab.com
Task 3- Request a certificate from the CA Server

63
PNETLAB Store
PNETLab.com
- Paste the CSR in the box by using CTRL-V and click Submit
64
PNETLAB Store
PNETLab.com
65
PNETLAB Store
PNETLab.com

Pending Request.
66
PNETLAB Store
PNETLab.com
Task 5- Downloading the Issued Certificate

67
PNETLAB Store
PNETLab.com
68
PNETLAB Store
PNETLab.com

- Change the name of the Downloaded file “Certnew” to “vBond”
69
PNETLAB Store
PNETLab.com
- Open the vBond.cer file using Notepad

70
PNETLAB Store
PNETLab.com
71
PNETLAB Store
PNETLab.com

- In vManage, Navigate to Configuration ➔ Certificates ➔ Controllers
- Click on the “Install Certificate” button at the top right corner
- Paste the Certificate (CTRL-V).
72
PNETLAB Store
PNETLab.com
- The Identity certificate should be installed for vBond and pushed to it.
73
PNETLAB Store
PNETLab.com
74
PNETLAB Store
PNETLab.com
Lab 7 – Initializing vSmart – CLI

Task 1 - Configuring the System Component
o Host-name : vSmart1
o System-IP: 100.1.1.13
o Site ID: 1
o Timezone: Based on the appropriate Timezone
Note: Default username: admin Default password: admin
VSmart
config
!
system
host-name vSmart1
site-id 1
vbond 100.1.1.4
!
commit
Task 2 – Configured the vpn parameters

o vpn 0
▪ Interface Eth1
▪ IP Address: 100.1.1.3/24
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 100.1.1.1
o vpn 512
▪ Interface eth0
▪ IP Address: 192.168.100.3/24
vSmart
config
!
vpn 0
no interface eth0
interface eth1
ip address 100.1.1.3/24
tunnel-interface
75
PNETLAB Store
PNETLab.com
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.3/24
no shut
!
commit
76
PNETLAB Store
PNETLab.com
Lab 8 – Initializing vSmart – GUI

Task 1- Add vSmart to vManage
- Navigate to Configuration ➔ Devices ➔ Controllers ➔ Add Controllers ➔ vSmart and
specify the following to add the vBond in vManage.
o IP Address: 100.1.1.3
o Username: Admin
o Password: Admin
o Check Generate CSR
o Click OK
77
PNETLAB Store
PNETLab.com
Task 2 – View the generated CSR for vSmart and Copy it

- Navigate to Configuration ➔ Certificates ➔ Controllers ➔ vSmart ➔ View CSR
- It will open a window with CSR. Copy by using CTRL-A and CTRL-C
78
PNETLAB Store
PNETLab.com
79
PNETLAB Store
PNETLab.com
Task 3 – Request a Certificate from the CA Server

80
PNETLAB Store
PNETLab.com
- Paste the CSR in the box by using CTRL-V and click Submit
81
PNETLAB Store
PNETLab.com
82
PNETLAB Store
PNETLab.com

Pending Request.
83
PNETLAB Store
PNETLab.com
Task 5- Downloading the Issued Certificate

84
PNETLAB Store
PNETLab.com
85
PNETLAB Store
PNETLab.com

- Change the name of the Downloaded file “Certnew” to “vSmart”
86
PNETLAB Store
PNETLab.com
- Open the vBond.cer file using Notepad

87
PNETLAB Store
PNETLab.com
88
PNETLAB Store
PNETLab.com

- In vManage, Navigate to Configuration ➔ Certificates ➔ Controllers
- Click on the “Install Certificate” button at the top right corner
- Paste the Certificate (CTRL-V).
89
PNETLAB Store
PNETLab.com
- The Identity certificate should be installed for vSmart and pushed to it.
90
PNETLAB Store
PNETLab.com
91
PNETLAB Store
PNETLab.com
Lab 9 – initializing vEdge – CLI

Note:
Before doing this lab, please note that vedge have bug related to resolve the next-hop on vpn0. So
sometime, vmanage cant reach to vedge ➔ You must flap Ge0/0 or Ge0/1 interface.
Task 1 – Upload the WAN Edge List

- On the vManage Main windows, Naviagte to Configuration ➔ Devices. Click on “Upload WAN
Edge List”.
- Select the file you downloaded from Section: HOW TO SETUP LAB > Link to download lab and
Setup > 2. How to setup and practice lab > licensing on SD-WAN Devices. Upload it and check
the Validate option.
92
PNETLAB Store
PNETLab.com
93
PNETLAB Store
PNETLab.com
94
PNETLAB Store
PNETLab.com
vEDGE-1
Task 1 – Configuring the System Component
o Host-name : vEdge1
o System-IP: 119.1.1.21
o Site ID: 1
o Timezone: clock timezone America/Antigua
95
PNETLAB Store
PNETLab.com
vEdge1
config
system
host-name vEdge1
site-id 1
vbond 100.1.1.4
commit

o vpn 0
▪ Interface ge0/0
▪ IP Address: 119.1.1.1/24
▪ Encapsulation IPSec
o vpn 512
▪ Interface eth0
▪ IP Address: DHCP Client
vEdge1
config
vpn 0
no interface eth0
interface ge0/0
ip address 119.1.1.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 119.1.1.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit
96
PNETLAB Store
PNETLab.com
vEDGE-2
o System-IP: 118.1.2.22
o Site ID: 2
vEdge2
config
system
host-name vEdge2
site-id 2
vbond 100.1.1.4
commit

o vpn 0
▪ Interface ge0/0
▪ IP Address: 118.1.2.1/24
o vpn 512
▪ Interface eth0
vEdge2
config
vpn 0
no interface eth0
interface ge0/1
ip address 118.1.2.1/24
tunnel-interface
encapsulation ipsec
97
PNETLAB Store
PNETLab.com
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.2.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
!
commit
vEDGE-3
o System-IP: 118.1.3.23
o Site ID: 3
o Note: Default username: admin Default password: admin
vEdge3
config
!
system
host-name vEdge3
site-id 3
vbond 100.1.1.4
!
commit

- vpn 0
o Interface ge0/1
o IP Address: 118.1.3.1/24
o Tunnel Interface
o Encapsulation IPSec
o Tunnel Services (All, NetConf, SSHD)
98
PNETLAB Store
PNETLab.com
o Default Route: 118.1.3.2

- vpn 512
o Interface eth0
o IP Address: DHCP Client
vEdge3
config
vpn 0
no interface ge0/0
interface ge0/1
ip address 118.1.3.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.3.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit
vEDGE-4
o System-IP: 118.1.5.25
o Site ID: 4
vEdge4
config
system
host-name vEdge4
site-id 4
vbond 100.1.1.4
99
PNETLAB Store
PNETLab.com
commit

o vpn 0
▪ Interface ge0/0
▪ IP Address: 118.1.4.1/24
o vpn 512
▪ Interface eth0
vEdge4
config
vpn 0
no interface ge0/0
interface ge0/1
ip address 118.1.4.1/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service sshd
no shut
ip route 0.0.0.0/0 118.1.4.2
vpn 512
interface eth0
ip dhcp-client
no shutdown
commit
100
PNETLAB Store
PNETLab.com
Lab 10 – Registering vEdges in vManage

vEDGE-1
Task 1- Upload the Root Certificate to the vEdge
- On the Windows Server, open WINSCP application.
- Connect to vEdge1 using the following information:
o IP Address : 119.1.1.1
o Protocol - SFTP
o Username : admin
o Password : admin
- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the vEdge1
101
PNETLAB Store
PNETLab.com
Task 2- Install the Root Certificate on vEdge1

- Connect to the console of vEdge1 and issue the following command:
vEdge1:
request root-cert-chain install /home/admin/RootCert.cer
Log install successfully as bellow:
vEdge1# request root-cert-chain install /home/admin/RootCert.cer

Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCert.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain
102
PNETLAB Store
PNETLab.com
Task 3- Active vEdge on vManage

- Navigate to Configuration ➔ Devices
- Note and use the Chassis Number and Token Number for the list vEdge from vManage
- Use the information from the previous step in the following command on the vEdge1 console.
vEdge1
Request vedge-cloud activate chassis-number <chassis number> <token>
- We can check after adding finish
103
PNETLAB Store
PNETLab.com
vEDGE-2
Task 1 – Upload the Root Certificate to the vEdge
o Protocol - SFTP
o Username : admin
o Password : admin
104
PNETLAB Store
PNETLab.com
- Copy the RootCert.cer file from the Downloads folder to the: /home/admin folder on the
vEdge2
105
PNETLAB Store
PNETLab.com

vEdge2:

106
PNETLAB Store
PNETLab.com

- Note and use the Chassis Number and Token number for the 2nd vEdge from vManage.
- Use the information from the previous step in the following command on the vEdge2 console
request vedge-cloud activate chassis-number XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX token
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- You should see the vEdge in the vManage console with a Certificate issued.
107
PNETLAB Store
PNETLab.com
vEDGE-3
o Protocol - SFTP
o Username : admin
o Password : admin
108
PNETLAB Store
PNETLab.com
vEdge3
109
PNETLAB Store
PNETLab.com

vEdge3:

110
PNETLAB Store
PNETLab.com

111
PNETLAB Store
PNETLab.com
vEDGE-4
o Protocol - SFTP
o Username : admin
o Password : admin
112
PNETLAB Store
PNETLab.com
vEdge4
113
PNETLAB Store
PNETLab.com

vEdge4:

114
PNETLAB Store
PNETLab.com

115
PNETLAB Store
PNETLab.com
116
PNETLAB Store
PNETLab.com
Lab 11 – Initializing cEdge – CLI

cEDGE-1
o Host-name : cEdge5
o System-IP: 118.1.5.25
o Site ID: 5
cEdge1
config-transaction
hostname cEdge1
system
site-id 5
vbond 100.1.1.4
exit
commit
Task 2 – Configure the Interface and Tunnel Parameters

- Configure the Interface parameters based on the following:
o GigabitEthernet1 Parameters
▪ IP Address: 118.1.5.1/24
o Tunnel Parameters Parameters
▪ Tunnel Interface: Tunnel1
▪ Tunnel Source: GigabitEthernet1
▪ Tunnel Mode: SDWAN
o SDWAN Interface Parameters
▪ Interface: GigabitEthernet1
▪ Color: default
117
PNETLAB Store
PNETLab.com
cEdge1:
cEdge1
config-transaction
interface GigabitEthernet1
no shutdown
ip address 118.1.5.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 118.1.5.2
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color default
allow-service all
allow-service sshd
exit
exit
commit
118
PNETLAB Store
PNETLab.com
Lab 12 – Registering cEdges in vManage

cEDGE-1
Task 1 – Upload the Root Certificate to the cEdge
- Open the TFTP Application on the Windows Server.
- Configure the Default Folder as the Downloads Folder and using the 100.1.1.5 as the TFTP
Interface.
- Connect to the console of cEdge1 and copy the RootCert.cer file to flash: using the following
command: copy tftp://100.1.1.5/RootCert.cer flash:
119
PNETLAB Store
PNETLab.com
Task 2 – Install the Root Certificate on cEdge1

Connect to the console of cEdge1 and issue the following command: request platform software sdwan
root-cert-chain install bootflash:RootCert.cer
120
PNETLAB Store
PNETLab.com
Task 3 - Activate cEdge on vManage

- Navigate to Configuration -> Devices
- Note and use the Chassis Number and Token number for the 1st CSR Device from vManage.
- Use the information from the previous step in the following command on the cEdge1 console.
request platform software sdwan vedge_cloud activate chassis-number CSR-XXXXXXXX-XXXX-XXXX-

XXXXXXXXXXXXXXXX token XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- You should see the vEdge in the vManage console with a Certificate issued
121
PNETLAB Store
PNETLab.com
122
PNETLAB Store
PNETLab.com
Lab 13 – Configuring Feature Template –System

Task 1 – Configure the System Template to be used by all vEdgeCloud Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Basic
Information ➔ System
o Template Name: VE-System
o Description: VE-System
o Site ID ➔ Device Specific
o System IP ➔ Device Specific
o Hostname ➔ Device Specific
o Timezone ➔ Global: America/Antigua
o Console Baud Rate ➔ 9600
- Click Save to save the Template.
123
PNETLAB Store
PNETLab.com
Task 2 – Configure the System Template to be used by all cEdgeCloud Devices

- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR 1000v ➔ Basic
Information ➔ Cisco System
o Template Name : CE-System
o Description: CE-System
o Timezone ➔ Global : America/Antigua
o Console Baud Rate ➔ 9600
124
PNETLAB Store
PNETLab.com
125
PNETLAB Store
PNETLab.com
Task 3 – Configure the System Template to be used by all vSmart Device

- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Basic
Information ➔ System
o Template Name : Vsmart-System
o Description : Vsmart-System
o Timezone ➔ Global : America/Antigua
126
PNETLAB Store
PNETLab.com
127
PNETLAB Store
PNETLab.com
Lab 14 – Configuring Feature Template –Banner

Task 1 – Configure the Banner Template to be used by all vEdgeCloud Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ OTHER
TEMPLETES ➔ Banner
- Configure the Banner parameters based on the following:
o Template Name : VE-Banner
o Description : VE-Banner
o Login Banner: PNETLAB Authorized Users Only !!!
o MOTD: Welcome To SD-PNETLAB !!!
128
PNETLAB Store
PNETLab.com
Task 2 – Configure the Banner Template to be used by all cEdgeCloud Devices

- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR 1000v ➔ OTHER
TEMPLETES ➔ Cisco Banner
- Configure the Banner parameters based on the following:
o Template Name: CE-Banner
o Description: CE-Banner
o Banner: PNETLAB Authorized Users Only !!!
o MOTD: Welcome To SD-PNETLAB !!!
129
PNETLAB Store
PNETLab.com
130
PNETLAB Store
PNETLab.com
Lab 15 - Configuring Feature Templates -VPN & VPN Interfaces for VPN 0
& 512 ––Branch Site(vEdges)
Task 1 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔ VPN
o Template Name: BR-VE-VPN-VPN0
o Description: BR-VE-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global: Transport VPN
IPv4 Route
o Prefix ➔ Global: 0.0.0.0/0
o Next Hop ➔ Device Specific
131
PNETLAB Store
PNETLab.com
132
PNETLAB Store
PNETLab.com
Task 2 – Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
512
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ VPN ➔
VPN
Basic Configuration
o VPN ➔ Global: 512
o Name ➔ Global: MGMT VPN
133
PNETLAB Store
PNETLab.com
134
PNETLAB Store
PNETLab.com
Task 3 – Configure a VPN Interface Template to be used by all Branch vEdge-Cloud

Devices for VPN 0 for Interface G0/0
Interface Ethernet
o Template Name: BR-VE-VPNINT-VPN0-G0
o Description: BR-VE-VPNINT-VPN0-G0
Basic Configuration
o Shutdown ➔ Global: No
o Interface Name ➔ Global: Ge0/0
o IPv4 Address ➔ Static ➔ Device Specific
Tunnel
o Tunnel Inteface ➔ Global: On
o Color ➔ Global: MPLS
Allow Service
o All ➔ Global: On
135
PNETLAB Store
PNETLab.com
o NETCONF ➔ Global: On
o SSH ➔ Global: On
136
PNETLAB Store
PNETLab.com

Devices for VPN 0 for Interface G0/1
VPN Interface Ethernet
Basic Configuration
Tunnel
o Color ➔ Global: BIZ-Internet
Allow Service
137
PNETLAB Store
PNETLab.com
138
PNETLAB Store
PNETLab.com
139
PNETLAB Store
PNETLab.com

Devices for VPN 512 for Interface Eth0
Interface Ethernet
o Template Name: BR-VE-VPNINT-VPN512-Eth0
o Description: BR-VE-VPNINT-VPN512-Eth02
Basic Configuration
o Shutdown -> Global: No
o Interface Name -> Global: Eth0
o IPv4 Address -> Dynamic
- Click Save to save the Template
140
PNETLAB Store
PNETLab.com
141
PNETLAB Store
PNETLab.com
142
PNETLAB Store
PNETLab.com
Lab 16 - Configuring Feature Templates –External Routing - OSPF for

VPN 0 –Branch Site (vEdges)
Task 1 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN
0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vEdge Cloud ➔ Other
Templates ➔ OSPF
- Configure the OSPF parameters based on the following:
o Template Name: BR-VE-OSPF-VPN0
o Description: BR-VE-OSPF-VPN0
Area Configuration
o Area Number ➔ Global: 0
o Area Type ➔ Default
o Interface Name: Ge0/0
Advanced
o OSPF Network Type: Point-to-Point
- Click Add to add the Interface and Click Add to add OSPF.
143
PNETLAB Store
PNETLab.com
144
PNETLAB Store
PNETLab.com
145
PNETLAB Store
PNETLab.com
Lab 17 - Configuring and Deploying Device Templates for vEdge – Branch

Site(vEdge2)
Task 1 – Configure a Device Template for Branch vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vEdge
Cloud
- Configure the Device Template based on the following:
o Template Name: BR-VE-TEMP
o Description: BR-VE-TEMP
Basic Information
o System ➔ VE-System
Transport & Management
o VPN 0: BR-VE-VPN-VPN0
o VPN Interface: BR-VE-VPNINT-VPN0-G0
o OSPF: BR-VE-OSPF-VPN0
o VPN Interface: BR-VE-VPNINT-VPN512-Eth0
- Click Create to save the Template.
146
PNETLAB Store
PNETLab.com
147
PNETLAB Store
PNETLab.com
148
PNETLAB Store
PNETLab.com
Task 2 – Attach vEdge2 to the Device Template

- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP.
- Click on “…” towards the right-hand side.
- Click Attach Devices.
- Select vEdge2 and click the “➔“ button.
- Click Attach.
149
PNETLAB Store
PNETLab.com
Task 3 – Configure the Variable Parameters for the Feature Templates

- vEdge2 will appear in the window.
- Click Edit Device Template.
- Configure the variables based on the following:
o Default Gateway for VPN0: 118.1.2.2
o Interface IP for Ge0/1: 118.1.2.1/24
o Hostname: vEdge-2
o System IP: 118.1.2.22
o Site ID: 2
- Click Update.
- Verify the Configuration & Click Configure Devices.
- Wait for it to update the device. It should come back with Status of Success.
- Verify the configuration on vEdge2. You can do that by verify OSPF Neighbor relationship with
the MPLS Router by issuing the Show ospf neighbor command on vEdge2.
150
PNETLAB Store
PNETLab.com
- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the MPLS
Router.
151
PNETLAB Store
PNETLab.com
152
PNETLAB Store
PNETLab.com
153
PNETLAB Store
PNETLab.com
154
PNETLAB Store
PNETLab.com
Lab 18 - Configuring Internal Routing Protocols on the Internal Routing

Devices – HQ & All Branches
Site-1
Interface IP address Mask

E 0/0 172.171.1.2 255.255.255.0
Loopback1 192.168.11.1 255.255.255.0
Loopback2 192.168.12.1 255.255.255.0
Loopback3 192.168.13.1 255.255.255.0
Site-2
Interface IP Address Subnet Mask
E 0/0 172.172.1.2 255.255.255.0
Loopback1 192.168.21.1 255.255.255.0
Loopback2 192.168.22.1 255.255.255.0
Loopback3 192.168.23.1 255.255.255.0
Loopback4 192.168.234.2 255.255.255.255
Site-3
E 0/0 172.173.1.2 255.255.255.0
Loopback1 192.168.31.1 255.255.255.0
Loopback2 192.168.32.1 255.255.255.0
Loopback3 192.168.33.1 255.255.255.0
Loopback4 192.168.234.3 255.255.255.255
Site-4
E 0/0 172.174.1.2 255.255.255.0
Loopback1 192.168.41.1 255.255.255.0
Loopback2 192.168.42.1 255.255.255.0
Loopback3 192.168.43.1 255.255.255.0
Loopback4 192.168.234.4 255.255.255.255
Site-5
E 0/0 172.175.1.2 255.255.255.0
Loopback1 192.168.51.1 255.255.255.0
Loopback2 192.168.52.1 255.255.255.0
Loopback3 192.168.53.1 255.255.255.0
155
PNETLAB Store
PNETLab.com
Task 1 – Internal Site Router Configurations

- Configure OSPF as the IGP to communicate with the vEdge/cEdge devices. Enable all the
interfaces under OSPF.
- Configure the Loopback Interfaces as OSPF Network Point-to-point Interfaces.
Site-1
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-1
!
Interface E 0/0
ip address 172.171.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.11.1 255.255.255.0
!
Interface Loopback2
ip address 192.168.12.1 255.255.255.0
!
Interface Loopback3
ip address 192.168.13.1 255.255.255.0
!
router ospf 1
network 172.171.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
Site-2
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-2
!
Interface E 0/0
ip address 172.172.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.21.1 255.255.255.0
156
PNETLAB Store
PNETLab.com

!
Interface Loopback2
ip address 192.168.22.1 255.255.255.0
!
Interface Loopback3
ip address 192.168.23.1 255.255.255.0
!
Interface Loopback4
ip address 192.168.234.2 255.255.255.255
!
router ospf 1
network 172.174.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
Site-3
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-3
!
Interface E 0/0
ip address 172.173.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.31.1 255.255.255.0
!
Interface Loopback2
ip address 192.168.32.1 255.255.255.0
!
Interface Loopback3
ip address 192.168.33.1 255.255.255.0
!
Interface Loopback4
ip address 192.168.234.3 255.255.255.255
!
router ospf 1
network 172.173.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
157
PNETLAB Store
PNETLab.com
Site-4
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-4
!
Interface E 0/0
ip address 172.174.1.2 255.255.255.0
no shut
Interface Loopback1
ip address 192.168.41.1 255.255.255.0
!
Interface Loopback2
ip address 192.168.42.1 255.255.255.0
!
Interface Loopback3
ip address 192.168.43.1 255.255.255.0
!
Interface Loopback4
ip address 192.168.234.4 255.255.255.255
!
router ospf 1
network 172.174.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
Site-5
no ip domain-loo
line con 0
logg sync
no exec-timeout
!
Hostname Site-5
!
Interface E0/0
ip address 172.175.1.2 255.255.255.0
no shut
!
Interface Loopback1
ip address 192.168.51.1 255.255.255.0
158
PNETLAB Store
PNETLab.com

!
Interface Loopback2
ip address 192.168.52.1 255.255.255.0
!
Interface Loopback3
ip address 192.168.53.1 255.255.255.0
!
router ospf 1
network 172.175.1.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
159
PNETLAB Store
PNETLab.com
Lab 19 - Configuring Feature Templates –Service VPN – VPN, VPN

Interface and Internal Routing – Branch Site (vEdges)
Task 1 - Configure a VPN Template to be used by all Branch vEdgeCloud Devices for VPN
1
VPN
Basic Configuration
o VPN ➔ Global: 1
o Name ➔ Global: Data VPN
160
PNETLAB Store
PNETLab.com

devices for VPN 1 for Interface G0/2
Basic Configuration
161
PNETLAB Store
PNETLab.com
162
PNETLAB Store
PNETLab.com
Task 3 – Configure a OSPF Template to be used by all Branch vEdgeCloud Devices for VPN
1
Templates ➔ OSPF
o Template Name: BR-VE-OSPF-VPN1
o Description: BR-VE-OSPF-VPN1
Redistribution
o Protocol: OMP
- Area Configuration
o Area Number ➔ Global : 0
o Interface Name: Ge0/2
163
PNETLAB Store
PNETLab.com
164
PNETLAB Store
PNETLab.com
Lab 20 - Implementing a Service VPN using Templates – Branch Site

(vEdge2)
Task 1 – Edit the BR-VE-TEMP Device Template for Branch vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP ➔ “…” ➔ Edit
- Edit the BR-VE-TEMP Device Template based on the following:
Service VPN
o OSPF: BR-VE-OSPF-VPN1

- Click on “…” towards the right-hand side & click Edit Device Template.
165
PNETLAB Store
PNETLab.com

- Click Update.
the Site-2 Router by issuing the Show ospf neighbor command on vEdge2.
- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the Internal Site
Router.
166
PNETLAB Store
PNETLab.com
167
PNETLAB Store
PNETLab.com
Lab 21 - Pushing Template to configure other Branch Sites - – Branch

Site(vEdge3 & vEdge4)
Task 1 – Attach the BR-VE-TEMP Device Template for Branch vEdge Devices
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRVE-TEMP ➔ “…” ➔ Attach
Devices.
- Select vEdge3 & vEdge4 and click the “➔“ button.
- Click Attach.
- vEdge3 & vEdge4 will appear in the window.
- Click on “…” towards the right-hand side for both devices, one at a time click Edit Device
Template.
vEdge-3
o Interface IP for ge0/2: 172.173.1.1/24
o Hostname: vEdge-3
o System IP: 118.1.3.23
o Site ID: 3
- Click Update.
vEdge-4
o Hostname: vEdge-4
o System IP: 118.1.4.24
o Site ID: 4
- Click Update.
- Verify the configuration on vEdge3 & vEdge4. You can do that by verify OSPF Neighbor
relationship with the Internal Site Router by issuing the Show ospf neighbor command on the
vEdges.
- Type Show Ip route on Internal Site Routers to verify that you are receiving OSPF routes from
the other Sites.
- Verify reachability between the sites by Pinging the Internal Loopback to Loopback networks.
168
PNETLAB Store
PNETLab.com
169
PNETLAB Store
PNETLab.com
170
PNETLAB Store
PNETLab.com
171
PNETLAB Store
PNETLab.com
Lab 22 – Configuring Feature Templates for HQ-Site(vEdge1) – VPNs,

VPN Interfaces, External & Internal Routing
VPN 0
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 0
VPN
o Template Name: HQ-VE-VPN-VPN0
o Description: HQ-VE-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
IPv4 Route
172
PNETLAB Store
PNETLab.com
173
PNETLAB Store
PNETLab.com
Task 2 – Configure a VPN Interface Template to be used by HQ vEdge-Cloud Devices for

VPN 0 for Interface G0/0
Interface Ethernet
o Template Name: HQ-VE-VPNINT-VPN0-G0
o Description: HQ-VE-VPNINT-VPN0-G0
Basic Configuration
o Shutdown ➔ Global : No
o Interface Name ➔ Global: ge0/0
Tunnel
o Tunnel Interface ➔ Global: On
o Color ➔ Default
Allow Service
174
PNETLAB Store
PNETLab.com
Task 3 – Configure a BGP Template to be used by HQ vEdge-Cloud Devices for VPN 0

Templates ➔ BGP
- Configure the BGP parameters based on the following:
o Template Name: HQ-VE-BGP-VPN0
o Description: HQ-VE-BGP-VPN0
- Basic Configuration
o AS Number ➔ Global: 65001
- Neighbor
o Address ➔ Global: 119.1.1.2
o Remote AS ➔ Global: 65001
o Address Family ➔ Global: On
o Address Family ➔ Global: IPv4-Unicast
175
PNETLAB Store
PNETLab.com
- Click Add to add the Interface and Click Add to add BGP Neighbor.
176
PNETLAB Store
PNETLab.com
177
PNETLAB Store
PNETLab.com
VPN 512
Task 1 – Configure a VPN Template to be used by HQ vEdge-Cloud Devices for VPN 512
Basic Configuration
o VPN ➔ Global: 512
o Name ➔ Global: MGMT VPN
178
PNETLAB Store
PNETLab.com
179
PNETLAB Store
PNETLab.com

VPN 512 for Interface Eth0
Interface Ethernet
o Template Name: HQ-VE-VPNINT-VPN512-E0
o Description: HQ-VE-VPNINT-VPN512-E0
Basic Configuration
o Interface Name ➔ Global: eth0
o IPv4 Address ➔ Dynamic
180
PNETLAB Store
PNETLab.com
181
PNETLAB Store
PNETLab.com
VPN 1
Task 1 – Configure a VPN Template for HQ vEdge-Cloud Devices for VPN 1
Basic Configuration
o VPN ➔ Global: 1
o Name ➔ Global: Data VPN
182
PNETLAB Store
PNETLab.com
183
PNETLAB Store
PNETLab.com

VPN 1 for Interface G0/2
Interface Ethernet
o Template Name: HQ-VE-VPNINT-VPN1-G2
o Description: HQ-VE-VPNINT-VPN1-G2
Basic Configuration
o Interface Name ➔ Global: ge0/2
184
PNETLAB Store
PNETLab.com
185
PNETLAB Store
PNETLab.com
Task 3 – Configure a OSPF Template to be used by HQ vEdge-Cloud Devices for VPN 1

Templates ➔ OSPF
- Configure the OSPF parameters based on the following
o Template Name: HQ-VE-OSPF-VPN1
o Description: HQ-VE-OSPF-VPN1
Redistribution
o Protocol: OMP
- Area Configuration
o Interface Name: ge0/2
186
PNETLAB Store
PNETLab.com
187
PNETLAB Store
PNETLab.com
Lab 23 - Configuring Device Templates for HQ-Site(vEdge1) to deploy

VPN 0, 1 and 512.
Task 1 – Configure a Device Template for HQ vEdge Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vEdge
Cloud
o Template Name: HQ-VE-TEMP
o Description: HQ-VE-TEMP
Basic Information
o System ➔ VE-System
o VPN 0: HQ-VE-VPN-VPN0
o VPN Interface: HQ-VE-VPNINT-VPN0-G0
o BGP: HQ-VE-BGP-VPN0
o VPN Interface: HQ-VE-VPNINT-VPN512-E0
Service VPN
o VPN Interface: HQ-VE-VPNINT-VPN1-G2
o OSPF: HQ-VE-OSPF-VPN1
188
PNETLAB Store
PNETLab.com
189
PNETLAB Store
PNETLab.com
Task 2 – Attach vEdge1 to the Device Template

- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ HQ-VE-TEMP.
- Select vEdge1 and click the “➔“ button.
- Click Attach.
190
PNETLAB Store
PNETLab.com

o Interface IP for ge0/2:172.171.1.1/24
o Interface IP for ge0/0:119.1.1.1/24
o Hostname: vEdge-1
o System IP: 119.1.1.21
o Site ID: 1
- Click Update.
the Internal Router by issuing the Show ospf neighbor command on vEdge1.
191
PNETLAB Store
PNETLab.com
- Type Show Ip route on vEdge2 to verify that you are receiving OSPF routes from the MPLS
Router.
the other Sites.
192
PNETLAB Store
PNETLab.com
193
PNETLAB Store
PNETLab.com
194
PNETLAB Store
PNETLab.com
195
PNETLAB Store
PNETLab.com
196
PNETLAB Store
PNETLab.com
197
PNETLAB Store
PNETLab.com
Lab 24 – Configuring Feature Templates for CSR – VPNs, VPN Interfaces,

External & Internal Routing
VPN 0
Task 1 – Configure a VPN Template by CSR for VPN 0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ Cisco
VPN
o Template Name: BR-CSR-VPN-VPN0
o Description: BR-CSR -VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
IPv4 Route
198
PNETLAB Store
PNETLab.com
GigabitEthernet1
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ VPN
Interface Ethernet
o Template Name: BR-CSR-VPNINT-VPN0-G1
o Description: BR-CSR-VPNINT-VPN0-G1
Basic Configuration
o Interface Name ➔ Global: GigabitEthernet1
Tunnel
o Color ➔ Default
Allow Service
199
PNETLAB Store
PNETLab.com
200
PNETLAB Store
PNETLab.com
GigabitEthernet3
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ VPN ➔ VPN
Interface Ethernet
o Template Name: BR-CSR-VPNINT-VPN0-G3
o Description: BR-CSR-VPNINT-VPN0-G3
- Tunnel
o Tunnel Interface ➔ Global: On
o Color ➔ MPLS
- Allow Service
o All ➔ Global : On
201
PNETLAB Store
PNETLab.com
o NETCONF ➔ Global : On
o SSH ➔ Global : On
202
PNETLAB Store
PNETLab.com
Task 4 – Configure a OSPF Template to be used by CSR for VPN 0

- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ Other
Templates ➔ Cisco OSPF
o Template Name: BR-CSR-OSPF-VPN0
o Description: BR-CSR-OSPF-VPN0
Area Configuration
o Interface Name: GigabitEthernet3
o OSPF Network Type: Point-to-Point
203
PNETLAB Store
PNETLab.com
VPN 512
Task 1 – Configure a VPN Template to be used by CSR for VPN 512
VPN
- o Template Name : BR-CSR-VPN-VPN512
- o Description : BR-CSR-VPN-VPN512
- o VPN ➔ Global : 512
- o Name ➔ Global : MGMT VPN
204
PNETLAB Store
PNETLab.com
205
PNETLAB Store
PNETLab.com
GigabitEthernet4
o Template Name : BR-CSR-VPNINT-VPN512-G4
o Description : BR-CSR-VPNINT-VPN512-G4
Basic Configuration
o IPv4 Address ➔ Dynamic
206
PNETLAB Store
PNETLab.com
207
PNETLAB Store
PNETLab.com
VPN 1
Task 1 – Configure a VPN Template for CSR for VPN 1
VPN
o Template Name : BR-CSR-VPN-VPN1
o Description : BR-CSR-VPN-VPN1
Basic Configuration
o VPN ➔ Global : 1
o Name ➔ Global : Data VPN
208
PNETLAB Store
PNETLab.com
209
PNETLAB Store
PNETLab.com
Task 2 – Configure a VPN Interface Template to be used by CSR for VPN 1 for Interface G2
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR ➔ VPN ➔ Cisco VPN
Interface Ethernet
o Template Name : BR-CSR-VPNINT-VPN1-G2
o Description : BR-CSR-VPNINT-VPN1-G2
o Interface Name ➔ Global : GigabitEthernet2
o IPv4 Address ➔ Static -> Device Specific
210
PNETLAB Store
PNETLab.com
211
PNETLAB Store
PNETLab.com
Task 3 – Configure a OSPF Template to be used by CSR for VPN 1

- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ CSR1000v ➔ Other
Templates ➔ Cisco OSPF
o Template Name : BR-CSR-OSPF-VPN1
o Description : BR-CSR-OSPF-VPN1
Redistribution
o Protocol : OMP
Area Configuration
o Area Number ➔ Global : 0
o Interface Name: GigabitEthernet2
212
PNETLAB Store
PNETLab.com
213
PNETLAB Store
PNETLab.com
Lab 25 - Configuring Device Templates for CSR to deploy VPN 0, 1 and

512
Task 1 – Configure a Device Template for CSR Branch Devices.
- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔
CSR1000v
o Template Name : BR-CSR-TEMP
o Description : BR-CSR-TEMP
Basic Information
o System ➔ CE-System
o VPN 0 : BR-CSR-VPN-VPN0
o VPN Interface : BR-CSR-VPNINT-VPN0-G1
o OSPF : BR-CSR-OSPF-VPN0
Service VPN
o OSPF : BR-CSR-OSPF-VPN1
214
PNETLAB Store
PNETLab.com
215
PNETLAB Store
PNETLab.com
216
PNETLAB Store
PNETLab.com
217
PNETLAB Store
PNETLab.com
Task 2 – Attach cEdge1 to the Device Template

- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ BRCSR-TEMP.
- Select cEdge1 and click the “➔“ button.
- Click Attach.
218
PNETLAB Store
PNETLab.com

- cEdge1 will appear in the window.
o Interface IP for GigabitEthernet3: 10.1.15.1/24
o Hostname: cEdge-1
o System IP: 118.1.5.25
o Site ID: 5
- Click Update.
219
PNETLAB Store
PNETLab.com
- Verify the configuration on cEdge1. You can do that by verify OSPF Neighbor relationship with
the Internal Router by issuing the Show ip ospf neighbor command on cEdge1.
- Type Show Ip route on cEdge1 to verify that you are receiving OSPF routes from the MPLS
Router.
the other Sites.
220
PNETLAB Store
PNETLab.com
221
PNETLAB Store
PNETLab.com
222
PNETLAB Store
PNETLab.com
223
PNETLAB Store
PNETLab.com
224
PNETLAB Store
PNETLab.com
Lab 26 - Configuring and Deploying Feature and Device Templates for

vSmart Controllers
Task 1 – Configure a VPN Template to be used by vSmart Controllers for VPN 0
- In vManage, Navigate to Configuration ➔ Templates ➔ Feature ➔ vSmart ➔ VPN ➔ VPN
o Template Name: vSmart-VPN-VPN0
o Description: vSmart-VPN-VPN0
Basic Configuration
o VPN ➔ Global: 0
o Name ➔ Global : Transport VPN
IPv4 Route
o Next Hop ➔ Global: 100.1.1.1
225
PNETLAB Store
PNETLab.com
Task 2 – Configure a VPN Template to be used by vSmart Controllers for VPN 512
o Template Name: vSmart -VPN-VPN512
o Description: vSmart -VPN-VPN512
Basic Configuration
o VPN ➔ Global : 512
o Name ➔ Global : MGMT VPN
226
PNETLAB Store
PNETLab.com
227
PNETLAB Store
PNETLab.com
Task 3 – Configure a VPN Interface Template to be used by vSmart Controllers for VPN 0
for Interface Eth1
Interface Ethernet
o Template Name: vSmart-VPNINT-VPN0-E1
o Description: vSmart-VPNINT-VPN0-E1
Basic Configuration
o Interface Name ➔ Global : eth1
Tunnel
o Tunnel Inteface ➔ Global : On
o Color ➔ default
Allow Service
228
PNETLAB Store
PNETLab.com
Task 4 – Configure a VPN Interface Template to be used vSmart Controllers for VPN 512
for Interface Eth0
Interface Ethernet
o Template Name: vSmart-VPNINT-VPN512-E0
o Description: vSmart-VPNINT-VPN512-E0
Basic Configuration
o Interface Name ➔ Global: eth0
o IPv4 Address ➔ Static ➔ Device-Specific
229
PNETLAB Store
PNETLab.com
230
PNETLAB Store
PNETLab.com
Task 5 – Configure a Device Template for vSmart Controllers.

- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ Create Template ➔ vSmart
o Template Name: vSmart-TEMP
o Description: vSmart-TEMP
Basic Information
o System ➔ Vsmart-System
o VPN 0: vSmart-VPN-VPN0
o VPN Interface: vSmart-VPNINT-VPN0-E1
o VPN 512: vSmart-VPN-VPN512
o VPN Interface: vSmart-VPNINT-VPN512-E0
231
PNETLAB Store
PNETLab.com
232
PNETLAB Store
PNETLab.com
Task 6 – Attach vSmart to the Device Template

- In vManage, Navigate to Configuration ➔ Templates ➔ Device ➔ vSmart-TEMP
- Select vSmart and click the “➔“ button.
- Click Attach.

- vSmart will appear in the window.
o Interface IP for Eth1: 100.1.1.3/24
o Interface IP for Eth0:192.168.1.2/24
o Hostname: vSmart-1
o System IP: 100.1.1.12
o Site ID: 1
- Click Update.
233
PNETLAB Store
PNETLab.com
234
PNETLAB Store
PNETLab.com
235
PNETLAB Store
PNETLab.com
Lab 27 - Configuring Application Aware Policies using Telnet and Web

Requirements:
- Dubai (Site-2) & Hongkong (Site-3) Sites should use the MPLS Transport for Telnet
- Traffic and the Biz-Internet Transport for Web Traffic.
- Telnet Should have a SLA based on the following:
o Loss – 5%
o Latency – 200
o Jitter – 100ms
- Web Should have a SLA based on the following:
o Loss – 10%
o Latency – 500
o Jitter – 100ms
- Create the Sites for Dubai and Hongkong.
- Create the VPN for VPN ID 1.
Task 1 – Configure Groups of Interests/List that will be used for Telnet & Web Application
Aware Routing (AAR) Policy
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Centralized Policy ➔
Lists.
- Click SLA Class and select New SLA Class list. Create 2 policies based on the following:
o Name: SLA-Telnet
o Loss: 30% (because in lab, packet lost is high)
o Latency: 200
o Jitter: 100ms
o Name: SLA-Web
o Loss: 40% (because in lab, packet lost is high)
o Latency: 500
o Jitter: 100ms
- Click VPN and select New VPN list. Create 1 policy based on the following:
o Name: VPN1
o ID: 1
- Click Site and select New Site list. Create 2 policies based on the following:
o Name: Dubai
o Site ID: 2
o Name: Hongkong
o Site ID: 3
236
PNETLAB Store
PNETLab.com
237
PNETLAB Store
PNETLab.com
238
PNETLAB Store
PNETLab.com
Task 2 – Configure an AAR policy based on the Requirements

Traffic Policy.
- Configure 2 App Routes based on the following:
o Policy Name: TELNET-WEB-Policy
o Description: TELNET-WEB-Policy
Telnet Sequence
Match Conditions:
o Protocol: 6
o Port: 23
Action
o SLA Class List: SLA-Telnet
o Color: mpls
o Backup Preferred Color: biz-internet
o Click Save Match and Actions to save the Sequence.
Web Sequence
Match Conditions:
o Protocol: 6
o Port: 80
Action
o SLA Class List: SLA-Web
239
PNETLAB Store
PNETLab.com
o Color : biz-internet
o Backup Preferred Color: mpls
o Save the Policy.
240
PNETLAB Store
PNETLab.com
241
PNETLAB Store
PNETLab.com
Task 3 – Create a Centralized Policy and call the Traffic Policy

Add Centralized Policy
- Click Next on the “Group of Interests” page as we have already created the required lists.
- Click Next on the “Topology and VPN Membership” page as we are not using any Control
Policies.
- Click Add Policy on the “Configure Traffic Rules” page.
- Click “Import Existing” and select the TELNET-WEB-POLICY from the drop-down list and click
Import.
- Click Next to move to the “Apply Policy to Sites and VPNs” Page.
- Click the “Appliacation-Aware Policy” tab.
- The TELNET-WEB-Policy will be there. Click “New Site List and VPN List” button.
- Select Dubai and Hongkong in the Site List.
- Select VPN1 in the Site List.
- Click Add.
- Assign the Policy a name and Desription based on the following:
o Policy Name: Main-Central-Policy
o Description: Main-Central-Policy
- Click the Save Policy button towards the button.
- Activate the policy.
- Wait for it to push the policy to the reachable vSmart Controller(s).
242
PNETLAB Store
PNETLab.com
- Verify the policy by using the Monitor ➔ Network ➔ vEdge3 ➔ Troubleshooting ➔ Simulate
Flows Tool.
- Telnet from Dubai or Hongkong should only use the mpls transport.
- Web from Dubai or Hongkong should only use the biz-internet transport.
- Normal Ping from Dubai or Hongkong should use both the Transports.
243
PNETLAB Store
PNETLab.com
244
PNETLAB Store
PNETLab.com
245
PNETLAB Store
PNETLab.com
246
PNETLAB Store
PNETLab.com
247
PNETLAB Store
PNETLab.com
248
PNETLAB Store
PNETLab.com
Lab 28 - Manipulating Traffic flow using TLOCs

Requirements:
- Paris should only the MPLS TLOC as the preferred color while communicating to Dubai. The
Internet TLOC should be backup TLOC.
Task 1 – Configure Groups of Interests/List that will be used for Traffic Engineering Policy
for DUBAI
Lists.
- Click TLOCs and select New TLOC list. Create a policy based on the following:
o Name: DB-TLOC-MPLS-INT
o TLOC#1:
▪ IP Address: 118.1.2.22
▪ Color: MPLS
▪ Preference: 300
o TLOC#2:
▪ IP Address: 118.1.2.22
▪ Color: Biz-internet
▪ Preference: 200
249
PNETLAB Store
PNETLab.com
250
PNETLAB Store
PNETLab.com
Task 2 – Configure Control/Topology policy based on the Requirements

Topology.
- Configure 1 Route Policy based on the following:
o o Policy Name : DB-MPLS-INT
o o Description : DB-MPLS-INT
Route Sequence
Match Conditions:
o Site List: Dubai
o VPN List: VPN1
Action
o TLOC/TLOC List: DB-MPLS-INT
Default Sequence
Action
o Accept
o Save the Policy
251
PNETLAB Store
PNETLab.com
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology
Policy
- In vManage, Navigate to Configuration ➔ Policies ➔ Custom Options ➔ Lists ➔ Site
- Create new site list Paris with site id 4.
252
PNETLAB Store
PNETLab.com

Main-Central-Policy ➔ Click “…” ➔ Edit.
- Click Topology on the Top of the page.
- Click Add Topology.
- Click “Import Existing” and select the DB-MPLS-INT from the dropdown list and click Import.
- Click Policy Application on the Top of the page.
- Click the “Topology” tab.
- The DB-MPLS-INT -Policy will be there. Click “New Site” button.
- Select Paris in the Outbound Site List.
- Click Add.
- Verify by using the Show IP route vpn 1 command on the Paris vEdge (vEdge4).
- It should only have 1 TLOC for Dubai routes (118.1.2.22– MPLS), whereas it will have 2 TLOCs for
Hongkong (118.1.3.23-MPLS, 118.1.3.23-Biz-Internet).
253
PNETLAB Store
PNETLab.com
254
PNETLAB Store
PNETLab.com
255
PNETLAB Store
PNETLab.com
Lab 29 - Configuring Route Filtering

Requirements:
- The 172.16.234.2/32, 172.16.234.3/24 & 172.16.234.4/24 should not be propagated to the

Newyork Site (Site 1).
Task 1 – Configure Groups of Interests/List that will be used for Route Filtering Policy for
Newyork
Lists.
- Click Prefix and select New Prefix list. Create a policy based on the following:
o Name: PL-234
o Prefix List Entry: 192.168.234.0/24 le 32
- Click Site and select New Site list. Create a policy based on the following:
o Name : Newyork
o Site ID : 1
256
PNETLAB Store
PNETLab.com
Task 2 – Configure Control/Topology policy based on the Requirements

Topology.
- Configure 1 Route Policy based on the following:
o Policy Name : PREF-234-NOT-2-NY
o Description : PREF-234-NOT-2-NY
Route Sequence
Match Conditions:
o Prefix List: PL-234
Action: Reject
Default Sequence
Action
o Accept
o Save the Policy
257
PNETLAB Store
PNETLab.com
Task 3 – Modify the existing Centralized Policy “Main-CentralPolicy” and call the Topology
Policy
Main-Central-Policy ➔ Click “…” ➔ Edit.
- Click Topology on the Top of the page.
- Click Add Topology.
- Click “Import Existing” and select the PREF-234-NOT-2-NY from the drop-down list and click
Import.
- Click Policy Application on the Top of the page.
- Click the “Topology” tab.
- The PREF-234-NOT-2-NY will be there. Click “New Site” button.
- Select Newyork in the Outbound Site List.
- Click Add.
- Verify by using the Show IP route vpn 1 command on the Newyork vEdge (vEdge1).
- It should all the routes from the Branches except the 192.168.234.X/32routes.
- These routes should be present in the vEdge2, vEdge3 and vEdge4 routers. You can use the
Show IP route vpn 1 command to verify.
258
PNETLAB Store
PNETLab.com
259
PNETLAB Store
PNETLab.com
260
PNETLAB Store
PNETLab.com
261

Sdwan Practice Lab 1 v1.1

Uploaded by

Copyright:

Available Formats

Sdwan Practice Lab 1 v1.1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sdwan Practice Lab 1 v1.1

Uploaded by

Copyright:

Available Formats

Download PNETLab Platform

SD-WAN Practice LAB 1 – PNETLab.com

Task 5- Downloading the Issued Certificate............................................................................................ 67

Task 2- Install the Root Certificate on vEdge4 ...................................................................................... 114

HOW TO SETUP LAB

- Join the Telegram group support: https://t.me/rackrental

Link to download lab and Setup

- VIPTELA 20.3.1: vManager, vBond, vSmart, vEdge.

1. How to upload images into PNETLab

b. Upload Images into PNETLab:

- Step 2: Upload Qemu Images and IOS as shown below:

o Upload All IOS Images to folder: /opt/unetlab/addons/iol/bin

o Upload tempalte file for SD-WAN devices to Folder: /opt/unetlab/html/templates

If you skip this step, SD-WAN devices cannot start properly

Link to download Template file:

Backup Link: https://mega.nz/file/uzxEEKLK#LvfeYdKR_SFi-msYcJgDHQ2vdRrpBltEKqcLChcCiRs

Unzip and copy to folder /opt/unetlab/html/templates in PNETLab

o Go to: System ➔ System Setting

o Click to Fix permission button

2. How to setup and practice Lab

b. ServerCA – Windows Server 2008

Account login to the devices in the SD-WAN LAB

========Some key notes for practing this lab========

Lab 1: Configuring the WAN Components

Interface IP address Subnet Mask

Interface IP address Subnet Mask

Interface IP address Subnet Mask

Task 1 – HQ Router Configuration

ip address 119.1.1.2 255.255.255.0

Task 2 – MPLS Cloud Router Configuration

MPLS Cloud Router

Task 3- Internet Cloud Router Configuration

Internet Cloud Router

Lab 2: Installing the Enterprise Certificate Server

- Third Ethernet Interface: Connected_to_100

Task 2- Installing the Enterprise Root Certificate Server

- Select the “Active Directory Certificate Services" and click Next

- Leave it as Standalone and click Next

- Leave it as Root CA and click Next

- Leave “Create a new private key” and click Next

- Set the Common name as PNETLAB-CA and click Next

- Click Next ➔ Install

Task 2 Install WinSCP

Lab 3- Initializing vManage -CLI

- Default username: admin, default password:admin

Then log in with admin/admin

Task 2- Configured the VPN parameters

Lab 4- Initializing vManage – GUI

- Navigate to Administration -> Settings

- Select “Base 64”.

- Open Explorer and navigate to the downloads folder.

- Open the “RootCert.cer” file using Notepad.

- In vManage, Navigate to Administration ➔ Settings ➔ Controller Certiticate

Task 3- Generate a CSR for vManage

Task 4 – Request a Certificate from the CA Server

Task 5 – Issue the Certificate from the CA Server

Task 6- Downloading the Issueed Certificate

- Select “Base 64” and click “Download”

- Open explorer and navigate to the downloads folder.

- Open the “vManage.cer” file using Notepad