***************************************** Lab 1 - vManage CLI Configuration ***************************************** conf t ! system host-name vManage organization-name KBITS system-ip 10.1.1.101 site-id 100 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 no interface eth0 interface eth1 ip address 199.1.1.1/28 no shut tunnel-interface allow-service sshd allow-service netconf ip route 0.0.0.0/0 199.1.1.14 commit ! vpn 512 interface eth0 ip address 192.168.1.1/24 no shut commit ***************************************** Lab 2 - vSmart CLI Configuration ***************************************** conf t ! system host-name vSmart organization-name KBITS system-ip 10.1.1.102 site-id 100 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 no interface eth0 interface eth1 ip address 199.1.1.2/24 no shut tunnel-interface allow-service sshd allow-service netconf ip route 0.0.0.0/0 199.1.1.14 commit ! vpn 512 interface eth0 ip address 192.168.1.2/24 no shut commit ***************************************** Lab 3 - vBond CLI Configuration ***************************************** conf t ! system host-name vBond organization-name KBITS system-ip 10.1.1.103 site-id 100 clock timezone Asia/Dubai vbond 199.1.1.3 local commit ! vpn 0 interface ge0/0 ip address 199.1.1.3/28 no shut tunnel-interface allow-service sshd allow-service netconf ip route 0.0.0.0/0 199.1.1.14 commit ! vpn 512 interface eth0 ip address 192.168.1.3/24 no shut commit ***************************************** Lab 4 - vManage GUI Initialization ***************************************** 1. Log in using the admin/admin credentials. (https://199.1.1.1) 2. Configure the Organization Name & the vBond address again. Administration -> System --------------------------- Organization Name : KBITS vBond Address : 199.1.1.1 3. Configure the Enterprise Certificate Server Settings Administration -> System --------------------------- Controller Certificate: Enterprise CA Server Paste the Contents of the Root Certificate Set the CSR Properties based on the following: Domain Name: Kbits.live Organization Unit: KBITS Orginization : Viptela LLC Fill in the rest of the information based on preference. 4. Generate your CSR to eventually get an Identity Certificate issued by the CA Server Configuration -> Certificates -> Controllers --------------------------------------------- -> Click the menu [...] for the vManage. -> Click to generate a CSR for vManage. -> Highlight and copy all the content. 5. Browse to the Certificate Server in your browser -> Click the Request Certificate. -> Paste the CSR and click submit 6. Go to Server Manager on the CA Server and issue the Certificate. 7. On your Certificate Server Web Page, download the assigned certificate using the Base-64 format. 8. Open the file. Highlight and copy all the content. 9. Go to vManage and click on Install Certificate. ********************************************* Lab 5 - Onboard the vSmart and vBond Devices ********************************************* 1. Log in using the admin/admin credentials. (https://199.1.1.1) 2. Onboard the vSmart and vBond devices Configuration -> Devices -> Controllers -> Add Controller -> vSmart IP Address: 199.1.1.2 Username: admin Password: admin Configuration -> Devices -> Controllers -> Add Controller -> vBond IP Address: 199.1.1.3 Username: admin Password: admin Note: The vManage automatically downloads the Root Certificate to the new added Controllers. *************************************************************************** Lab 6 - Generate and Install the Identity Certificate for vSmart & vBond *************************************************************************** ++++++++++++ vSmart ++++++++++++ Configuration -> Certificates -> Controllers --------------------------------------------- -> Click the menu [...] for the vManage. -> Click to generate a CSR for vManage. -> Highlight and copy all the content. 5. Browse to the Certificate Server in your browser -> Click the Request Certificate. -> Paste the CSR and click submit 6. Go to Server Manager on the CA Server and issue the Certificate. 7. On your Certificate Server Web Page, download the assigned certificate using the Base-64 format. 8. Open the file. Highlight and copy all the content. 9. Go to vManage and click on Install Certificate. ***************************************** Lab 7 - WAN Edge CLI Configuration ***************************************** -------------- Dubai-vEdge1 -------------- conf t ! system host-name Dubai-vEdge1 organization-name KBITS site-id 1 system-ip 10.2.2.201 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.11.1/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.11.254 ! commit -------------- Dubai-vEdge2 -------------- conf t ! system host-name Dubai-vEdge2 organization-name KBITS site-id 1 system-ip 10.2.2.202 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.12.2/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.12.254 ! commit -------------- London-vEdge3 -------------- conf t ! system host-name London-vEdge3 organization-name KBITS site-id 2 system-ip 10.2.2.203 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.21.3/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.21.254 ! commit -------------- London-vEdge4 -------------- conf t ! system host-name London-vEdge4 organization-name KBITS site-id 2 system-ip 10.2.2.204 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 no interface ge0/0 interface ge0/1 ip address 192.1.22.4/24 no shut tunnel-interface encap ipsec allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.1.22.254 ! commit -------------- LA-vEdge5 -------------- conf t ! system host-name LA-vEdge5 organization-name KBITS site-id 3 system-ip 10.2.2.205 clock timezone Asia/Dubai vbond 199.1.1.3 commit ! vpn 0 interface ge0/0 ip address 192.168.31.5/24 no shut tunnel-interface allow-service netconf allow-service sshd ip route 0.0.0.0/0 192.168.31.254 ! commit ***************************************** Lab 8 - WAN Edge Onboarding ***************************************** =================================================================== 1. Download the Enterprise Root Certificate to the WAN Edge =================================================================== -> Open WinSCP. -> Log into the WAN Edges using SFTP as the protocol and admin/admin as the credentials. -> Copy the Enterprise Root Certificate (RootCert.cer) to the /home/admin folder. =================================================================== 2. Install the Root Certificate on the WAN Edges =================================================================== request root-cert-chain install /home/admin/RootCert.cer ========================================================================= 3. Use the vChassis # & OTP from the WAN Edge List to Onboard the device ========================================================================= request vedge activate chassis xxxxxxxxxxxxxxx token xxxxxxxx ************************************************ Lab 9 - Configuring Dubai - Based on Workbook ************************************************ *************************************************************** Lab 10 - Configuring London TLOC Extension - Based on Workbook *************************************************************** *************************************************************** Lab 11 - Configuring LA with Sub-Interface - Based on Workbook *************************************************************** ======================================================= 1. Configure VPN 0 & VPN 512 ======================================================= Templates: VE-SYSTEM (Common) -------------------- Site-ID: System-IP: Timezone: Host-Name: VE-VPN-0 (Common) --------------------- VPN ID: 0 Default Route: 0.0.0.0/0 => Next Hop: Device Specific VE-VPNINT-G0 (Common) --------------------- Interface Name: ge0/0 IP Address: Static => Device Specific Tunnel Interface: Yes Color: mpls Services: Netconf, SSHD, OSPF VE-VPNINT-G1 (Common) --------------------- Interface Name: ge0/1 IP Address: Static => Device Specific Tunnel Interface: Yes Color: biz-internet Services: Netconf, SSHD VE-VPNINT-G2-LA (This Interface is assigned to VPN 0) ----------------------------------------------------------- Interface Name: ge0/2 No Shut IP Address: Static => default MTU: 1500 VE-OSPF-0 (Common) --------------------- Area: 0 Interface: ge0/0 VE-VPN-512 (Common) --------------------- VPN ID: 512 VE-VPNINT-E0 (Common) --------------------- Interface Name: eth0 IP Address: Dynamic ======================================================= 2. Configure Service VPN Template ======================================================= ++++++++++++++++++++++++ VPN 1 ++++++++++++++++++++++++ Templates: VE-VPN-1 (Common) --------------------- VPN ID: 1 VE-VPNINT-G2.10-LA ----------------------------------------------------------- Interface Name: ge0/2.10 IP Address: Static => 172.16.30.5/24 MTU: 1496 VE-OSPF-1-LA --------------------- Redistribute: OMP Area: 0 Interface: ge0/2.10 ======================================================= 3. Configure the Internal Switch on Site-1 ======================================================= --------------- Site-1 Switch --------------- vlan 10 ! Interface E 0/0 switchport trunk encap dot1q switchport mode trunk ! Interface E 0/1 switchport mode access switchport access vlan 10