Cisco SDWAN: vManage, vSmart, vBond setup from Scratch and the integrations with each other
Cisco SDWAN: vManage, vSmart, vBond setup
In this article we are going to discuss how vBond and vSmart
controllers integrated with vManage in Cisco SDWAN Viptela solution. As you
know vManage is a single dashboard to manage, troubleshoot, configuration and
Policy push orchestration layer controller which is connected with vSmart,
vBond and vEdges via different connections.
Fig 1.1- Cisco SDWAN Viptela (vBond, vSmart & vManage) |
Before we will start with the integration of vSmart and vBond with vManage we will see how to configure vManage interface settings. The snapshots are taken from Cisco Live presentations and is not relevant to any live environment.
- vpn 0: Transport vpn and is used for WAN connectivity
- vpn 1-511: Service vpn and can be used for internal connectivity with LAN, DMZ zone or other LAN connectivity.
- vpn 512: Management vpn and used for OOBM connectivity.
After this the basic configuration on vManage is to set the
system, the site id, the organization name and domain name (here below if you
see, vBond server can be specified as domain name). Make sure you take care Organization
name (case sensitive), System-IP (should be unique on every component in SDWAN
Fabric) as shown below.
So you configured the basics of the vManage, now we need to
setup the things on vManage, where we need to configure Organization name and
vBond address. Now we are going to configure vBond system parameters.
So if you look into the vBond configuration for vpn 0, it
should be like
vBond# sh run vpn 0
vpn 0
!
Interface ge0/0
ip dhcp-client
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
vpn 0
!
Interface ge0/0
ip dhcp-client
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
Things to remember
- The tunnel-interface configuration settings lock down the interface and also prevent incoming NETCONF connections.
- When vBond is integrated with vManage, vManage establishes the NETCONF connection.
- Disable the tunnel-interface configuration while performing controller integration.
Now add vBond and
vSmart controllers into the vManage.
Now configuring interfaces for control connections. Enable
the tunnel interface configuration on the VPN 0
interface on all controllers. On vBond, also specify the tunnel-interface
encapsulation type.