EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USAuthentication between vEdge Router & vManage NMS
Authentication between vEdge Router & vManage NMS
Once the vEdge router and vBond authorized each other, vEdge router receives its full configuration over DTLS connection with vManage NMS
Following are the steps:
- vEdge router establish a DTLS connection with vManage
- vManage will send the configuration file to vEdge Router
- After the Configuration file receive from vManage, vEdge will activate its full configuration
- vEdge router starts advertising prefixes to vSmart Controller
Below is the step by step described, how automatic authentication happens between vEdge and vManage
First vEdge router initiates an encrypted DTLS connection to the IP address of the vManage NMS. Over this encrypted Tunnel, vEdge and vManage will authenticate to each other.
Now let’s see how vEdge Router will authenticate the vManage NMS.
- vManage will send its trusted root CA signed certificate to vEdge Router
- vEdge Router uses it chain of trust to extract the organization name from certificate and match it with its own, if they don’t match it will tear down the DTLS connection.
- If the name matches , vEdge router uses its root CA chain to verify that vManage certificate is signed by root CA , if it is not so then vEdge router will tear down the connection
- And if the Root certificate is validated vEdge router now knows that vManage is valid and after this process authentication of vManage NMS is complete
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.