EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USAuthentication between vSmart Controller & vEdge Router
Authentication between vSmart Controller & vEdge Router
It the last step, in automatic authentication process, between vSmart controller and vEdge Router.
To perform this authentication process, one of the two devices initiates an encrypted DTLS connection or session to each other and this encrypted session is done by RSA public and Private Key generated by each device.
Now let’s see how vSmart controller authenticates a vEdge Router.
- vSmart send the 256 bit challenge to vEdge router and this challenge is a random value.
- The vEdge router sends following response for the challenge that include following:
- vEdge Serial number
- vEdge Chassis number
- vEdge Board ID certificate
- 256 bit random value signed by vEdge router Private key
- vSmart after receiving this information , compares the serial and chassis number from its vEdge authorized device list file , if there is no match vSmart will tear down the connection
- if the match is found vSmart check if the signing of 256 bit random value is proper or not by using vEdge router public key which it extracts from Router Board ID certificate , if the signing value is not matched vSmart will down the DTLS connection
- if the value is proper , vSmart uses root CA chain from vEdge router board ID certificate to validate that board id certificate is itself valid or not , the certificate is not valid the vSmart will tear down the connection
- The vSmart Controller also compares the response with original challenge, if the response matches the challenge that vBond has issued, authentication between two device happens successfully, else vSmart will tear down the connection.
Now after this authentication, vSmart controller knows that vEdge router is valid and its authentication of the router is completed.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.