EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USConfigure Strict Hub and Spoke Topology
Configure Strict Hub and Spoke Topology
Task: Configure the Topology to work like Strict Hub and Spoke based network where there are three Subnet for each VPN.
- VPN 10: Corp-VPN
- VPN 20: Sec-PCIVPN
- VPN 40: Guest-VPN
Topology should work like follows:
- For all VPN 10 : All Branch VPN 10 traffic must go to DC and then to Branch and VPN 10 traffic must not go Branch to Branch , All DC must send a default route to each branch for outside traffic.
- For VPN 20: Each Branch must have VPN 20 routes for other branch having Next HOP: DC-TLOC
- For VPN 40: No direct communication between branch to branch to any VPN, This VPN should have default route to access Internet only
Topology:
Solution:
For VPN 10 : Advertise branches routes to DC and not to another branch , DC will advertise default route to each branch so that if branch wants to talk to another branch , branch will send the traffic to DC by default route and DC will then route traffic back to remote branch
For VPN 20 : Branch will advertise VPN 20 routes to vSmart and in return vSmart will advertise those VPN 20 routes by setting Next hop as DC-TLOC , so in branch to branch communication via VPN 20 , Branch will send traffic to DC and DC will route it to branch.
For VPN 40 : No communication between branch , so restrict routes exchange between them ,and advertise only default routes in VPN 40 for direct internet access.
Before configuring Hub and spoke topology, let’s verify that all the branches are able to reach to other branches directly over VPN 10 and VPN 20 over IPSEC tunnel.
vManage | Monitor | Network | Select BR2-VEDGE1 | Tunnel
This will show that the BR2-VEDGE has full Mesh IPSEC tunnel to all other branches and DC sites.
Select Troubleshooting | PING | under connectivity Section
Select destination IP: 10.3.0.21 (Branch 1), VPN 10 and Source Interface in VPN 10 | Start
So same activity for VPN 20
For VPN 10 Select | trace Route | destination IP 10.4.0.21 | VPN 10 | Select Source Interface | Start
Now Create Application or Groups of interest for all components like DC, Sites, DC-TLOC, Data-Prefix Group.
vManage | Configuration | Policies | centralized Policy | Add Policy
Data-Prefix Group: Contains all RFC1918 Prefixes and all other prefixes known for this Topology
Site Group: Contains All-Branch List, All-DC-hub list Site IDs.
DC-TLOC: Contains all TLOC from two DC vEdge Devices
VPN-Group: contains all VPN group for VPN 10 (Corp-VPN), VPN 20 (Sec-PCIVPN), and VPN 40 (Guest-VPN).
Click Next to move to Configure Topology and VPN Membership Section, here we will configure Custom Control Topology, this topology allow to manipulate OMP and TLOC routes on vSmart.
Click on Add topology | Custom Control (Route & TLOC)
DClesson’s configure strict hub and spoke topology is the best online study material available. They have explained everything in detail and with relevant diagrams and sketches. This is a step-by-step guide to configuring strict hub and spoke topology that helped me configure creative and powerful networking solutions in the cloud for the following common use cases. This topology can require the configuration and maintenance of many virtual circuits. 
Comment
DA
BA
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.