Configure vBond & Generate Certificate

Configure vBond & Generate Certificate

Posted on Jan 27, 2020 (0)

Configure vBond & Generate Certificate

Once vBond VM has been setup and started, it will come up with factory-default configuration. Now some more basic and initial configuration still to be done manually so that devices can be authenticated and verified and can easily join the overlay network.

Once initial configuration is done, a full configuration templates can be created on vManage and then attaching these templates to vBond orchestrator.

Create Initial Configuration for the vBond Orchestrator from CLI Section

Login to the Viptela device via SSH with user admin, using the default password, admin. | Enter configuration mode:

vBond# config

Configure the hostname:

vBond(config)# system host-name hostname

Configure the system IP address:

vBond(config-system)# system-ip ip-address

The vManage NMS uses this vBond system IP address to identify the device and can download the full configuration to the vBond.

Configure the public IP address of the vBond orchestrator which will allow all Viptela devices in the overlay network to reach the vBond orchestrator:

vBond(config-system)# vbond ip-address local

Configure a time limit to confirm that a software upgrade is successful: Time limit is between 1 to 60 mints.

vBond(config-system)# upgrade-confirm minutes

Change the password for the user "admin" whereas The default password is "admin".

vBond(config-system)# user admin password password

Configure an interface in VPN 0, over which an Internet or other WAN transport network can be connected and must be public IP address.

vBond(config)# vpn 0 interface interface-name
vBond(config-interface)# ip address ipv4-prefix/length
vBond(config-interface)# no shutdown

Commit the configuration:

vBond(config)# commit and-quit

Once overlay network is UP, create the vBond configuration template in vManage that contain the initial configuration. Use the following vManage Feature template.

  • Use System feature template for hostname, system IP address, and vBond functionality configuration
  • Use AAA feature template to configure a password for the "admin" user.
  • Use VPN Interface Ethernet feature template to configure the interface in VPN 0

In addition, to the above initial configuration, some general system configuration is also required.

  • Organization name, on the vManage Administration
  • Time zone, NTP servers, and device physical location, from the configuration templates.
  • Login banner from Banner feature configuration template.
  • Logging parameters from Logging feature configuration template.
  • AAA, and RADIUS and TACACS+ servers from AAA feature configuration template.
  • SNMP from SNMP feature configuration template

Sample Initial CLI Configuration

vBond# show running-config
host-name vBond
gps-location latitude 40.7127837
gps-location longitude -74.00594130000002
organization-name "Viptela Inc"
clock timezone America/Los_Angeles
vbond local
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
usergroup netadmin
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
user admin
password encrypted-password
vpn 0
interface ge0/0
ip address
no shutdown
ip route
vpn 512
interface eth0
ip dhcp-client
no shutdown

Add the vBond Orchestrator and Generate Certificate

Following steps needs to be performed in order to add a vBond orchestrator to the network, automatically generate the CSR for vBond, and install the signed certificate on vBond:

  • In vManage NMS | select the Configuration | Devices screen.
  • In the Controllers tab | click Add Controller | select vBond.

In the Add vBond dialog box provide the following information

  • vBond management IP address | username and password to access the vBond orchestrator.
  • Select the Generate CSR checkbox to automatically allow the certificate-generation process | Click Add.

vManage NMS will generates the CSR, retrieves the generated certificate for vBond, and automatically installs it on the vBond orchestrator and this vBond will be added to vManage . To verify that the certificate is installed on a vBond orchestrator follow below screen shots:


    You are will be the first.


Please login here to comment.