EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Configure vBond & Generate Certificate

Configure vBond & Generate Certificate

Posted on Jan 27, 2020 (0)

Configure vBond & Generate Certificate

Once vBond VM has been setup and started, it will come up with factory-default configuration. Now some more basic and initial configuration still to be done manually so that devices can be authenticated and verified and can easily join the overlay network.

Once initial configuration is done, a full configuration templates can be created on vManage and then attaching these templates to vBond orchestrator.

Create Initial Configuration for the vBond Orchestrator from CLI Section

Login to the Viptela device via SSH with user admin, using the default password, admin. | Enter configuration mode:

vBond# config
vBond(config)#

Configure the hostname:

vBond(config)# system host-name hostname

Configure the system IP address:

vBond(config-system)# system-ip ip-address

The vManage NMS uses this vBond system IP address to identify the device and can download the full configuration to the vBond.

Configure the public IP address of the vBond orchestrator which will allow all Viptela devices in the overlay network to reach the vBond orchestrator:

vBond(config-system)# vbond ip-address local

Configure a time limit to confirm that a software upgrade is successful: Time limit is between 1 to 60 mints.

vBond(config-system)# upgrade-confirm minutes

Change the password for the user "admin" whereas The default password is "admin".

vBond(config-system)# user admin password password

Configure an interface in VPN 0, over which an Internet or other WAN transport network can be connected and must be public IP address.

vBond(config)# vpn 0 interface interface-name
vBond(config-interface)# ip address ipv4-prefix/length
vBond(config-interface)# no shutdown

Commit the configuration:

vBond(config)# commit and-quit
vBond#

Once overlay network is UP, create the vBond configuration template in vManage that contain the initial configuration. Use the following vManage Feature template.

  • Use System feature template for hostname, system IP address, and vBond functionality configuration
  • Use AAA feature template to configure a password for the "admin" user.
  • Use VPN Interface Ethernet feature template to configure the interface in VPN 0

In addition, to the above initial configuration, some general system configuration is also required.

  • Organization name, on the vManage Administration
  • Time zone, NTP servers, and device physical location, from the configuration templates.
  • Login banner from Banner feature configuration template.
  • Logging parameters from Logging feature configuration template.
  • AAA, and RADIUS and TACACS+ servers from AAA feature configuration template.
  • SNMP from SNMP feature configuration template

Sample Initial CLI Configuration

vBond# show running-config
system
host-name vBond
gps-location latitude 40.7127837
gps-location longitude -74.00594130000002
system-ip 172.16.16.17
organization-name "Viptela Inc"
clock timezone America/Los_Angeles
vbond 11.10.10.10 local
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password encrypted-password
!
!
logging
disk
enable
!
!
vpn 0
interface ge0/0
ip address 11.10.10.10/24
no shutdown
!
ip route 0.0.0.0/0 11.10.10.1
!
vpn 512
interface eth0
ip dhcp-client
no shutdown
!
!

Add the vBond Orchestrator and Generate Certificate

Following steps needs to be performed in order to add a vBond orchestrator to the network, automatically generate the CSR for vBond, and install the signed certificate on vBond:

  • In vManage NMS | select the Configuration | Devices screen.
  • In the Controllers tab | click Add Controller | select vBond.

In the Add vBond dialog box provide the following information

  • vBond management IP address | username and password to access the vBond orchestrator.
  • Select the Generate CSR checkbox to automatically allow the certificate-generation process | Click Add.

vManage NMS will generates the CSR, retrieves the generated certificate for vBond, and automatically installs it on the vBond orchestrator and this vBond will be added to vManage . To verify that the certificate is installed on a vBond orchestrator follow below screen shots:


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.