EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USConfigure vEdge & Generate Certificate
Configure vEdge & Generate Certificate
As soon as vEdge VM is created and router boots it will not able to join the Viptela overlay network and .1to do so a signed certificate must be installed on it. In release 17.1 and later, vManage NMS acts as the certificate Authority and this NMS will automatically generate and install the signed certificate on vEdge cloud routers. Where as in 16.1 and earlier manually Symantec signed certificates was used to be installed on routers.
Following steps are to be followed while installing the signed certificate.
- Retrieve the vEdge router Serial Number
- Upload the vEdge authorized SN file to vManage NMS
- Installed the signed certificate on each vEdge cloud Router
Retrieve the vEdge router Serial Number
- Visit to http://viptela.com/support/ and log in
- On Downloads | Click My Serial Number Files. For Releases 17.1 and later, the filename extension is .Viptela.
- Click on the most recent and latest serial number file to download it.
Upload the vEdge authorized SN file to vManage NMS
- In vManage NMS, select the Configuration | Devices screen | vEdge List tab | click Upload vEdge List.
- In the Upload vEdge window | Click Choose File | select the vEdge authorized serial number file
- In order to automatically validate the vEdge routers and send their serial numbers to the controllers, click | select the checkbox Validate the Uploaded vEdge List | Send to Controllers.
- Click Upload.
As soon as SN file for vEdge is uploaded, vManage will generate the token number for each vEdge cloud router listed in file. This token is further used as one time password for each vEdge router and this token is sent to vBond and vSmart.
Once the file is uploaded, the vEdge router will be visible in vManage.
Install Signed Certificates in Releases 17.1 and Later
Before signed certificate is generated and installed, the very necessary work to be done for this activity is to generate and download the bootstrap configuration file for each vEdge router. This file contains all important information required to generate the signed certificate. In order to achieve all vEdge router and vManage must be on 17.1 release or later.
Bootstrap configuration file contains the following information:
- UUID acts as router's chassis number.
- Token, one-time password that the router uses to authenticate itself with the vBond orchestrator and the vManage NMS.
- IP address or DNS name of the vBond orchestrator.
- Organization name.
- If you have already created a device configuration template and attached it to the vEdge Cloud router, the bootstrap configuration file contains this configuration.
Configure the vBond Orchestrator and Organization Name
Now before generating, bootstrap file, follow below steps to configure the organization name and vBond information on vManage.
- In vManage NMS | Administration | Settings screen | vBond bar | click Edit.
- In the vBond DNS/IP Address: Port field | Enter the DNS name or IP address of the vBond | Click Save.
- Organization Name bar | click Edit | Enter the name of your organization. This name must be
- Confirm Organization name field, re-enter and confirm the organization name Click Save.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.