Configure vSmart & Generate Certificate
Configure vSmart & Generate Certificate
Once vSmart VM has been setup and started, it will come up with factory-default configuration. Now some more basic and initial configuration still to be done manually so that devices can be authenticated and verified and can easily join the overlay network.
Following things must be configured to make vSmart operation and join the overlay network.
- Configure Tunnel Interface with one interface in VPN0 which must be connected to WAN transport and should be accessible to Viptela Devices. This VPN0 carries all control traffic between Viptela devices.
- OMP protocol must be enabled.
Once initial configuration is done, a full configuration templates can be created on vManage and then attaching these templates to vSmart controller. By doing so, configuration parameters in the template may overwrite the initial configuration.
In initial configuration, a system IP address is configured for vSmart that is a persistence address also acts as router-ID and is useful to identify controller independently and is one of the component of TLOC address. Control traffic over DTLS or TLS connection between vSmart and vEdge or between vSmart and vBond is sent over system interface identified by System IP address which is on VPN0 as device loopback IP address.
Create Initial Configuration for the vSmart Controller
Login to the Viptela device via SSH with user admin, using the default password, admin. | Enter configuration mode:
Enter configuration mode:
Configure the hostname:
Configure the system IP address.
Configure the site ID where the device is located:
Configure domain ID in which the device is located:
Configure the IP address of the vBond orchestrator or vBond DNS name
The vBond orchestrator's IP address should be a public IP address, so that all Viptela devices in the overlay network can reach it.
Configure a time limit for confirming that a software upgrade is successful:
Change the password for the user "admin" whereas The default password is "admin
Configure an interface in VPN 0, over which an Internet or other WAN transport network can be connected and must be public IP address. This IP address can be configured as static or via DHCP.
To identify type of WAN transport Configure a color for the tunnel. Use the default color (default), but
a more appropriate color, such as mpls or metro-ethernet, depending on the actual WAN transport can also be configured
Configure a default route to the WAN transport network:
Once overlay network is UP, create the vBond configuration template in vManage that contain the initial configuration. Use the following vManage Feature template.
- Use System feature template for hostname, system IP address, and vBond functionality configuration
- Use AAA feature template to configure a password for the "admin" user.
- Use VPN Interface Ethernet feature template to configure the interface in VPN 0
In addition, to the above initial configuration, some general system configuration is also required.
- Organization name, on the vManage Administration
- Time zone, NTP servers, and device physical location, from the configuration templates.
- Login banner from Banner feature configuration template.
- Logging parameters from Logging feature configuration template.
- AAA, and RADIUS and TACACS+ servers from AAA feature configuration template.
- SNMP from SNMP feature configuration template
Sample Initial CLI Configuration
Add the vSmart Controller and Generate Certificate
Following steps needs to be performed in order to add a vSmart orchestrator to the network, automatically generate the CSR for vSmart, and install the signed certificate on vSmart:
- In vManage NMS | select the Configuration | Devices screen.
- In the Controllers tab | click Add Controller | select vSmart.
In the Add vSmart dialog box provide the following information
- vSmart management IP address | username and password to access the vSmart orchestrator.
- Select the protocol for control plane connection , default is DTLS, if TLS is selected than provide port number 23456
- Select the Generate CSR checkbox to automatically allow the certificate-generation process | Click Add.
vManage NMS will generates the CSR, retrieves the generated certificate for vSmart, and automatically installs on the vSmart orchestrator and this vSmart will be added to vManage. To verify that the certificate is installed on a vSmart orchestrator follow below screen shots: