KEMBAR78
SD-WAN PRACTICE LAB PNETLAB v1 Draft | PDF | Router (Computing) | Ip Address
Scribd
Upload
1K views56 pages

SD-WAN PRACTICE LAB PNETLAB v1 Draft

This document provides instructions for setting up an SD-WAN practice lab using PNETLab software and hardware. It outlines the required hardware, download link, and 9 labs to configure the core SD-WAN components including vManage, vBond, vSmart, vEdge, routers and switches. The labs include tasks to configure interfaces, install an enterprise certificate server, initialize the SD-WAN controllers through CLI and GUI, upload WAN edge lists and more.

Uploaded by

Santanu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views56 pages

SD-WAN PRACTICE LAB PNETLAB v1 Draft

This document provides instructions for setting up an SD-WAN practice lab using PNETLab software and hardware. It outlines the required hardware, download link, and 9 labs to configure the core SD-WAN components including vManage, vBond, vSmart, vEdge, routers and switches. The labs include tasks to configure interfaces, install an enterprise certificate server, initialize the SD-WAN controllers through CLI and GUI, upload WAN edge lists and more.

Uploaded by

Santanu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 56

Download PNETLab Platform

PNETLAB Store
PNETLab.com

SD-WAN Practice LAB – PNETLab.com

Lab Topology

1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Table of Contents
HOW TO SETUP LAB ...................................................................................................................................... 4
Hardware Requirement ............................................................................................................................ 4
Link to download lab and Setup ............................................................................................................... 4
Lab 1: Configuring the WAN Components .................................................................................................... 5
Task 1 – HQ Router Configuration ............................................................................................................ 5
Task 2 – MPLS Cloud Router Configuration .............................................................................................. 6
Task 3- Internet Cloud Router Configuration ............................................................................................ 7
Lab 2: Installing the Enterprise Certificate Server ........................................................................................ 7
Task 1- Configure the interface................................................................................................................. 7
Task 2- Configure the Timezone and Time ............................................................................................... 9
Task 3- Installing the Enterprise Root Certificate Server .......................................................................... 9
Task 4 Install WinSCP .............................................................................................................................. 15
Lab 3- Initializing vManage -CLI .................................................................................................................. 16
Task 1- Configuring the System Component........................................................................................... 16
Task 2- Configured the VPN parameters................................................................................................. 16
Lab 4- Initializing vManage – GUI................................................................................................................ 18
Task 1- Organization name & vBond Address......................................................................................... 18
Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root Certificate. .. 18
Task 3- Generate a CSR for vManage...................................................................................................... 22
Task 4 – Request a Certificate from the CA Server ................................................................................. 23
Task 5 – Issue the Certificate from the CA Server................................................................................... 25
Task 6- Downloading the Issueed Certificate.......................................................................................... 26
Task 7- Installing the Identity Certificate for vManage........................................................................... 29
Lab 5- Initializing vBond – CLI ..................................................................................................................... 31
Task 1- Configuring the System component ........................................................................................... 31
Task 2 – Configure the vpn parameters .................................................................................................. 31
Lab 6- Initializing vBond -GUI ...................................................................................................................... 33
Task 1 – Add vBond to vManage............................................................................................................. 33
Task 2 – View the generated CSR for vBond and copy it ........................................................................ 33
Task 3- Request a certificate from the CA Server ................................................................................... 35
Task 4 – Issue the Certificate from the CA Server................................................................................... 37
Task 5- Downloading the Issued Certificate............................................................................................ 37

2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6- Installing the Identity Certificate for vManage........................................................................... 40


Lab 7 – Initializing vSmart – CLI................................................................................................................... 43
Task 1 - Configuring the System Component .......................................................................................... 43
Task 2 – Configured the vpn parameters ................................................................................................ 43
Lab 8 – Initializing vSmart – GUI ................................................................................................................. 45
Task 1- Add vSmart to vManage ............................................................................................................ 45
Task 2 – View the generated CSR for vSmart and Copy it ...................................................................... 45
Task 3 – Request a Certificate from the CA Server ................................................................................. 47
Task 4 – Issue the Certificate from the CA Server................................................................................... 48
Task 5- Downloading the Issued Certificate............................................................................................ 49
Task 6- Installing the Identity Certificate for vManage........................................................................... 51
Lab 9 – initializing vEdge – CLI .................................................................................................................... 54
Task 1 – Upload the WAN Edge List ........................................................................................................ 54

3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

HOW TO SETUP LAB


Hardware Requirement
- CPU: 24v CPU
- RAM: 64GB
- HDD: 500GB

Note: Recommended Rack Rental: - Coming soon

Link to download lab and Setup


Link to download LAB: Coming soon
Set up LAB:
Note: Lab devices

- VIPTELA 18.4.4: vManager, vBond, vSmart, vEdge.


- Layer 2 Switches: L2-Advan-15.2-IRON
- Layer 3 Router: L3-Advan-15.4
- CRS: CRS1000vng-SDWAN
- Web_Management: Pnetlab/Linux-desktop:lastest
- ServerCA: Winserver-2012R2

1. Download LAB - Coming soon


- Step 1:
- Step 2:
- Step 3:
- Step 4:
2. Setup Docker (Web_management and Server CA) - Coming soon
a. Setup Web_management
- Step 1
- Step 2
- Step 3
- Step 4
b. Setup ServerCA
- Step 1
- Step 2
- Step 3
- Step 4

4
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 1: Configuring the WAN Components


Interface Configuration

HQ

Interface IP address Subnet Mask


E0/0 100.1.1.1 255.255.255.0
E0/1 118.1.1.2 255.255.255.0
E0/2 10.1.11.1 255.255.255.0
E0/3 118.1.6.1 255.255.255.0

MPLS-Cloud

Interface IP address Subnet Mask


E0/0 10.1.11.2 255.255.255.0
E0/1 10.1.12.2 255.255.255.0
E0/2 10.1.13.2 255.255.255.0
E0/3 10.1.14.2 255.255.255.0
E1/0 10.1.15.2 255.255.255.0

Interface-Cloud

Interface IP address Subnet Mask


E0/0 118.1.6.2 255.255.255.0
E0/1 118.1.2.2 255.255.255.0
E0/2 118.1.3.2 255.255.255.0
E0/3 118.1.4.2 255.255.255.0
E1/0 118.1.5.2 255.255.255.0

Task 1 – HQ Router Configuration


- Configure the Interfaces based on the Logical Diagram
- Configure OSPF as the IGP to communicate with the MPLS Cloud. Enable all the interfaces.
- Make sure OSPF only sends and receives OSPF packets on the link towards the MPLS Cloud using
the Passive-interface command.
- Configure a default route on the router towards the Internet. The IP Address of the Internet
Router is 192.1.101.254
- Configure BGP between vEdge1(199.1.1.17) in 65001 and HQ router. Redistribute OPSF into BGP.

HQ Router

hostname HQ
!
interface Ethernet0/0
ip address 100.1.1.1 255.255.255.0
!
interface Ethernet0/1
5
Download PNETLab Platform
PNETLAB Store
PNETLab.com

ip address 118.1.1.2 255.255.255.0


!
interface Ethernet0/2
ip address 10.1.11.1 255.255.255.0
!
interface Ethernet0/3
ip address 118.1.6.1 255.255.255.0
!
router ospf 1
passive-interface default
no passive-interface Ethernet0/2
network 10.1.11.0 0.0.0.255 area 0
network 100.1.1.0 0.0.0.255 area 0
network 108.1.1.0 0.0.0.255 area 0
!
router bgp 65001
bgp log-neighbor-changes
redistribute ospf 1
neighbor 199.1.1.17 remote-as 65001
!
ip route 0.0.0.0 0.0.0.0 192.1.101.254

Task 2 – MPLS Cloud Router Configuration


- Configure the Interfaces based on the Logical Diagram.
- Configure OSPF as the IGP on all the interfaces.

MPLS Cloud Router

hostname MPLS
!
interface Ethernet0/0
ip address 10.1.11.2 255.255.255.0
!
interface Ethernet0/1
ip address 10.1.12.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/2
ip address 10.1.13.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet0/3
ip address 10.1.14.2 255.255.255.0
ip ospf network point-to-point
!
interface Ethernet1/0
ip address 10.1.15.2 255.255.255.0
ip ospf network point-to-point
!
6
Download PNETLab Platform
PNETLAB Store
PNETLab.com

router ospf 1
network 10.1.11.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0
network 10.1.13.0 0.0.0.255 area 0
network 10.1.14.0 0.0.0.255 area 0
network 10.1.15.0 0.0.0.255 area 0

Task 3- Internet Cloud Router Configuration


- Configure the Interfaces based on the Logical Diagram
- Configure a static route on the Router for the 100.1.1.0/24 network. The Next-hop should point
towards the Internet IP of the HQ Router

Internet Cloud Router

hostname Internet
!
no ip domain lookup
ip cef
!
interface Ethernet0/0
ip address 118.1.1.2 255.255.255.0
!
interface Ethernet0/1
ip address 118.1.2.1 255.255.255.0
!
interface Ethernet0/2
ip address 118.1.3.2 255.255.255.0
!
interface Ethernet0/3
ip address 118.1.4.2 255.255.255.0
!
interface Ethernet1/0
ip address 118.1.5.2 255.255.255.0
!
ip route 100.1.1.0 255.255.255.0 118.1.1.1

Lab 2: Installing the Enterprise Certificate Server


Task 1- Configure the interface
- First Ethernet Interface: Connected_to_192
- Ip address: 192.168.100.4
- Subnet: 255.255.255.0

7
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Third Ethernet Interface: Connected_to_100


- Ip address: 100.1.1.5
- Netmask: 255.255.255.0
- Gateway: 100.1.1.1

8
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 2- Configure the Timezone and Time


Configure the appropriate Timezone and Time on the Windows Server

Task 3- Installing the Enterprise Root Certificate Server


- Open Server Manager -> click Roles-> Next

9
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Click Next

10
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select the “Active Directory Certificate Services" and click Next

- Click Next
- Select “Certification authority Web enrollment” and click Next

11
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Leave it as Standalone and click Next

- Leave it as Root CA and click Next

- Leave “Create a new private key” and click Next


12
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Leave the default for the Cryptography for CA and click Next

13
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Set the Common name as PNETLAB-CA and click Next

- Leave the default for the Validity Period and click Next

14
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Click Next -> Install

Task 4 Install WinSCP


- Double-click the WinSCP installation file
- Do a Default installation

15
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 3- Initializing vManage -CLI


Task 1- Configuring the System Component
- Configure the System parameters based on the following:
o Hostname: vManage1
o Organization: PNETLAB
o System-IP: 10.1.1.101
o SiteID: 1
o Vbond Address: 100.1.1.4
o Timezone: based on the appropriate Timezone

Note:

- Default username: admin, default password:admin

vManage

config
!
system
host-name vManage1
system-ip 10.10.10.1
site-id 1
organization-name PNETLAB
clock timezone America/Antigua
vbond 100.1.1.4
!
commit

Task 2- Configured the VPN parameters


- Configure the VPN parameters based on the following:
o Vpn0
▪ Interface eth1
▪ IP address: 100.1.1.2/24
▪ Tunnel Interface
▪ Tunel Services (All, NetConf, SSHD)
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.2/24

vManage

config
!
vpn 0
no interface eth0
interface eth1

16
Download PNETLab Platform
PNETLAB Store
PNETLab.com

ip address 100.1.1.2/24
tunnel-interface
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.2/24
no shut
!
commit

17
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 4- Initializing vManage – GUI


Task 1- Organization name & vBond Address
- Login into the vManage from the Server by browsing to https://192.168.100.2:8443 using
username of admin and password of admin

- Navigate to Administration -> Settings

- Click Edit on the Organization name and set it to PNETLAB. Confirm the Organization
name. Click OK.

- Click Edit on the vBond address and change it to 100.1.1.4. Confirm and click OK.

Task 2 – Configure Controller Authorization as Enterprise Root and Download the Root
Certificate.

- Browse to http://100.1.1.5/certsrv
- Click “Download Root Certificate”.

18
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “Base 64”.


- Click “Download CA Certificate”.

- Open Explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “RootCert”.
19
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the “RootCert.cer” file using Notepad.


- Copy using CTRL-A and CTRL-C.

20
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- In vManage, Navigate to Administration -> Settings -> Controller Certiticate


Authorization.
- Change the “Certificate Signing by:” to “Enterprise Root Certificate”.
- Paste the RootCert.cer that you had copied by using CTRL-V.

- Set the CSR Parameters with the Organization name, City, State, Country. Set the
Time to 3 Years and save.

21
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Generate a CSR for vManage


- Navigate to Configuration -> Certificates -> Controllers -> vManage -> Generate CSR

- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C
22
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Request a Certificate from the CA Server


- Browser to http://192.168.1.5/certsrv
- Click “Request a Certificate”

23
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “advanced”

- Paste the CSR in the box by using CTRL-V and click submit

24
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5 – Issue the Certificate from the CA Server


- Open Server Manager -> Roles -> Active Directory Certificate Server -> PNETLAB-CA -> Pending
Request.
- Right-click the request -> more action -> all tasks and click “Issue”

25
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 6- Downloading the Issueed Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

26
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The issued certificate link will show up. Click on the link

- Select “Base 64” and click “Download”

- Open explorer and navigate to the downloads folder.


27
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Change the name of the Downloaded file “Certnew” to “vManage”

- Open the “vManage.cer” file using Notepad


- Copy using CTRL-A and CTRL-C

28
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 7- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration -> Certificate ->Controller
- Click on the “install” button at the top right corner

- Paste the Certificate (CTRL-V) and Install

29
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The identity certificate should be installed on vManage

30
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 5- Initializing vBond – CLI


Task 1- Configuring the System component
- Configure the System parameters based on the following:
o Hostname: vBond1
o Organization: PNETLAB
o System-IP: 10.10.10.3
o Site ID: 1
o vbond Address: 100.1.1.4
o Timezone: based on the appropriate timezone

Note:

Default username: admin, default password: admin

vBond

config
!
system
host-name vBond1
system-ip 10.10.10.3
site-id 1
organization-name PNETLAB
clock timezone America/Antigua
vbond 100.1.1.4 local
!
commit

Task 2 – Configure the vpn parameters


- Configure the VPN parameters based on the following:
o Vpn 0
▪ Interface ge0/0
▪ Ip address: 100.1.1.4/24
▪ Tunnel interface
▪ Tunnel Services (all, Netconf, sshhd)
▪ Encapsulation: IPSec
▪ Default route: 100.1.1.1
o Vpn 512
▪ Interface eth0
▪ Ip address: 192.168.100.4

vBond
config
!
vpn 0
no interface eth0
31
Download PNETLab Platform
PNETLAB Store
PNETLab.com

interface ge0/0
ip address 100.1.1.4/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.4/24
no shut
!
commit

32
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 6- Initializing vBond -GUI


Task 1 – Add vBond to vManage
- Navigate to Configuration -> Devices -> Controllers -> Add Controllers – vBond and specify the
following to add the vBond in vManage.
o IP Address: 100.1.1.4
o Username: admin
o Password: admin
o Check Generate CSR
o Click OK

Task 2 – View the generated CSR for vBond and copy it


- Navigate to Configuration -> Certificates -> Controllers -> vBond -> view CSR

33
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- It will open a windows with CSR. Copy by using CTRL-A and CTRL-C

34
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3- Request a certificate from the CA Server


- Browser to http://192.168.100.5/certsrv
- Click “Request a Certificate”

- Select “Advanced”

35
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the CSR in the box by using CTRL-V and click Submit

36
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 4 – Issue the Certificate from the CA Server


- Open Server Manager -> Roles -> Active Directory Certificate Server -> PNETLAB-CA -> Pending
Request.
- Right-click the request -> more action -> all tasks and click “Issue”

Task 5- Downloading the Issued Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

37
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The issued certificate link will show up. Click on the link

- Select “Base 64” and click “Download”

38
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “vBond”

- Open the vBond.cer file using Notepad

39
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Copy using CTRL-A and CTRL-C

Task 6- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration -> Certificates -> Controllers
- Click on the “Install Certificate” button at the top right corner

40
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the Certificate (CTRL-V).

- The Identity certificate should be installed for vBond and pushed to it.
41
Download PNETLab Platform
PNETLAB Store
PNETLab.com

42
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 7 – Initializing vSmart – CLI


Task 1 - Configuring the System Component
- Configure the System parameters based on the following:
o Host-name : vSmart1
o Organization: PNETLAB
o System-IP: 10.1.1.102
o Site ID: 1
o vbond Address: 199.1.1.3
o Timezone: Based on the appropriate Timezone

Note: Default username: admin Default password: admin

VSmart

config
!
system
host-name vSmart1
system-ip 10.10.10.3
site-id 1
organization-name PNETLAB
clock timezone America/Antigua
vbond 100.1.1.3
!
commit

Task 2 – Configured the vpn parameters


- Configure the VPN parameters based on the following:
o vpn 0
▪ Interface Eth1
▪ IP Address: 100.1.1.3/24
▪ Tunnel Interface
▪ Tunnel Services (All, NetConf, SSHD)
▪ Default Route: 100.1.1.1
o vpn 512
▪ Interface eth0
▪ IP Address: 192.168.100.3/24

vSmart

config
!
vpn 0
no interface eth0
interface eth1
ip address 100.1.1.3/24
tunnel-interface
43
Download PNETLab Platform
PNETLAB Store
PNETLab.com

allow-service all
allow-service netconf
allow-service sshd
no shut
ip route 0.0.0.0/0 100.1.1.1
!
vpn 512
interface eth0
ip address 192.168.100.3/24
no shut
!
commit

44
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 8 – Initializing vSmart – GUI


Task 1- Add vSmart to vManage
- Navigate to Configuration -> Devices -> Controllers -> Add Controllers -> vSmart and specify the
following to add the vBond in vManage.
o IP Address: 100.1.1.3
o Username: Admin
o Password: Admin
o Check Generate CSR
o Click OK

Task 2 – View the generated CSR for vSmart and Copy it


- Navigate to Configuration -> Certificates -> Controllers -> vSmart -> View CSR

45
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- It will open a window with CSR. Copy by using CTRL-A and CTRL-C

46
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 3 – Request a Certificate from the CA Server


- Browser to http://192.168.100.5/certsrv
- Click “Request a Certificate”

- Select “Advanced”

47
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the CSR in the box by using CTRL-V and click Submit

Task 4 – Issue the Certificate from the CA Server


- Open Server Manager -> Roles -> Active Directory Certificate Server -> PNETLAB-CA -> Pending
Request.
- Right-click the request -> more action -> all tasks and click “Issue”

48
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Task 5- Downloading the Issued Certificate


- Browser to http://192.168.100.5/certsrv
- Click “Check on Pending Certificate Request”

- The issued certificate link will show up. Click on the link

49
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Select “Base 64” and click “Download”

- Open explorer and navigate to the downloads folder.


- Change the name of the Downloaded file “Certnew” to “vSmart”

50
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Open the vBond.cer file using Notepad


- Copy using CTRL-A and CTRL-C

Task 6- Installing the Identity Certificate for vManage


- In vManage, Navigate to Configuration -> Certificates -> Controllers
- Click on the “Install Certificate” button at the top right corner

51
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- Paste the Certificate (CTRL-V).

52
Download PNETLab Platform
PNETLAB Store
PNETLab.com

- The Identity certificate should be installed for vSmart and pushed to it.

53
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Lab 9 – initializing vEdge – CLI


Task 1 – Upload the WAN Edge List
- On the vManage Main windows, Naviagte to Configuration -> Devices. Click on “Upload WAN
Edge List”.

- Select the file you downloaded from the PNP Portal. Upload it and check the Validate option.

54
Download PNETLab Platform
PNETLAB Store
PNETLab.com

55
Download PNETLab Platform
PNETLAB Store
PNETLab.com

vEDGE-1

56

You might also like