How to Initialize vBond and Add in vManage

This SD-WAN lab practical will show you how to Initialize vBond and Add in vManage. You can practice along with this practical using our SD-WAN virtual lab.

Topology

Tasks 

1. Configure the following system parameters on vBond (Login vBond via default username: admin and Password: admin)  

Hostname: vBond 

Organization: viptela sdwan 

System-IP: 200.1.1.14  

Site ID: 1  

vBond Address: 200.1.1.4 

Clock timezone Asia/Kolkata 

2. Configure VPN0 on vBond with the following parameters 

Interface: Ge0/0 

IP address: 200.1.1.4/24  

Tunnel Interface

Tunnel Services: (All, NetConf, SSHD)  

Encapsulation: IPsec 

Default route gateway: 200.1.1.1  

3. Configure VPN512 on vBond with the following parameters 

Interface: Eth0 

IP address: 192.168.10.4/24  

4. Add controller named “vBond” in vManage using vBond IP address 200.1.1.4 (username: admin and password: admin) 

5. Generate the CSR for vBond in vManage  

6. Request a certificate from CA-Server using this CSR and download the signed certificate 

7. Install the signed certificate for vBond in vManage 

Online Cisco SD-WAN TrainingLearn from expert trainers and master SD-WAN.Explore course

Configuration and Verification 

Get the console access of vBond using default username “admin” and password “admin” 

Now you can configure the basic configuration on vBond such as hostname, organization name, system-IP, etc. as per required in this lab tasks. Add a keyword local when specifying the vBond IP  address because this device itself is a vBond.

Verify this system configuration on vBond on its running configuration  

Now configure the parameters of VPN0 and VPN512 on vBond. vBond has Ge0/0 and Eth0 interfaces, configure Ge0/0 in VPN0 and Eth0 in VPN512 (this is also a default configuration)

Note: In the topology vBond interface Ge0/0 is depicted as Eth1 which provide layer 3 connectivity to HQ 

Verify this configuration in the vBond running configuration of each VPN0 and VPN512 

You can also check the interfaces IP address assigned to them 

VPN512 is connected internally to all other SDWAN controllers including CA-Server (Window Server) in the subnet 192.168.10.0/24. Till now we have configured CA-Server, vManage and vBond so we should get the reachability to vManage and CA-Server from vBond. 

If you are trying to ping CA-Server and vManage via VPN512 from vBond then ping using VPN512

Once you have the reachability to vManage from vBond, you can add vBond in vManage. Login to vManage from Windows Server (CA-Server) and navigate to Configuration->Devices-> Controllers-> Add Controllers and click on vBond 

Here you provide the vBond IP address 200.1.1.4 (Management IP address), username “admin” and password “admin”. Also check on Generate CSR and click on Add

vBond has been added to vManage though none of the parameters are still blank 

vBond CSR has been generated for vBond, to view the generated CSR navigate to Configuration->Certificates->Controllers->vBond->view CSR

Copy the CSR using CTL-A and CTL-V, this vBond CSR will be used to generate a certificate from CA-Server for vBond 

Now browse the CA-Server (https://192.168.10.5/certsrv) and request a certificate 

Click on Advance Certificate Request

Here you can paste CTL-V the copied CSR in the box and click on Submit 

It will show the pending status however just browse the CA-Server again to retrieve the certificate

Now issue the certificate on CA-Server, open Server Manager-> Roles-> Active Directory Certificate Server-> CA-Server-> Pending Request-> More Actions-> All Tasks and click on Issue. This will now issue a certificate 

You can now download the issued certificate, browse to CA-Server (http://192.168.10.5/certsrv) 

On the next window, it shows the date and time of the saved certificate, click on it 

Now here you select the Base64 encoding method and click on “Download Certificate” to download it 

The folder where this file is downloaded and change its name to “vBond” just to have a meaningful name 

Open this file in notepad and copy (CTLA + CTLC) the content of the file 

Using this file, you can install the identity certificate for vBond on vManage, In vManage, navigate to Configuration-> Certificate-> Controller and click on top right corner on “Install Certificate” 

It will open a certificate text area wherein you can paste CTL-V the earlier copied certificate from CA-Server for vBond and then click on install 

The vBond certificate will be scheduled to be installed

In our case, the certificate installation is failed due to time mismatch between generate certificate and time on vBond 

As seen below, current time is different from the clock time 

Show system status command output

Note: You may see failure here due to current time (on vmange CLI run command “show system status”) and clock time (on vManage CLI run”show clock”) mismatch, adjust the time by setting clock using command “clock set date <> time <>”. You may have to set the clock 12 or more hours a head than standard time set by timezone Asia/Kolkata in all devices. This setting is required in all SDWAN Controllers (vManage, vBond and vSmart) 

Once clock is set correctly, try to install the certificate again and it will be installed successfully.

Go back to the Configuration-> Certificates-> Controllers, you can see vBond certificate is installed and showing all the relevant details.