This is an SD-WAN lab practical that will show how to configure Switch and Install CA Server. You can practice along with this practical, using our SD-WAN virtual lab.
Tasks
Configure the hostname as “SW” Switch, which is present in the physical topology of SD-WAN controllers.
Configure VLAN 192 and VLAN 200 and assign the respective VLANs on the ports connected to SD-WAN Controller devices and CA Server as per the table below. Then, verify it with the logical topology diagram.
On CA-Server
1. Configure IP addresses 192.168.10.5 and 200.1.1.5 on Interfaces Eth0 and Eth1 respectively. Also assign gateway IP address as 200.1.1.1 on interface Eth1.
2. Enable DHCP on interface Eth2 to receive a dynamic IP address from the Internet. Make sure it gets an IP address in range 192.168.1.0/24
3. Set the clock back by eight hours to synchronize with other devices
4. Add role as certification authority (CA) server by adding Active Directory Certification Services.
● Cryptography CSP as RSA with key length of 2048
● Common name is CA-Server
● Validity is 5 years
5. Install WinSCP and PuTTY in Windows Server (CA-Server)
Configuration and Verification
All SDWAN controllers’ devices are connected via a switch, first, we need to configure this switch to get the connectivity between these devices.
ShapeVLAN 200 is configured on switch interfaces Eth1/0-3 and Eth2/0 which gives layer 3 connectivity towards HQ and VLAN 192 is configured on switch interfaces Eth0/1-3 which gives layer 3 connectivity to SDWAN controller devices. You can also give interface descriptions if you are wise.
Verify that the VLANs are created, and switch interfaces are assigned on the respective VLANs.
Now configure the Windows Server 2008 interfaces for it to be prepared for CA-Server, power on this windows server and login into it. On the console of this server use virtual keyboard to press CTRL+ALT+DELETE to login
In this way you can have a login prompt (here you can close the virtual keyboard), here you can see two users. Login via username “uninets” or “Administrator” and password “uninets@123”
After login it will prompt an activation windows, just need to cancel it. (DO NOT ACTIVATE)
Once you logged into the windows server, you can start configuring its interfaces, open “open Network and Sharing Centre” to configure its interfaces.
Go to the change adaptor settings, where you can see all the interfaces of the server
There are 4 network interfaces out of which Local Area Connection 4 (depicted as E2 on our topology diagram) is connected to internet, so make sure this interface is configured to receive a dynamic IP address in range 192.168.1.0/24 form DHCP.
Verify that IP address received on this interface and other details like gateway and ping www.google.com to check we have internet connectivity on the server.
Configure interface Local Area connection (Depicted as E0 on our topology diagram) with a static IP address 192.168.10.5/24 which is in VLAN 192 on the switch side and connecting to all other SDWAN controller devices internally.
Similarly configure interface Local Area connection 2 (Depicted as E1 on our topology diagram) with a static IP address 200.1.1.5/24 which is in VLAN 200 on the switch side and connecting to HQ router.
Verify that both IP addresses are configured on these interfaces, we have already checked the interface which is connected to the internet.
Now it’s the time to install root certificate server. First add role for “Active Directory Certificate Services”. Login to window server with username “Administrator” and password “uninets@123”. Go to the Server Manager and Add Roles.
It will open a Add Roles wizard, just click on next to move forward
It will not open a server role wizard wherein select “Active Directory Certificate Services” and click on next to continue
Click on Next to continue
On the role services, select “Certification Authority Web Enrolment” to install Active Directory Certificate Services. “Certificate Authority” is already selected. It will prompt the below windows just click on “Add Required Role Services”
On the setup type “Standalone” is selected by default so just click on Next to continue
Next specify the CA type, here you select the Root CA and click Next
Now to generate and issues certificates to clients, CA should have a private key, so select “Create a new Private Key” on the next window and click on Next to continue
On Cryptography select CSP as RSA with key length of 2048 and click on Next
As per the task common name for CA server should be CA-Server and click on Next
Select 5 years for the validity period for the certificate generated for CA. Also select the default path for CA database (it is selected by default so nothing to change) then click on Next
Now click on next on all window (nothing to change) and finally reach to confirmation, it will give you warnings just ignore them and click on Install
It will now start the installation so wait till the installation gets completed
Once the installation has been completed check on Results, it will show installation successful. Close this window to proceed further.
We are also required to install WinSCP and putty application on the server. These applications will be used by other labs in this workbook.
Open google chrome and search for “download WinSCP for windows” and “download putty” and download them, once downloaded them execute these files to install these applications by double clicking on the exe files.
Putty application, this application will be used to login devices in other labs
WinSCP application, this application will also be used for getting access of the devices in other labs
Class Sessions
