Cisco SD-WAN: Basic Configuration Lab

Appendix: Initial Lab Setup

ip addr add 10.0.0.10/24 dev eth0 || true
ip route add default via 10.0.0.1 || true
grep -qxF 'PermitRootLogin yes' /etc/ssh/sshd_config || echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
/etc/init.d/ssh restart
openssl genrsa -out SDWAN.key 2048
openssl req -new -x509 -days 2000 -key SDWAN.key -out SDWAN.pem -sha256 \
-subj "/C=$A/ST=$B/L=$C/O=$D/CN=$E"
conf t
system
host-name vBond
system-ip 10.10.0.4
site-id 10000
organization-name YOUR-LAB
vbond 10.10.0.3 local vbond-only
!
vpn 0
interface ge0/0
ip address 10.10.0.3/24
no tunnel-interface
no shutdown
ip route 0.0.0.0/0 10.10.0.1
!
commit and-quit
vshell
scp root@10.0.0.10:SDWAN.pem .
exit
request root-cert-chain install /home/admin/SDWAN.pem
conf t
system
host-name vSmart
system-ip 10.0.0.201
site-id 10000
organization-name YOUR-LAB
vbond 10.10.0.3
!
vpn 0
interface eth0
ip address 10.0.0.200/24
no tunnel-interface
no shutdown
ip route 0.0.0.0/0 10.0.0.1
!
commit and-quit
vshell
scp root@10.0.0.10:SDWAN.pem .
exit
request root-cert-chain install /home/admin/SDWAN.pem
conf t
system
host-name vManage
system-ip 10.0.0.101
site-id 10000
organization-name YOUR-LAB
vbond 10.10.0.3
!
vpn 0
interface eth0
ip address 10.0.0.100/24
no shutdown
ip route 0.0.0.0/0 10.0.0.1
!
commit and-quit
vshell
scp root@10.0.0.10:SDWAN.pem .
exit
request root-cert-chain install /home/admin/SDWAN.pem
openssl x509 -req -in vManage.csr -CA SDWAN.pem -CAkey SDWAN.key \
-CAcreateserial -out vManage.pem -days 2000 -sha256
openssl x509 -req -in vBond.csr -CA SDWAN.pem -CAkey SDWAN.key \
-CAcreateserial -out vBond.pem -days 2000 -sha256
openssl x509 -req -in vSmart.csr -CA SDWAN.pem -CAkey SDWAN.key \
-CAcreateserial -out vSmart.pem -days 2000 -sha256
conf t
vpn 0
interface eth0
tunnel-interface
commit and-quit
conf t
vpn 0
interface ge0/0
tunnel-interface
encapsulation ipsec
commit and-quit
config-transaction
!
hostname S100-CE1
username admin priv 15 secret admin
no ip domain lookup
!
system
system-ip 10.100.10.2
site-id 100
organization-name YOUR-LAB
vbond 10.10.0.3
exit
!
ip route 0.0.0.0 0.0.0.0 198.51.100.5
ip route 0.0.0.0 0.0.0.0 203.0.113.5
interface GigabitEthernet1
no shutdown
ip address 198.51.100.6 255.255.255.252
interface GigabitEthernet2
no shutdown
ip address 203.0.113.6 255.255.255.252
!
commit
end
copy scp://root@10.0.0.10:/SDWAN.pem bootflash:request platform software sdwan root-cert-chain install bootflash:SDWAN.pem
config-transaction
!
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
interface Tunnel2
no shutdown
ip unnumbered GigabitEthernet2
tunnel source GigabitEthernet2
tunnel mode sdwan
exit
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color private1
exit
interface GigabitEthernet2
tunnel-interface
encapsulation ipsec
color public-internet
exit
exit
!
commit
end
request platform software sdwan vedge_cloud activate chassis-number UUID token OTP
config-transaction
!
hostname S200-CE1
username admin priv 15 secret admin
no ip domain lookup
!
system
system-ip 10.200.10.2
site-id 200
organization-name YOUR-LAB
vbond 10.10.0.3
exit
!
ip route 0.0.0.0 0.0.0.0 198.51.100.9
ip route 0.0.0.0 0.0.0.0 203.0.113.9
interface GigabitEthernet1
no shutdown
ip address 198.51.100.10 255.255.255.252
interface GigabitEthernet2
no shutdown
ip address 203.0.113.10 255.255.255.252
!
commit
end
copy scp://root@10.0.0.10:/SDWAN.pem bootflash:request platform software sdwan root-cert-chain install bootflash:SDWAN.pemconfig-transaction
!
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
interface Tunnel2
no shutdown
ip unnumbered GigabitEthernet2
tunnel source GigabitEthernet2
tunnel mode sdwan
exit
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color private1
exit
interface GigabitEthernet2
tunnel-interface
encapsulation ipsec
color public-internet
exit
exit
!
commit
end
request platform software sdwan vedge_cloud activate chassis-number UUID token OTP
conf t
system
host-name DC1-VE1
system-ip 10.1.10.2
site-id 10000
organization-name YOUR-LAB
vbond 10.10.0.3
!
vpn 0
interface ge0/0
ip address 10.1.1.2/30
no tunnel-interface
no shutdown
ip route 0.0.0.0/0 10.1.1.1
!
commit and-quit
vshell
scp root@10.0.0.10:SDWAN.pem .
exit
request root-cert-chain install /home/admin/SDWAN.pemconf t
vpn 0
interface ge0/0
tunnel-interface
encapsulation ipsec
commit and-quit
request activate vedge_cloud chassis-number UUID token OTP

--

--

Senior Network Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store