All Cisco CCNP Enterprise 300-415 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the 300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Router Deployment

1. 3.0 Router Deployment

Let us start with section number three. In this section, we are going to learn in depth about the router deployment. So you have your data center, your branches, you know how to create the template, and you know how to deploy your devices. Let's see how that's. What's the agent's agenda for this particular section? So describe the Van Edge deployment. What are the onboarding steps? We have zero-touch provisioning—plug and play. What are the steps involved in that in the case of deployment? So you are deploying the datacenter's original hub or branches. So those things need to be explained, then the components of the data plane and how you are providing high availability and redundancy. So for that, we have the T lock extension; we can go and use VRP. We may have L three related, highly available peers. Then we must comprehend the use of the overlay management protocol and TLC, as well as how we will verify these TLC and OMP, as well as the connection between the underlying and the overlay. So that's the whole idea of this section. Let's continue.

Now we have done the controlled deployment. So, in my manage dashboard view, I have V smart and V want configured. What are the steps to deploy the V-Agedor C-Edge that we'll discuss here and in the upcoming three to four or maybe five to six recordings? You will learn and understand more and more about that. Although Cisco has provided a nice document about the deployment, I will tell you about that document as well. So you can go and check the Cisco deployment design documents as well. What are the high-level steps? You should have the minimum configuration for the edge devices. There are now two types of form factors: hardware and virtual. Most of the steps, such as configuration, are the same in both cases. Now, in the case of a hardware device, you may use ZTP (zero touch provisioning) or plug and play. Because software does not have the burnt-in physical addresses for these addresses, you must manually assign the serial number in the case of software provisioning, so you must configure these devices and discuss the minimum configuration, and then we should have routing towards the controller. And the next phase is to do the authentication now because everything is preloaded inside the TPM chip.

So, in the case of hardware, authentication is very simple, but in the case of software, you must now perform manual authentication, so, for example, what is the configuration for DC One and DC Two? So, as we discussed previously, you must perform minimal configuration, including system-wide configuration such as host name, system, IP, site ID, URL, or IP. So like that, you should go and do the configuration for Dcvh One and Dcvh Two. Then in this particular step, I want to highlight one very important thing: while you are doing the deployment, at that particular time when you are doing the configuration for the controllers, what you are doing is that you are going inside VPN 0; you are going inside the tunnel interface. That's it. But in the case of data-plane devices, you have to assign the encapsulation and color. So what's the difference? We know we have VPN interfaces or VRF zero. So, for example, VPN zero Now, in the case of control plane devices, the control connections are the number of connections only. Assume that if I or Vs. March have vanished, they will form either DTLs or TLS. But in the case of edge devices or branch devices, there may be different types of connections. So you may have IPsec over VPNzero, DTLs, or TLS. This tunnel interface is a DTL TLS command, but the encapsulation Ipsick is there to form the IPsec tunnel. That is the only configuration we have for the IPsec rest. Each and every step is automated. Now again, we can go, and if I have two interfaces, one interface does not have a label, but one interface colour is gold, and the other interface colour is MPLS.

So we can go and assign the colour and then the static route pointing towards the gateway, as you can see in the CLI. Also, this looks like this. Then you have an IP route. And then, because we are doing the manual certification process, we have to go and do this request root search and install the public key of the roots here on all the devices. Once we've done that, I'll explain later that if you go to the vanished dashboard and check the devices, you'll notice that we manage the dashboard from within. You have two options. Either you want to sync the serial number or remember the serial number and the OTP. In the case of VirtualBox, you can either do it manually or use V Smart Autosync. Not via Smart, autosync the Vsmart or auto sync the smart account. We can go over this a little more in the next session. So you have something called a Cisco smart account. They will provide you with some sort of plug-and-play portal where you can create the controller profile as well as all of the device lists you can add. And your domain has a connection with the PNP portals. When you click "auto sync," all information related to the actual serial number and chat society will be synced with V manage. If you don't have that option, then you can get the serial file from the OEM from the vendor and upload it. While uploading, you must validate the uploadedvia list and send it to the controller.

Now these files will look like this. Here you can see the chassis ID and the token number. Token numbers are simply a type of OTP (one time password) that can only be used once. If you use it once and it expires, you have to regenerate the token number one more time. But once you upload these files to the VManage, then it will look like this, and you can push the configuration from the VManage to the old devices or, if you are doing manual configuration, we have already done the configuration related to system-wide configuration and related to VPN zero configuration. So let me quickly revise those things. We know that important configurations are system-wide configurations, where we have listed five important things. Do you remember what those are? hostname system.ip, site id.org name, and V bond IP address Then we have VPN zero, where I have two interfaces, one with Internet gold and one with M plus, and then we have a VPN for management purposes. Once you reach these steps, you upload the serial number and the chassis ID, or the chassis ID and OTP. Then, in order for the certification to be successful, you must perform the certification process, which includes installing the public key on all devices, as we have done with this command. And then you have to log in to the device.

So here you can see the chassis and the token number and the serial number, and this is the thing I was talking about, that you can do auto-sync for smart accounts as well as upload the list. So what you have to do at this point is go to the edge device, and these edge devices are either software edge devices or cloud devices, and then you have to go and type this command request VH cloud, activate the chassis number, and enter the OTP or token. Once you activate, then the certification process will get completed, and if you go and check the dashboard, you'll find that you have Van Edge devices deployed. So you now have a counter for Vsmart V Bond and a counter for the vanished. All right, so this is the process again, and we are going to discuss more and more about it in the upcoming session. Now, from this point of view, what I want for the coming section is to walk you through the dashboard because we have done so many things related to the V management dashboard but haven't gone through and checked each and everything or each component inside the V management dashboard. So we should go and check all the options and features inside this particular dashboard. So let's just stop here, and in the next section we are going to discuss how we manage dashboards.

2. vManage Dashboard 01

In this section, I'm going to tell you about the V Manage dashboard. And you'll see on this tour that there are so many things we can do with the fabric we manage, and it's actually quite a robust tool to manage everything inside the fabric. So once you log in and give your username and password, you can see that you will get one summary dashboard.

And in this summary dashboard, you have different types of places. So you can see on top that you can move the device up and down. You can see the green up arrow, and if it is a red down arrow, that means that device is down. Then you can see the control status, the site health, the transport, et cetera. Then you can see the van inventory, and it's quite easy to just see the dashboard and figure out what the summary of the Victoria fabric is. So, right now, I can see the dashboard and see if there are any down counters or partial failures, or any application-related issues, app-related information, or anything else we can get. And, once again, it's very interesting here that if you see this particular dashboard and want to know a lot more information about devices, say, Vanish. So I can go and click this arrow. If you click that again, a 117-page list will come. You can choose that particular device, and again, you can log into that particular device's dashboard. So this is one way to summarise whatever is happening behind the scenes. And from this summary dashboard, as per your read-write permission, you can go and drill down inside. So, for example, application-aware routing Here, you can see that you have a square box.

You can expand it by clicking here, then check the loss, latency, and detail. You will get charts, you will get lists, et cetera. Now, in this dashboard, Cisco has added three dashboards. So this is the main dashboard you're looking at. Then you have a VPN dashboard. Then you have a security dashboard because Cisco has added security features inside the Cisco SDWAN. Then you have the monitor tab here. Configuration tab. The configuration tab is enormous. Now, from the configuration tab, you can configure the device template, the local policy, and the central policy. Then you can configure cloud on ramp as software, infrastructure as a service, service, and so on. This tab is actually huge; all configuration stuff can be found here and configure from here. Then we have tools. Suppose you want to have the log, take a file, reset something, or assess the devices. You can use the tools to perform maintenance, software upgrades, reboot the device, and other similar tasks. So image-related steps are included in the maintenance. Then you have administration. Again, if you go inside administration, if you click, you'll find that from administration you can go inside the fabric settings, and inside the settings, again, you have an N-number of options. So N numbers of options mean options related to certificate authority, options related to user access, and even options related to some sort of API integration and some sort of security features as well. So you have so many options here.

Inside administration, you can go, and you will get the option to create the cluster as well. We'll see that here we have multiple options. What I will do is log in to the VManage dashboard, and then I'll walk you all through this. If you want to do cloud reporting, you have V Analytics. We have a reporting option as well. Okay, so you can see here that you have so many features and options on the dashboard. Now let me quickly walk you towards this security dashboard; this is the VPN dashboard. Then you can go and log into the individual device, and with that individual device, you can go to the monitor and network. Inside the monitor network, you will find a list of devices. If you click, you can go to the individual device, and from that individual device, again, you can go to the individual device dashboard. So now we are inside one of the devices. For example, in Section 1.1, let's say individual devices. I can go there and look at the application usage and what the applications are. Again, you can go click on the applications. So here you can go and click this, which is showing blue. You can go inside those applications as well.

Again, you can go and check the tunnel performance, tunnel health, and events. You can see the monitor and events. These counters are present in this option, such as majorcritical minor. Later on in this section, we are going to create the device configuration template and the device-related policies. So all these things you can do I told you that if you go into configuration, you have a huge number of options. So you can see that you can go and create a template policy, a security configuration, cloudExpress for SAS, cloud on ramp, or cloudExpress for infrastructure services, etcetera. So you can have those features. Again, Cisco has added new features so that if you want to create the network topology, you can go in and create it inside the configuration and network design. Then finally, we have the troubleshooting option as well. Actually, there are two excellent options at the bottom. So if you go to that individual device, for example, we are inside Ve 12. You have troubleshooting, and you have real time. Real time is when you can get the GUI output and it will be very similar to CLI. So we have troubleshooting if we can run or verify commands from the CLI in the GUI so we can go and check in real time.

You can see we can do the device, bring up troubleshooting, ping trace, split test, APRoadvisualization packet capture, simulate flow, and debug logs. So we have all those troubleshooting options as well. Now, what I'm going to do next is that I'm going to log into the Vanage dashboard, and from the Vanage dashboard, I will go and show you all these options. Assume you have cloud integration or cloud reporting integration, which is nothing more than the vanya. Then from Vanalytic, you can go and check the network health application monitor, et cetera. We can not only view that, but we can also go back in time, fourth in time, and download those reports, okay? Finally, for the sake of vanity, we can do the forecasting as well. So here you can see that you have a nice visual representation and report that you can do the forecasting, and here you can see the forecast for those applications. Okay, we also have app route visualization. We can go to the individual device and do this app route visualization. So now let me quickly log into the V Manage dashboard and show you how you will find all these options. So once you try to log in for the first time, it will ask you about the certificate process. That means we should use my Chrome, Chrome, Mozilla, or any other browser to authenticate.

3. vManage Dashboard 02

Alright, so we logged in inside the V Manage dashboard, and here you have the summary of your fabric. So on top, you can see that you have the devices' up and down counters. At the moment, all the devices are up. As a result, we have a green up arrow. If it is down, then it will show you a down arrow here. Now, before going further, let me quickly show you here what options we have. So we have the main dashboard, VPN, and dashboard security. Then you can see inside the monitor. You can check out all of these monitor options in configurations.

You have all these configuration options that we will go and check later on in our lab. Then we have this SSH terminal to rediscover the network operational command. We can perform maintenance, upgrade the software repository, and secure device reboots. If I go inside the device and reboot it, and then select any of the devices and reboot them now, they will be secured. Despite the cloud, you'll notice that you have the task here on top. This cloud only refers to cloud on Ramfor SAS for infrastructure services and colocation. Now that this reboot has been scheduled, you can see the event as well.

So, along with all of these events, all of the CSR is generated. And here you have the help button, and then you have the user, and you have security as well. You can go and check which other devices are using which type of security. Actually, this is related to some of that "virtual security code" or "virtual image" you have put on a particular device. Mostly, we are using all sorts of security related to CSRCS devices. ISR and CSR in particular. Then finally, you have the administration. In administration, you can see that you can go inside settings. There are numerous options available once you enter the settings. See how many options we have. Then you can go and manage users. By default, you will have three user groups. You have basic netball and an operator, but you can create your own user groups as well. It's very easy to create, and that particular user will be part of that particular user group with certain read, write, or read only credentials. Cluster Manage: If you want to create devices in a cluster, you can go and add them here, and you can see that the application services server is mandatory. Then you should not have more than three iterations of static and configuration databases.

The messaging server is also mandatory, and if you want to do the application visibility control, you can enable this or cancel it. Then we have integration management. If you want to integrate your device with third-party integration, for example, ACI or CiscoDNA, you can go and do that. We have the disaster recovery option as well. We have the VPN groups, and we have the VPN segments. So now you can see that you have these many options. Finally, if you have cloud reporting, you can go and click on the analytics. All right, so let's go to the main dashboard, and from that main dashboard, what I want to show here Now you can see one of the devices we are rebooting; it is showing a down arrow, and even in the boot contour, we'll see that it will become one. We recently rebooted the device, but it is still not operational. Now, from this dashboard on top, you can see where I can go inside the individual device. Suppose if I want to go inside the DC one, I can go click the more button, and then we have this option to go to the device dashboard. Once inside the device dashboard, you can see that you can check the application, the interfaces when optimization flows stop talking inside, and the T lock. It's very nice.

Actually, with this T-lock, you can see that I have two-colour internet and MPLS. And with these two colors, we have the application usage as well. You also have the lost latency to account to as well. If you deselect from the top, you can see that the link will go down; it will not show you at the top. Now in the chart option, you can see that you have a chart related to loss percentage. You have options with the jitter as well. As you can see, you have the option to check the current time. So it will show you the real-time counters as well. Now you can go to the application usage report and drill down inside the report. So web used 68%, and now Windows update was the most used within web; what are the end points? They are using the Windows update, and what are the interfaces or what are the van links that have been utilized? So MPLS is this much, and internet is this much. You can see you have a nice chart option, and then on top you have the colours as well. Then I'll be able to cross the tunnel. So you can go and check if you have multiple channels, and if you want to deselect the channel, it will get deselected. And then you can see the chart like this here; you also have the chart option. You can go and check the chart.

You have the option of real-time as well. You can go deeper into the web application. That's the same thing that we did earlier. So now you can see how simple it is to detect which application, which channel, what is the loss latency, and for all of these things we can have a visual or graphical representation from the dashboard. Then, if you are using the CSI devices, you have the option of firewalling. Let me go back; let me log in to one of the chief devices where you have a firewall rule. It will display the fact that you have this firewall, as well as the policy name and number of bytes transferred. If you have the IPS ideas enabled, you can see the number of signature hits that it is showing, and you can see what the DNS request is for, what the destination is, what the source IP is, and what the source VPN is. It is showing you to whom this is directed to. Then you can go and check the URL filtering. If URL filtering has been enabled for the social network, the number of accounts, and the games, then we can go and check the advanced malware protection. There are two types of file reputation options in advanced malware protection: the graph and the pipe chart. You can scroll down below and see more information.

You have the counters on the top as well. You can go and check the DNS umbrella redirection as well. All right, then again, you can go and check the control connection. Control connection means your DTLs are connected via MLS or the Internet. It will appear in the top right corner. Further, we can go and check the system status because it's the software, so you will not see much related to hardware like a fan or other stuff. We can go investigate the events. You can click here and see the device details inside the event. You have the message, the priority, the source, the destination protocol, and VR. You have this much information, and you have the chart here as well. critical nine, majority 17, and minor four. So you have this here, and if you double-click here, you can go and check the individual events as well.

You can go and check if you configure ACL, and then we have the troubleshooting option where we can go and check the connectivity-related options and traffic-related options, and finally, you have this real-time where you'll get the CLI-type of configuration from the GUI. So, if you want to check the control status, you can do so as follows. If you want to see the BFT configurations, sessions, or summary, you can go and check that. Okay, so you can see how nice and easy it is that from the single GUI, from the single dashboard, you can go and check in on a number of things. So let's go back to the main dashboard. Similarly, you can go inside the V-smart, verify it, and go and verify it. So now all of these devices have their own graphical user interface, and the statistics are being sent to the management console, where we can view them all. Now, at the bottom, you can see that we have a control status. We can go and check this control again; it is redirecting towards the individual device, where you can go and check more information. Here you can see that site again; it is redirecting to the same place. Then you can go and check the utilisation of the bandwidth, the overall circuit utilization, and the upstream and downstream.

At the moment, we have very little traffic, but you have the option of checking the upload and download speeds. We have the inventory, we have the Van Health total—everyone is normal, or the four devices are normal. Then there's Transport Health, and you can see in TransportHealth and Top that you can check with Loss Latency and Jitter, and then you have counters ranging from one hour to seven days. Now that you have this information, you can get more detail by going to the individual device and selecting the more detailed option or a more detailed output. Then finally, you have the top application. You can see the applicants who are the top tuckers by clicking the square box. You have different chart options as well. So you can view different types of charts. If you want to choose a VPN, it will tell you that you can go ahead and do so. Finally, we have this application in every routing section where you can go and check the application flowing over the tunnel and what the loss latency is if you have forward error correction enabled. And it's very easy, in terms of operation, to do the troubleshooting. So operational engineers are guys who are working in operation; for them, it's easy to manage the fabric. or you can see 400 on top, but it could be 4000 or 6000 devices that you can manage from the same dashboard. All right, so this was somehow related to the Vanish dashboard.

4. Zero Touch Provisioning ZTP Theory

We have multiple ways to configure the device. We have a manual way, we have GTP in VS, and we have PNP that is plug-and-play in the CS devices. GTP is nothing but zero-touch provisioning. So what is happening in this case is that at the moment you go and connect the device, it will take the automatic configuration and the device will come up and it will be part of the fabric. That's the whole idea behind the ZTP, which means while you're doing the CTP process, that's the zero test provisioning. Everything should be taken care of by the Victoria Fabric Device, which will come and take the IP, the configuration, and the image, and it will be age, and it will So let me try to explain this thing here. Let's draw, and what are the steps involved here? What is going on, despite the fact that we have a separate diagram on the floor that we can easily understand? First, you get the box; once you have the box, for example, for V Edge, there is a specification that specifies which specific interface you should use to connect V Edge to the ISP. So, if I connect gig two to VPN zero, what are the next steps? What is going to happen? So this device is coming with default configurations.

It has some default system configuration, it has some default VPN zero configuration. If you go and check the VPN Zero configuration that I will show you later on, you'll see that inside VPN Zero they may have an IP DHCP client, which means they can take the IP from the ISP, and inside the system configuration, you'll find that the V Bond IP will direct towards ZTP Viptila.com. So that means you should resolve ZTPViptila.com, and you should get an IP from DHCP for the CTP process to be completed. So the first thing you should do is turn on the device, after which it should accept DHCP and resolve the DNS. At that point, it will be redirected to ZTP VIPELA.COM, and from there, they will check the serial number and chassis ID of this device, and then it will be redirected to local V Bond. So, for example, at localvborn.com, whatever my organisation is there Now, when we return to this point in time, we know what we want done. They are checking the serial number and chassis ID, and V Edge is checking the ORG name. But at this point in time, these devices don't have the system IP. So he will use the null IP address to form the connection with the V bond. Once V Bond has authenticated himself, he will redirect this or offer to manage IP. Now, as per the way we manage IP and configuration, point number six, or step number six, will happen like this. So we will try to establish the connection with the V Edge.

And now we're attempting to push the template. So once these guys are authenticating with themselves, suppose the Edge device is not up to par in terms of the image or the software. So we'll be able to push the image and update the edge device's image. At the moment, he will reboot. At the moment, we know that the Edge device will get rebooted. First and foremost, he will always attempt to contact Vmont so that they can communicate with him. And then again, we want He has an IP address this time. So this time he will use the IP system IP. Again, we want the V-Bond channel to redirect or offer the IP for the v-Manage and v-Smart. Finally, you can see by all of the steps at the end that we manage and ViaSmart maintains a constant connection with V Edge. And we want this V-Edge to have a temporary or transient connection. So this tunnel will be destroyed, and you will have a permanent connection, and this device will become a part of you. of the fabric. So that will be the overall plan. Let me go and show you the same thing. Here are the slides as well. As a result, you should contact the GTP. crypto.com and these interfaces we are going to use vs. thousands Gigi Zero vs. 2000 should be connected. You should connect gigi 20, then v edge 100, and finally zero four. And now you can see the sequence of steps that is taking place here. So power on the device. wants to turn on the device. They will go and resolve the DNS.

They will get the IP. Resolve the DNS. They will try to contact ZTP Peteller.com. From there, it will get redirected to VBA. They will make contact with V1. The device will then be rebooted with the V manage, and the connection will be formed with the V bond. Then it will go and connect with Vanish once more. At this point in time, we should push the template from the server to the VS device. And these are the detailed steps you have, so you can go and read out these steps. Whatever we have discussed is the same. Steps from one to eleven We have one point to note here: while you are doing the VGP process, you should push the configuration device template from your V manager to the S device. Otherwise, the GTP will get failed. Okay, so I'm going to log into the device, or we'll take a break here. Let's stop here. And in the next section, I will show you the GDP process in detail while logging the device.

Cisco CCNP Enterprise 300-415 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass 300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) certification exam dumps & practice test questions and answers are to help students.