300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

Router Deployment

5. ZTP Lab

Now I'm going to show you the ZTB process and how this looks like.Let me quickly show you the default configuration that the device is set to. So if we go and check the siren system here, you can see that the system-wide configuration is pointing towards ZTP Viptiller.com. And if we go and check the VPN zero configuration, we are ready to get the IP from the ISP. All right? So here we have these basic configurations.

What we need to do is get this process started. So we understand and see each and every step. But I'll do that; I will do the monitor start for the syslog so we can see whatever is happening over the screen. And here you can see that at the moment we don't have IP or any of the VPN interfaces, but we do have the management IP from where we logged into the device. All right, so what we have to do is go and push the template from We Manage. So let me quickly log into the We Manage dashboard. Here you can see the configuration and the template. We have built-in templates here that I can use. Here you can see that the device attached is zero. So let's go and attach the device.

We can confirm that this is the chassis ID that we want to attach, and that can be confirmed from the We Manage dashboard. Now, if you know these variables, and later on we'll discuss how we can do it, how we can create the feature template, and how we can create the CLI template, We can talk about those things. But if you know these things, you can go ahead and enter these values, such as by clicking edittemplate and entering all of these values. Assuming you don't require these items and have them in the CSV file, you can upload it. So there are options. Download this, fill in the blanks for all the CSV entries, and then you can go and upload it. So what I try to tell you here is that if I open the CSV file and show you this, you can see what exactly they look like. So let me quickly show you this:

You can see how they look and what the fields are that you want to feel. So these are the values that are missing here. And what we can do is, if you download this, you will download that template without any fields. But if you have already done that, you can click "upload," choose the file, and I can go to the desktop and put that file there. Once you upload it, you'll see that all those values will be filled up. Now we'll go next, and this is secured.

Meanwhile, we'll go to the place where we want to see all the inputs. Now, at this point in time, say that your Van interface is down; it will not work. So your Van interface should be up and running, and we should get the IP from the DHCP server. Anyway, if you don't have the IP from the DHCP, we can't resolve the first step, and this obviously won't resolve the other steps. So I'm turning off the Vaninterface, which was turned off by default. I have enabled that. And once the Van interface is up, then you will see that we will start getting the Syslog messages. Okay, so we'll wait until we start getting the Syslog message. Now you can see that I got the IP with this range, and it's trying to resolve the VPN and the DNS resolution.

ZTP crypto.com is the domain name. Then you can see that ZTP crypto.com is something he can get to. And once we arrive at ZTP crypto.com, it will redirect that information to the desired local. In our case, the desired local is Vbont Cisco.com. And now we'll see where it is. So here you can see if I can show this; otherwise, I'll copy these log messages to the notepad, and then I will show you all the steps. So now you can see this Vbont Cisco.com appearing, and once I connect to it, it will offer the V manage IP. So my VBONT Cisco.com or my local VON will offer the rebound IP, 19818-110, to the local edge, and the local edge will attempt to establish the connection. We obviously pushed the template once it formed the connection.

And let me do one thing quickly. Here, it is going fast. Let me copy all of these log messages into a notepad and then go through them because whatever steps we see here are exactly the same steps or the exact same thing that is happening behind the scenes for the process. So if you understand these steps, these steps will help us drill down on the process behind the scenes. So let me quickly go and copy this. These are copied; I will go and paste them inside the notepad, and let's see. So first of all, what happened? It will look up ZTP Viptila.com. So here you can see that GTPretailer.com has been resolved. Once that is resolved, he will redirect it to the local V one, which in our case is Vbont Cisco.com.

So here you can see line number 27. Once that is resolved, we have the IP, the system IP, at this point inside. Actually, this is the system IP. or the S device. Now. System IP. The S device is getting the system IP from the server we manage. They will try to connect to VBT Cisco.com again now that they have the IP from the V Manager. That is ten 4010 kay with this particular system.

So that means the overall thing is that first of all, they will bring up the control connection. Once the control connection is established, indicating that the DTLs are operational, they will proceed to form the OMP session. Once we have the OMP session established, my Vs. Smart will exchange the IPsec keys and Tea Lock information between devices. Once they exchange the IPSE key and Tlock information across different devices, these different devices will initiate the IPC tunnel, and secondarily, they will send the BFT packet inside OMP. So my VS mark should know that, okay, these are the channel endpoints, and BFE is tracking those channel end points inside the OMP. That message will go out and get exchanged.

Now, once my control plane is up, once my OMP is up, and once my data plan is up, then only with the help of OMP will these devices go and install the routing information, or routing table. So we have basically three different types of tables. We have the OMP table, the routing table, and finally, the fibre table, which is the IP to the next stop, thanks to the routing table. So here, you can see all these processes happening.

Then, whatever OMP has or whatever OMP-based path has there, they will go and push that information to these devices. And this is the way that the GTP process is working. So once the GTP process is up and running, you can see the branches; they have their actual names. And you can go and check the control connection. You can go and check the IPsec inbound and outbound connections. You can go and check the outbound connection as well. Likewise, you can go and check the BFD sessions, and you can go and check the channel in detail as well. That is the statistic. This information is available for you to check. All right, so I hope you understand the DTP process. Now, PNP is also very similar to GTP with a few minor changes that we can discuss in the upcoming sessions.

6. WAN Edge On-boarding

I do recommend that you follow these URLs that I'm going to show you here. And in this section, we are going to do the summary as well. So whatever study we have from the last four to five videos or sessions, I'm going to do a quick summary for that. You should go and visit these URLs. These are very nice documents. You can see it's a very recent one as well. 2020 Jan. And here you will get some more information about the device's onboarding. Actually, we should be aware of the specifics of device onboarding and the Plug and Play portal. So the customer now has a smart account, and we can see everything with those smart accounts. And this is not only specific to SDWAN; this is the complete lifecycle for DNA as well.

Or you can think that this is the new type of licence management option that Cisco is giving us. So we can go to the software site, Cisco.com, and you can go and check your smart licenses and your virtual accounts, and from there you can go and check the plugin portal as well. Okay, so please go through and check these documents. Now we have discussed these earlier steps that you are seeing here. So, when you onboard the device, it will first attempt to establish a session with rebound, which is what we want it to do as an authenticator. Once V1 has authenticated, you will bypass that message to the we manage and the Vsmart, and the connections will be formed. Once your control plane is up and running, the data plane will form, and then, with the help of OMP, the Vsmart has the actual control plane. It will push the configuration to the edge devices—that's the overall flow that we have seen.

Now we have learned about the ZTP process and how different this PNP is. Let's discuss that. So, once again, you can see the steps you take when onboarding Cisco Edge devices. So, instead of ZTP Viptiller.com, they will query the PNP server, which is somethingDeviceHelper Cisco.com. And from there, it will get redirected towards the local we want, and the rest of the process will be the same as the one we have a study. This is the nice workflow or flow of the smart licences connected with the PNP connected with the VTP process. So you can see that you have your V manage settings and that this V manages what this vanage does.

Let me quickly go and log into the Vance dashboard. So if you go to the wemanaged dashboard, configuration, and devices, you can see here that you have the option to sync a smart account. At the moment, you will go and click here, and all the serial numbers and chassis IDs will pop up here, along with those serial numbers and chassis IDs and the controller profile you should create inside the van. So you can see that you have your V under control. If you do auto sync, it will sync with the PNP portal and the ZTP server as well. As a result, the Vs devices will query the GTP server for the serial number and chassis ID before being redirected to the local V. In the case of C Edge, they will go and query the PNP portal. So here you can see that you have a sales engineer; they have the controller profile updated in PNPportal for the customer or partner.

They can go to CCW, where they can manage the smart account, the virtual account, and the hardware inventory list. Actually, from that PNP portal, you don't need to raise some sort of RM case or hardware replacement or take those steps directly. You can go there and fill out all the forms, and you can visit. So it's a nice and easy way to manage your profile and the devices in your inventory, licence sets, etc., from the PNP portal. So we know at this point, and this is another very interesting and important diagram, that the data plane and control plane that make up the OMP control plane are your Vs. smart and Vs. manage. They're using netcon to push the configuration, and the connection we want is only temporary; we don't have a permanent connection with V1. In this slide, you can see which device is using what. So for iOS XC, they are using PNP and VEdge, and they are using ZTP for automated deployment.

So we have automated deployment and we have manual deployment as well. Assuming we also have the bootstrap method, which means the iOS XE, you can upgrade the iOS XE image to the SDWAN image and then run the SDWAN feature inside the iOS XE; you may already have the SDWAN image on your iOS XE. So you can go and start writing the code, which means you can do the manual deployment. Later on in this section, I will show you how manually you can go and configure the devices. So this is the summary, and you can see that you have all sorts of options. You have automated deployment, you have manual deployment, and we can use the bootstrap as well. Now here we have the list where you can see which device is using PNP, which is capable of bootstrapping, which is doing the manual in terms of iOSXE, in terms of VH, different hardware platforms.

You can see, and this is a little bit up, actually, that the VH cloud should be cut off here, and the manual is okay, but with the VH cloud, how much automated deployment we can do, we have seen in the last session. All right, and once again, this will redirect to devicemanager.Cisco.com if you're doing the PNP and myASR thousand two X, because they don't use PNP and it isn't applicable to them. But the rest of the hardware shows that they can do PNP and have the manual option as well. Now, while you're doing the VTP, which interface are you connecting with on the van? So, for vs. 101 hundred bgig, e four gig, and vs. zero 20020 5000 on the first available network slot vs. cloud, you can see This is not required in the manual process.

I always try to explain why system-wide minimum configuration and VPN configuration are required. Inside VPN configuration, you have interface tunnel routing, default routes, and management interface configuration. So, if you complete all of these minimum configurations, your manual process will be operational. After that, you can add different features like approute, QS, local policy, central policy, etcetera, etcetera. But first, bring up the system, and then later on, you can go and do a number of things. Now suppose your devices are behind the firewall, and here you can see the list of firewall ports related to UDP and TCP that should be opened. So here you can see that for UDP 12346, that is the default. But I try to tell her that if you go ahead and check the show control connection, you can see the port number here, which is 12346, and then they will jump to port 20.

So these are the port numbers 123-461-2346; they will jump to 20 and try to get whatever the available ports they have. In TCP, they are using 23456 like this. So if it is behind the firewall, the idea is that you should go and create rules to open those port numbers. Now, the basic configuration in V-Edge is "show control connection," but in C-Edge, you must use the keyword "show SDWAN control connection." Again, you can see that you have a control connection in V-edge. Actually, these outputs we have seen, we haven't seen with the Chiege. So please allow me to quickly log into the cage and show you these results. Here I am logged in inside the ch, and I can type "show SDWAN control connections." So you can see that the command requires you to use SDWAN as a keyword. Then you can go and run those outputs. Again, I can go and check SOSDWAN, and then let's add a question mark. So you have control, and with control, you can see that you have connection history, info connection, local property summary, etcetera. So everything is fine, but you have to use the keyword SDWAN to run these commands.

7. Device Configuration Starts from here

Now, next in our series of videos, we have one related to configuration, so I'm going to show you how we can use the feature template and the CLI template to configure the devices. Regardless of whether the devices belong to a data centre or a branch, The template will be created in the same manner. Either you can push to the branch or you can push to the data center, or you have a mixed type of branch, or you have a dual device branch, or you have a single device branch, and you have different types of categories, like silver, branch, platinum, gold, etc. Or mix it up so everywhere the same process is used to create the feature template or CLA template, which you can then push to the branches or data center.

8. Lap Topology

Let us discuss the lab topology. In our lab, we have two data centers, say DC one and DC two, and two branches, branch one and branch two. So we can see that I have DC one, followed by DC. Now, what is the IP schema we are using in DC one? In the land segment, let me draw the land segment here. So in the land segment, I have 198-18-1280. Let me write here. So I have 198-1812 in the land: eight dots, zero slashes, and 18. Alright? And in the DC-2 segment, you can see that I have ten. So far, 200:24. So these are the land IP addresses we have in DC 1 and DC 2. Similarly, we have land in branches. So the land segment in branch one is ten three.

For example, "zero, zero." And branch number two is linked to one of the routers with a subnet of 10-40, dot zero. So these are the land sites that we have. Apart from that, we have the IP addresses assigned to my V-Edge routers. So let me explain how the Vipelafabric or the SDWAN fabric works. You can see here that in between these yellow circles or boxes, we are running our SDWAN fabric. In terms of the DC fabric, you can see that these DC devices are linked to CE routers. So I have MPLS ce. I have access to the internet.

Once more in DC 2. Also, I have MPLS. This is MPE LSCE, and this is Internet ES. They're connected to the C routers. Obviously, they will connect to PE and then to Peters in this manner. However, branch devices are directly connected to, say, MPLS, and they are directly connected to the internet. For example, in branch number two, this router has a dual connection. However, in branch number one, I have two routers connected back to back. In between, I have HSRP or VRP as well. Generally, we have VRP. So in between, I have VRP. But one router is connected to MPLS, and the other router is connected to the internet. So we have connectivity in the branches in this manner.

Now let's come back to the data center. In the datacenter, you can see that the connection is a little complicated. So here I can see that one of the VHS routers is connected to MPLS, and then it is going towards the internet. Then there's the MLSP and the internet P at the bottom. Now, a good thing is the IP address. The schema is very simple. So it begins with, say, 17216. You can also take zero and a network. So 100 1 2 has interfaces to the SD router and the C router. So now you have 1721, 6100, 110, 120, and you can think, okay, I have IP addresses 10 00:11, twelve, and thirteen. Likewise, if you go to DC 2, the IP address starts with 172, 116, 202-1222, 3. Straightforwardly, we have IP addresses for the CE devices. Similarly, if I go to the branch and look at the IP address towards the ISP, or towards the MPLS, it always starts with 172 one six, so here is 30, and the other branch is 172 one six four dots zero.

On the internet, we have IP 100 dot 64. So, in branch one, that is 30 and in branch two, that is 40. So now you can see all the IPS that we are going to use in this. In addition, we have system IP over the boxes; the system IP is nothing, but you can refer to a loopback zero address that can refer to all the interfaces, and we have one unique system IP per box. So we have seven V-edge routers in our database. How distinct is our IP system? We have a unique system IP for DC 1, which is ten10, dot one; a unique system IP for DC 1 VH 2, which is ten dotone, zero, two; a unique system IP for DC 2 VH 1, which is ten twenty one; and a unique system IP for DC 2 VH 2, which is ten twenty two.

Similarly, in the branch, this will begin with 10 30 1 and then continue with 10 30 2. Finally, there are ten and forty-one. So starting with "ten one," then "ten two," then "ten three," and "ten four," So, for example, if you see "tenone," you will immediately recognise it as belonging to DC one. If you see 10 3 immediately, you can understand, "Okay, this belongs to branch 1." So this is the IPS key we have, and apart from that, these devices that we have here in our infrastructure have something called a Site ID as well.

So that Site ID, all of these data center branches have Site ID. Site ID. What is the use case of site ID? While we are using the site ID, we will learn more and more in the upcoming sections. So this has the site ID of 100, this is the site ID of 200, this is 300, and this is 400. Site ID is now simply the grouping of devices in the same branch. So a data center has Site ID 100, and all these devices have Site ID 100. That means they belong to a site that is referred to with the number 100. So the grouping of the devices with the same logical number is the site ID. So this is the overall topology we have. Let's stop here. Obviously, as we work through the lab and complete various tasks, we will learn more about the IPS scheme and traffic flow in the following sections.

9. Device Configuration via vManage

Let us discuss how we can go and configure the devices because this is the SDWAN fabric. All of the devices that they are a part of should be managed through the Vanish. So that means I can create this device configuration template from what we manage, and I can push it to different devices. We'll see what types of devices we can push and what templates we can use. But to understand this configuration template, first of all, we should understand the configurations inside the SDWAN fabric. So we need to know what kind of configuration and configuration hierarchy we have in the SDWAN.

So from We Manage, I can configure the devices via the CLI template or via the feature template. These are the two options we have. Now suppose if that device is not managed via V management, so you can locally log into that device, and via SSH or the login method, you can log in to this device and do local configuration as well. But if the device is not detached from the V manage, but is attached, we can do the CLI template, the feature template, and then the configuration.

And then we can implement it as a CLI or as a feature. We have a variation on this. We see. That in CLI, we can also create variables in features, and we can also create variables for both of you, as we'll see later. Before we get there, let's go over the configurational parameters, or what the configurational things are in the device. So, for example, if you go to a Cisco switch and type show run since I switch or a Cisco router, you will get the hostname and then the detail about, say, DNS. Then you'll get some other "triple configuration," some other parameters, interface configurations, SNMP, and the final configuration, whatever it is.

But if you go to the V edge and type show run, you will get this type of configuration, which means first of all, you will get system-wide configuration. After that, you'll go get policy configuration. This VPN can now be VPN 0—the transport; VPN 1—the service; or VPN 2—the management. So, for example, transport, service, and management VPN-related configuration, routing configuration, and so on. We can create device-specific policies in policy from here (for example, QS, ACL, port mirroring policy, and so on). Or the policy can come via the VA in terms of global policy.

So you may have global data policies that the device will download. So these are the configurations available inside the box: system-wide configuration, VPN-wide configuration, and policy. Aside from that, there are only a few minor items inside. Let me highlight all those things. So here you can see that you have system-wide configuration and VPN-wide configuration. Inside that, you have interface routing configuration and, again, service-side VPN configuration. You have management and policy in place. In policy, you can have a global data policy that will come from a smart edge device.

So, how do you go about configuring this? It's straightforward; you can go and configure via the CLI as well, but that should be in unmanaged mode. You have the option if you're going to configure via the GUI. Either you can do the configuration via the CLI template or you can do the configuration via the feature template like Cisco. Go to the confederate. You are in global configuration mode. type "system," give the system-related command, and exit from here. type "VPN," give the VPN commands, and etcetera.

You can continue in the same manner as CLI, but because this is SD-One fabric, everyone is referring to the fact that you should use V manage templates and that your device should be managed by We manage. So, in terms of managing system-wide configuration, these tasks will be completed later. What are the parameters you have hostname GPS clock, AAA logging, Case OMPS, and NMP security are now cool, and the majority of what you see here is good.

So we can refer to these things as an object and a group of objects in the SDN solution. So this object is nothing but a feature. And if you group certain features, such as AAA, SNMP, and OMP, you will be able to configure and attach all of these features within a single configuration that will be your device feature template. So we'll see later on that for all these options, all these variants or parameters, we can create one template that we can then call inside any number of device feature templates, and that's the reusability as well. So not only are you creating the object, but you can reuse it, and that's the true power of the stone solution.

Similarly, we can create objects for VPN zeroVPN interfaces and management management interfaces and then call them from within the main function. Now, how does VPN 0 look from the command line or even in the GUI? You'll also get the GUI options, such as the options you want to check and the option to put some value inside the options you'll get. But to understand the configuration and how it is working behind the scenes, we should also understand the CLI equivalence as well. So, once we're inside the VPN, I can go inside the interface, give it the name channel interface, and assign it an IP address.

Tunnel interface inside channel interface: what features have I allowed services to use? Bind, carrier color, so we know that we should give the T lock information: what is the system IP, what is the color, what is the encapsulation? So I can give you these things in addition to encapsulation, and you can see that my preferences and weight are very similar to BGP preferences. Higher is better, just as higher is better for weight.

So I can give one tunnel towards Vs. Smart preference over another while assigning a higher preference and a higher weight value. Then, if you want to exclude certain controller groups, this controller group is nothing but group V Smart.

So what you can do is suppose if you have VsSmarts, you can create group number one, and three VsSmarts are part of group number one. Then you have another group that is group number two. March is part of group number two. You can also use the exclude command if this V edge does not want to be connected to this group of Vs Smart. As a last resort for a low bandwidth link with maximum control over the connection, we can set the hello interval tolerance and time.

Again, if you want to limit the number of control connections to the Vs Smart, we mean the Vs Smart whenever we talk about control. So you can limit the number of control connections. If I give max control connection 1, this guy will form only one control connection with the Vs Smart Networks interval porthop we want as a stand-alone server. We manage connection preferences. As you can see, there are numerous options, each with their own set of applications. For example, we manage connection preferences. If you have two transports (MPLS and internet) and one of them is referred to by the one we manage, By default, the load will be five; the range is one to eight; higher is better.

Assume that your control connection from your Vedge to V Manage is via MPLS. By default, the weight will be five. And if you want that control connection using the internet, you can give a number other than five, maybe six, seven, or eight. So you will find that you have an active connection in this direction. Obviously, this connection will not fail; rather, it will serve as a backup.

If there is a problem with this connection, the backup connection will automatically reconnect. So that's why we are using this command to manage connection preferences. So you'll enter tenlinterface and then the color, for example, MPLS. And if you give weight, either lower the weight below five or give six, indicating that the V edge will either follow MPLS or prefer MPL to reach and manage. That's the meaning of this. All right. So we can stop here, and in the next section we'll discuss more about the template, its structure, and its use case.

Prepaway's 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) video training course for passing certification exams is the only solution which you need.