Build the model like this:
– Image uses 19.2.31 (should not use 19.2.0 or it will fail)
It can be downloaded at the following address:
– RAM consumes about 25-30 GB of RAM
– CPU uses e2650v2
Responsibilities of the above components (controllers):
>> Management: Management interface type that allows monitoring other components, creating policies, configurations, and then pushing them to the rest of the devices
>> Weibond: Acts as an authentication bridge to help WAN routers (wan edge) join the sdwan network
>> Westmart: Control and distribute routes between WAN routers (similar to the role of Route Reflector in BGP), for example, from router WAN1 to router WAN, service X takes this route, and if service Y takes that route.
Once the IPs are set to ping between the controllers, we will create a certificate for each device and then push them to vmanage to install the certificate.
The purpose is to let the components shake hands believe each other before exchanging information.
On Vmanage, declare the basic configuration:
On Vbond, declare the basic configuration:
On Vsmart, declare the basic configuration:
============ Create certificate on device and install it on VMANAGE ========
This part is a bit confusing, if you are doing it for the first time, copy and paste the command to bring the device online first and understand it later.
Create a CA certificate (certificate authority) on Vmanage:
Go to the cli screen and enter:
Access vmanage Web GUI from PC_MGMT
Log in and go to Admin (avatar) > Settings
Edit the declared name and vBond entry:
then find the section Controller Certificate Authority and paste it as follows:
Next, each Vmanage, Vbond and Vsmart device needs to create a CSR file and then transfer the CSR file to the CA (certificate authority) to sign and create the certificate file.
Here I will use Vmanage as the CA (there are instructions online to use a Linux or Windows computer as the CA to achieve the same purpose)
On Vmanage’s website:
Create Vmanage CSR file:
Go to vmanage’s CLI and create the certificate vmanage1.crt From the newly created CSR file:
Go to vmanage website and install the newly created certificate
Complete the Vmanage Certificates section
Create Vbond’s CSR file:
On the vmanage website: Go to Configuration > Devices > Controllers as shown
Click Add Controller > Vbond
Enter the vbond IP and initially set the username and password:
After the above steps, we will get the CSR file of vbond.
Return to vbond cli and enter:
Go to the vmanage cli and sign the CSR file to create a certificate for vbond:
Enter the vmanage website:
Click Install and finish.
Next to VSMART:
Enter the vmanage website and add vsmart.
Fill in vsmart’s IP, username, and ssh password (similar to vbond above)
After that, we created a CSR file on vsmart.
Return to vsmart cli:
Download and install the CA certificate (vmanage)
Upload the CSR file to vmanage for signing
Go to vmanage cli:
Enter the vmanage website and install the newly created certificate:
Go to Wheel Image>Device>Controller
View the device as follows:
Go to Wheels > Certificates > Controllers: to see the full list of 3 controllers, you’re good to go.
Go to vmanage cli
vManage1# show control connection
I saw that vbond and vsmart both appeared.
Similar to vbond: