*************************** Section 6 *************************** ==================== Lab 1 ==================== ++++++++++++++++++++ vEDGE-HQ-1 ++++++++++++++++++++ ----------------- Task 1 ----------------- system host-name vEdge-HQ-1 system-ip 10.2.2.201 site-id 1 organization-name KBITS clock timezone Asia/Dubai vbond 199.1.1.3 commit ----------------- Task 2 ----------------- vpn 0 interface ge0/0 ip address 192.168.111.1/24 tunnel-interface encapsulation ipsec color biz-internet allow-service all allow-service sshd allow-service netconf ! no shutdown ! ip route 0.0.0.0/0 192.168.111.254 commit ----------------- Task 3 ----------------- -> Use the WINSCP application to transfer the Root Certicate for the Enterprise Server to vEdge-HQ-1 using the following: - IP Address: 192.168.111.1 - Protocol - SFTP - Username: admin - Password: admin ----------------- Task 4 ----------------- request root-cert-chain install /home/admin/RootCert.cer ----------------- Task 5 ----------------- request vedge-cloud activate chassis 5db60d5d-d52c-94cf-a29e-baa9cb2e4bba token fbc3a5d59613fb31a8938013f3c1828e ++++++++++++++++++++ vEDGE-BR-1 ++++++++++++++++++++ ----------------- Task 1 ----------------- system host-name vEDGE-BR-1 system-ip 10.2.2.211 site-id 11 organization-name KBITS clock timezone Asia/Dubai vbond 199.1.1.3 commit ----------------- Task 2 ----------------- vpn 0 interface ge0/0 ip address 192.168.101.11/24 tunnel-interface encapsulation ipsec color biz-internet allow-service all allow-service sshd allow-service netconf ! no shutdown ! ip route 0.0.0.0/0 192.168.101.2 commit ----------------- Task 3 ----------------- -> Use the WINSCP application to transfer the Root Certicate for the Enterprise Server to vEdge-HQ-1 using the following: - IP Address: 192.168.101.11 - Protocol - SFTP - Username: admin - Password: admin ----------------- Task 4 ----------------- request root-cert-chain install /home/admin/RootCert.cer ----------------- Task 5 ----------------- request vedge-cloud activate chassis 1763cbc9-60e4-4278-8b26-697e0c959561 token 0815bd4bfe36f0ae2ec098803b20019d ++++++++++++++++++++ vEDGE-BR-2 ++++++++++++++++++++ ----------------- Task 1 ----------------- system host-name vEDGE-BR-2 system-ip 10.2.2.212 site-id 12 organization-name KBITS clock timezone Asia/Dubai vbond 199.1.1.3 commit ----------------- Task 2 ----------------- vpn 0 interface ge0/0 ip address 192.168.102.12/24 tunnel-interface encapsulation ipsec color biz-internet allow-service all allow-service sshd allow-service netconf ! no shutdown ! ip route 0.0.0.0/0 192.168.102.3 commit ----------------- Task 3 ----------------- -> Use the WINSCP application to transfer the Root Certicate for the Enterprise Server to vEdge-HQ-1 using the following: - IP Address: 192.168.102.12 - Protocol - SFTP - Username: admin - Password: admin ----------------- Task 4 ----------------- request root-cert-chain install /home/admin/RootCert.cer ----------------- Task 5 ----------------- request vedge-cloud activate chassis f896e332-db0a-c79f-b091-7fa321f2cc6d token 6ae02e16934920b5ac9f7b81d4678029 ++++++++++++++++++++ vEDGE-BR-3 ++++++++++++++++++++ ----------------- Task 1 ----------------- system host-name vEDGE-BR-3 system-ip 10.2.2.213 site-id 13 organization-name KBITS clock timezone Asia/Dubai vbond 199.1.1.3 commit ----------------- Task 2 ----------------- vpn 0 interface ge0/0 ip address 192.168.103.13/24 tunnel-interface encapsulation ipsec color biz-internet allow-service all allow-service sshd allow-service netconf ! no shutdown ! ip route 0.0.0.0/0 192.168.103.4 commit ----------------- Task 3 ----------------- -> Use the WINSCP application to transfer the Root Certicate for the Enterprise Server to vEdge-HQ-1 using the following: - IP Address: 192.168.103.13 - Protocol - SFTP - Username: admin - Password: admin ----------------- Task 4 ----------------- request root-cert-chain install /home/admin/RootCert.cer ----------------- Task 5 ----------------- request vedge-cloud activate chassis 1f12bf44-3c44-d901-184b-823a108c873a token 500b7f5057a328dacc97db8062fcc820 ==================== Lab 2 ==================== +++++++++++++++++++++++++++++++++++++++++++ Feature Template Creation +++++++++++++++++++++++++++++++++++++++++++ =============================== System Template =============================== -------- Task 1 -------- Configuration -> Templates -> Feature Templates -> Add - Template Name: VE-System - Description: VE-System - Site ID -> Device Specific - System IP ->Device Specific - Hostname -> Device Specific - Timezone -> Device Specific - Console Baud Rate -> Default =============================== VPN 0 =============================== --------------- Task 1 - VPN 0 --------------- Configuration -> Templates -> Feature Templates -> Add - Template Name: VE-VPN-VPN0 - Description: VE-VPN-VPN0 Basic Configuration - VPN -> Global: 0 - Name -> Global: Transport VPN IPv4 Route - Prefix -> Global: 0.0.0.0/0 - Next Hop -> Device Specific [DEF-GW] -------------------------------- Task 2 - VPN Interface ge0/0 -------------------------------- - Template Name: VE-VPNINT-VPN0-G0 - Description: VE-VPNINT-VPN0-G0 Basic Configuration - Shutdown -> Global: No - Interface Name -> Global: ge0/0 - IPv4 Address -> Static -> Device Specific [G0] Tunnel - Tunnel Inteface -> Global: On - Color -> Global: mpls Allow Service - BGP -> Global: On - NETCONF -> Global: On - SSH -> Global: On -------------------------------- Task 3 - VPN Interface ge0/1 -------------------------------- - Template Name: VE-VPNINT-VPN0-G1 - Description: VE-VPNINT-VPN0-G1 Basic Configuration - Shutdown -> Global: No - Interface Name -> Global: ge0/1 - IPv4 Address -> Static -> Device Specific [G1] Tunnel - Tunnel Inteface -> Global: On - Color -> Global: biz-internet Allow Service - NETCONF -> Global: On - SSH -> Global: On -------------------------------- Task 4 - BGP -------------------------------- - Template Name: VE-BGP-VPN0 - Description: VE-BGP-VPN0 Basic Configuration - Shutdown -> Global: No - AS Number -> Device Specific: [ASN] Neighbor - Address -> Device Specific: [BGP-PEER] - Remote AS -> Device Specific: [REMOTE-AS] =============================== VPN 512 =============================== ------------------ Task 1 - VPN 512 ------------------ - Template Name: VE-VPN-VPN512 - Description: VE-VPN-VPN512 Basic Configuration - VPN -> Global: 512 - Name -> Global: MGMT VPN -------------------------------- Task 2 - VPN Interface eth0 -------------------------------- - Template Name: VE-VPNINT-VPN512-E0 - Description: VE-VPNINT-VPN512-E0 Basic Configuration - Shutdown -> Global: No - Interface Name -> Global: eth0 - IPv4 Address -> Dynamic =============================== VPN 10 =============================== ------------------ Task 1 - VPN 10 ------------------ - Template Name: VE-VPN-VPN10 - Description: VE-VPN-VPN10 Basic Configuration - VPN -> Global: 10 -------------------------------- Task 2 - VPN Interface ge0/2 -------------------------------- - Template Name: VE-VPNINT-VPN10-G2 - Description: BR-VE-VPNINT-VPN10-G2 Basic Configuration - Shutdown -> Global: No - Interface Name -> Global: ge0/2 - IPv4 Address -> Static -> Device Specific [G2] -------------------------------- Task 3 - OSPF -------------------------------- - Template Name: VE-OSPF-VPN10 - Description: VE-OSPF-VPN10 Redistribution - Protocol: OMP Area Configuration - Area Number -> Global: 0 - Area Type -> Default Interface Configuration - Interface Name: ge0/2 +++++++++++++++++++++++++++++++++++++++++++ Device Template Creation +++++++++++++++++++++++++++++++++++++++++++ - Template Name: VE-DEV-TEMP - Description: VE-DEV-TEMP Basic Information - System -> VE-System Transport & Management - VPN 0: VE-VPN-VPN0 - VPN Interface: VE-VPNINT-VPN0-G0 - VPN Interface: VE-VPNINT-VPN0-G1 - BGP: VE-BGP-VPN0 - VPN 512: VE-VPN-VPN512 - VPN Interface: VE-VPNINT-VPN512-E0 Service VPN - VPN 10: VE-VPN-VPN10 - VPN Interface: VE-VPNINT-VPN10-G2 - OSPF: VE-OSPF-VPN10 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -> Attach all the vEdges to the Device Template created in the previous task -> Specify the paramenters based on requirements in the question +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++ Router Configuration on Internal Routers +++++++++++++++++++++++++++++++++++++++++++ ----------------- BR1-R1 ----------------- router ospf 1 network 172.16.0.0 0.0.255.255 area 0 ----------------- BR2-R1 ----------------- router ospf 1 network 172.16.0.0 0.0.255.255 area 0 ----------------- BR3-R1 ----------------- router ospf 1 network 172.16.0.0 0.0.255.255 area 0