As configured in the previous post , the vEdge routers have been manually configured in a traditional way. This is fine, but it means that the vManage server cannot manage the configuration. In order to use SD-WAN as intended, the configuration should be created on the vManage. To do this, templates are used. The first step is to configure a template that has the current config present.
Below, I have created a number of templates that match the running configuration.
Instead of creating a full guide on how I did this, it is easier to watch this full guide on YouTube .
Before the vEdge routers have been configured.
I will start with attaching vEdge Office 1
Edit the device template
In this page are the variables for each vEdge router. It’s OK, for a few, better than configuration for each and every device, but still not automated.
The next page contains the output of the intended configuration. It is not applied, or checked if it will work, just if the basic syntax is correct.
The template output is pretty much what is on the original manual configuration. The main thing here is that we do not lose connectivity to the router. The vBond has been changed to use the IP and not the DNS name, which is not important.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
//Template configuration
viptela - system : system
device - model vedge - cloud
host - name vedge_office1
system - ip 4.1.1.1
site - id 41
admin - tech - on - failure
no route - consistency - check
sp - organization - name "Networking Lab"
organization - name "Networking Lab"
vbond 172.16.1.11
aaa
auth - order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $ 6 $ siwKBQ == $ wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv / whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1
!
!
logging
disk
enable
!
!
no cft - enable
no cft - cache - enable
no anchor - wan - tunnel - pkts
!
omp
no shutdown
graceful - restart
advertise connected
advertise static
!
security
ipsec
authentication - type sha1 - hmac ah - sha1 - hmac
!
!
vpn 0
name TRANSPORT
interface ge0 / 0
ip address 192.168.1.21 / 24
tunnel - interface
encapsulation ipsec
color biz - internet
allow - service all
no allow - service bgp
allow - service dhcp
allow - service dns
allow - service icmp
allow - service sshd
allow - service netconf
no allow - service ntp
no allow - service ospf
no allow - service stun
allow - service https
!
no shutdown
!
ip route 0.0.0.0 / 0 192.168.1.1
!
vpn 512
name MGMT
interface eth0
ip dhcp - client
no shutdown
!
!
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
//Manual Configuration
system
host - name vedge
system - ip 4.1.1.1
site - id 1
admin - tech - on - failure
no route - consistency - check
organization - name "Networking Lab"
vbond vbond . networkinglab . xyz
aaa
auth - order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $ 6 $ ci7yLMYogix1T76V $ 8w7e2R5kZsqVZytm.6rJE6xjuIuRCq92S42TxCFzpT0zw / iIUfew3PLa6H0BG / txHyYcw6oE1OZb70xt5YNAS /
!
!
logging
disk
enable
!
!
no cft - enable
no cft - cache - enable
no anchor - wan - tunnel - pkts
!
omp
no shutdown
graceful - restart
advertise connected
advertise static
!
security
ipsec
authentication - type ah - sha1 - hmac sha1 - hmac
!
!
vpn 0
dns 172.16.1.1 primary
interface ge0 / 0
ip address 192.168.1.21 / 24
ipv6 dhcp - client
tunnel - interface
encapsulation ipsec
no allow - service bgp
allow - service dhcp
allow - service dns
allow - service icmp
no allow - service sshd
no allow - service netconf
no allow - service ntp
no allow - service ospf
no allow - service stun
allow - service https
!
no shutdown
!
ip route 0.0.0.0 / 0 192.168.1.1
!
vpn 512
interface eth0
ip dhcp - client
no shutdown
!
!
Now I can see in the device list that the push was a success. The device is managed by vManage and has the template assigned.
Repeating the process for the remaining two vEdge routers.
