10-25-2021 09:05 AM - edited 02-27-2024 01:48 PM
To successfully provision a Cisco uCPE device in remote site with internet connection.
Note : Please refer NFV Configuration Workflow New "Guided workflow" approach based on configuration group for configuration and management of ENCS and Catalyst UCPE platforms.
Minimum software release requirements.
-ENCS platform with NFVIS 4.6.1 release.
-vManage 20.6.1 release.
This document is expected to complement SD-Branch Design and Deployment Guide
Also reference
Typical virtual branch deployment requires authorized list of devices and image packages for the services to be deployed. Also, VNF service images must be made available in vmanage image repository.
Create the device list in Smart Account and make it available in vManage
When the ENCS devices are ordered with controller mode, Cisco Manufacturing will populate the devices in the smart account. Often, for demos/POC, the following manual approach is required.
1. Access the ENCS through console, change the default password Admin123# to a secure password that meets the password policy requirement. Login to get the device's Serial Number and SUDI Certificate, used in the next step. To do so, follow the example below.login as: admin admin@10.29.43.81's password: xxxxxxxx Cisco Network Function Virtualization Infrastructure Software (NFVIS) NFVIS Version: 4.6.1-FC1 Copyright (c) 2015-2021 by Cisco Systems, Inc. Cisco, Cisco Systems, and Cisco Systems logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under third party license agreements. Certain components of this software are licensed under the GNU GPL 2.0, GPL 3.0, LGPL 2.1, LGPL 3.0 and AGPL 3.0. admin connected from 10.24.34.130 using ssh on nfvis nfvis# support show chassis Product Name : ENCS5412/K9 Chassis Serial Num : FGL214381Z5 Certificate Serial Num : 1FBF965 nfvis#
1. Navigate to software.cisco.com
2. Scroll down to the Smart Licensing section.
3. Under Network Plug and Play, click on Manage devices.
6. Click on Identify Device.
7. Enter Serial Number, select Base PID (ENCS) from the drop-down menu and add Controller Profile (VIPTELA-CLOUD-HOSTED-PROFILE) from the drop-down menu. Click Save and advance to the next step by clicking Next.
8. Verify the entered information and click Next. Advance to the next step by clicking Submit.
9. If the device is added correctly, you should see a success message. Click on Done to add the device.
10. You will be redirected to the initial PnP Connect Devices page. You should be able to see the newly added device listed with the Pending (Redirection) status.
1. Log in to vManage.
2. Navigate to the Hamburger Menu, go to Configuration > Devices.
3. Click on Sync Smart Account. When prompted, enter CEC Credentials.
4. Refresh the Smart Account Device Sync Service page to see the status of the sync. The Success message will appear in the Status box.
5. After the device has been successfully added to vManage, you should see the ENCS54xx in the Devices list.
Note: If you still don't see the ENCS54xx Gateway in the Devices list, try syncing the smart account one more time.
6. The device will reach out to the Plug and Play Connect portal to receive the controller information. Do not interrupt the PnP boot-up process or the redirection to controllers will fail.
7. Select your device from the Available Devices window and move it to the Selected Devices section. Click on Attach.
This chapter is to describe how to get the VNF packages for vBranch and modify/re-package if needed and then upload into vManage.
Currently the legacy VNF package posted in CCO links cannot be used due to format incompatible.
Please find Cisco supported VNF package at https://software.cisco.com/download/home/286308649/type/286327969/release/17.03.03
For third party VNF, please download the scaffold packages at https://software.cisco.com/download/home/286308693/type/286327978/release/4.4.1
CCO golden vBranch VNF packages for SDWAN routers such as C8000v, ISRv and vEdge have day0 configuration with the following network mapping which match to vBranch pre-defined 5 topologies in Network Design.
Below is the pre-defined default network mapping for SDWAN routers.
If want to change day0 configuration in cloudinit bootstrap file, users can follow the steps below to repackage.
This chapter shows how to create circuit in vManage Network Design flow.
This chapter is to show how to create branch for ENCS-5400 device-model in vManage Network Design flow.
Note: This discovered segment(s) are automatically detected from existing SDWAN setup. Selecting segment(s) here is only providing a logic view from topology and WILL NOT configure any VPN in NFVIS/ENCS.
This chapter is to show how to configure branch site for network design template for ENCS-5400 device-model.
Review the service again
We can see that the default topology has connected the Router to only one WAN provider on GE0-0-SRIOV-1
system settings default-gw {{bizInt-gw}}
system:system settings name-server {{nameserver-ip}}
system:system routes route 10.255.254.0 24 gateway {{mgmt-gw}}
!
vpn 0
interface int-mgmt-net-br
no shutdown
tunnel-interface
vmanage-connection-preference 8
color bronze
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
encapsulation ipsec
!
!
single-ip-mode vm-name deployment-ROUTER.deployment-ROUTER
!
Below are the validated features for add-on CLI configuration.
Boot-up time |
vm_lifecycle tenants tenant admindeployments deployment deployment-ROUTER_1 vm_group deployment-ROUTER_1 bootup_time 600 |
PNIC tracking |
pnic GE0-0 track-state ROUTER_1 1 |
ACL |
system settings ip-receive-acl 0.0.0.0/0service [ scpd ]action acceptpriority 0 ! system settings ip-receive-acl 10.31.40.24/32service [ scpd ]action acceptpriority 5 ! |
Static route |
system routes route 102.0.0.0 24gateway 192.168.0.2
|
TACACS |
aaa authentication tacacstacacs-server host 172.19.156.179key 7encrypted-shared-secret cisco123admin-priv 15oper-priv 14 !
|
Banner |
banner-motd banner "Banner for vBranch" |
Message of the Day (MOTD) |
banner-motd motd "MOTD for vBranch" |
SNMP |
nfvis-snmp:snmp enable traps linkUp nfvis-snmp:snmp enable traps linkDown nfvis-snmp:snmp community test snmpcommunity-access readOnly ! nfvis-snmp:snmp group snmpgroupv1 snmp 1 noAuthNoPrivread testwrite testnotify test ! nfvis-snmp:snmp group snmpgroupv2 snmp 2 noAuthNoPrivread testwrite testnotify test ! nfvis-snmp:snmp group snmpgroupv3 snmp 3 authPrivread testwrite testnotify test ! nfvis-snmp:snmp user testerv1user-version 1user-group snmpgroupv1 ! nfvis-snmp:snmp user testerv2user-version 2user-group snmpgroupv2 ! nfvis-snmp:snmp user testerv3user-version 3user-group snmpgroupv3auth-protocol sha passphrase cisco123priv-protocol aes passphrase cisco123 ! nfvis-snmp:snmp host SNMP-SERVER-57host-port 161host-ip-address 172.19.149.57host-version 3host-security-level authPrivhost-user-name testerv3 ! nfvis-snmp:snmp host SNMP-SERVER-179host-port 161host-ip-address 172.19.156.179host-version 1host-security-level noAuthNoPrivhost-user-name testerv1 ! nfvis-snmp:snmp host SNMP-SERVER-229host-port 161host-ip-address 172.25.221.229host-version 2host-security-level noAuthNoPrivhost-user-name testerv2 !
|
Default gateway |
system settings default-gw 172.25.217.1 |
ENCS switch configurations: port-channel, track-state, speed, duplex and QoS |
switchinterface gigabitEthernet1/0track-state ISRv 3 ! interface gigabitEthernet1/1speed 100duplex full ! interface gigabitEthernet1/2channel-group 1 mode auto ! interface gigabitEthernet1/3channel-group 1 mode auto!interface gigabitEthernet1/4qos cos 3 ! interface port-channel1spanning-tree mst 1 cost 200000000spanning-tree mst 2 cost 200000000switchport mode trunkno switchport trunk allowedswitchport trunk allowed vlan vlan-range 100,126-128!qos port ports-trustedqos trust cos-dscpspanning-tree mode mstspanning-tree mst 2 priority 61440spanning-tree mst configurationname mst_LANinstance 1 vlan 996-998instance 2 vlan 100,126-128! |
Single IP Address Sharing between NFVIS and the Router VM |
single-ip-mode vm-name deployment-ROUTER_1. deployment-ROUTER_1
|
Important Note:
Only Cisco AAA, Cisco NTP and Cisco Logging under CEDGE section are supported for NFVIS/ENCS device. Please DO NOT configure for other options in the pull-down menu.
This is also applicable to cEdge system.
Open vManage UI and goto “Configuration” -> “Network Design” -> click “Manage Network Design” -> click “Global Parameters” -> in pull-down menu, goto “CEDGE” section
Attach devices to a design template and drive deploy services
This chapter is to show how to create network design template for ENCS-5400 device-model in vManage Network Design flow.
In the pop-up window on the left panel “Available Devices”, highlight and select device(s) -> click arrow button and move to right panel “Selected Devices” -> click “Attach”
DONE. vBranch workflow is complete and branch service is running.
Manage and Monitor device
This chapter is to show how to create network design template for ENCS-5400 device-model in vManage Network Design flow.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: