cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2055
Views
0
Helpful
12
Replies

SD-WAN without DHCP and other questions

xen0blue
Level 1
Level 1

Hi, I am learning about Cisco SD-WAN and I noticed the only way it seems possible to generate a serial number file from a router is by enabling DHCP on an interface and connecting it to the internet through that interface. But what if you don't have a DHCP internet connection? What if, say, the router uses MPLS with a statically assigned IP address and has no access to a DHCP internet address? How is it possible to talk to the Cisco servers in order to generate a serial number file on the PNP portal without a unique IP (this is assuming the IP going to the internet from the MPLS is PAT'd with hundreds of other internet-bound IPs?) Is it possible to add a device to vManage without involving the internet or the PnP portal?

 

Also, (and this is a somewhat unrelated question), what if you have a DHCP internet connection (which you've successfully set up) on one interface and an MPLS on the other interface? How does SD-WAN know how a MPLS interface running BGP is supposed to be setup? And how does SD-WAN operate over MPLS?

 

Third question, and my final one- what is the difference between the vpn 0, vpn 512, and service VPN?

12 Replies 12

daniel.dib
Level 7
Level 7

I'm not sure I follow all your questions but I'll try to answer.

 

If you have cloud-hosted controllers, you need internet access. Even if you don't have it at the branch, the router must be able to reach the controllers somehow, for example by following a default route to a DC and exiting towards the internet there. It's also possible to have controllers on-premises.

 

I'm not sure what you mean with your question around PATed IP addresses and the PNP portal. The PNP portal is mainly used for generating the serial file to upload to vManage and to do Zero Touch Provisioning. I don't see any conflict here but maybe you can explain more.

 

How to configure BGP and how to run SD-WAN router on MPLS, this is up to you to configure. You would create a template with BGP in the transport VPN (VPN 0). The router can form tunnels both over MPLS and internet.

 

VPN 0 is the transport VPN, that's where you put your interfaces towards the service providers. VPN 512 is for Out of Band management, that is, a way of reaching device if your in-band management is not available. This would require extra connectivity though, such as another transport connected to say a firewall that you can reach over an IPSec tunnel. A service VPN is the VPNs you have facing the LANs. It's where you would put your subnets being used at the branch. A VPN is equivalent to a VRF.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Daniel, I was under the assumption (from a previous video I watched) that a DHCP internet connection was necessary to get the serial file from the PnP portal. My understanding is when you bring up a router with a SD-WAN image, it sends the serial and other info to the PnP portal (including public IP address). Then you log into the PNP portal and the serial number is there waiting for you. Is there another way to get the serial file without going through the PNP portal? It sounds like i'm mistaken.

 

 

afroze
Cisco Employee
Cisco Employee

Device on boarding on MPLS with Static IP is supported on XE SD-WAN devices. Upon bootup, XE SD-WAN router will search bootflash: or usbflash: for filename ciscosdwan.cfg (case sensitive). Config file includes basic interface configuration, Root CA, Organization Name, vBond information, etc. Router has all required information to connect to vBond

 

Now that the router has already a configuration, hence PnP process is bypassed. The router establishes a transient connection to the vBond orchestrator and sends its chassis ID and serial number

 

The vBond orchestrator uses these two numbers to verify the router. The vBond orchestrator then sends the IP address of the vManage NMS to the router. Then normal process- WAN edge router connects to vManage and vSmart

It's competely possible to bring up the SD-WAN manually without internet connection. As you are learning, I would recommend to have a look at the free training videos below which covers complete manual bring up of SD-WAN devices vManage, vSmart, vBond, vEdge and cEdge with enterprise root-ca.
https://learnedze.com/free-cisco-sd-wan-training/

Thanks,
Srikanth

Hi Srikanth, as you are the course instructor of that learnedze.com course you linked, how do I get access to the PODs and the course guide? I don't see anywhere to download the PDF course guide file in the video.

That's available on paid courses and lab rentals only. Reach out to sales@learnedze.com for more info instead of discussing here.

 

Thanks,

Srikanth

Srikanth, i'm going through your videos right now and it jumps right from the 'review of sd wan controller bring-up' video to the part that tells you to upload the WAN edge list, and shows you uploading the WAN edge list but it doesn't tell you where you got it from? Did you get it from the PNP portal? Is the PNP portal the only place from where to get the WAN edge list file?

xen0blue
Level 1
Level 1

I guess what i'm asking is, do you HAVE to get the serial file from the PNP portal if not using the sync smart account? So the only ways to get the serial file is through the PNP portal or smart sync account?

Yes. You get it from the PNP portal which is where you have your Smart Account.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Yes, from the PnP portal. You need to have a virtual account under the smart account.

 

Thanks,

Srikanth

Hi Skrikanth, I have 2 more questions:

 

1) on the first troubleshooting video, you mention you must disable the control connection for the MPLS links- why is that? Is it because you can only have one interface doing control connections per device?

2) how do you configure BGP for the MPLS? It's not mentioned in your videos

Hi Xen,

 

 I am not sure we can discuss more on the vendor related topics as this is not a forum for that. Pls contact LearnEdze support directly from the LMS portal.

 

Thanks,

Srikanth

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco