300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course
300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course includes 89 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Training Video Course.
Curriculum for Cisco CCNP Enterprise 300-415 Certification Video Training Course
300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course Info:
The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI) Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.
Let us discuss the entire workflow. So while we are going to deploy, what are the steps we have to follow? Now you can see the control plane bring up the step from step number one to nine, step number one to three. It indicates that you install the operating system or software over a hypervisor. So install the hypervisor and all the software over the hypervisor, such as KBM or ESXi, that instals the image for Vanish. We want to have smart and edge devices; if you have the virtual edge devices, install them. The second thing we should do is perform the bare minimum configuration for my V-manage V-bond via smart. In the next slide, we'll see that you should do the minimum configuration for your devices as well. You should do IP routing configuration between the devices, and then we have steps number eight and nine that are a little bit tricky. We'll see later that you have to generate the CSR for each of the controllers, and then we have multiple options for generating the permanent file from that CSR and then installing those permanent certificates from the ones we manage for all of the control plane devices, correct? So generate the CSR certificate signing request. From there you can have your own CS server oryou may have your enterprise CS server or you canuse Cisco a CA server to create this permanent file. You can install it manually, but we have automation as well. The Miss Automated option is also there. Once we have these control plane devices up and running, we should do the minimum configuration for S devices. S devices will do the authentication, obviously, if it is hardware inside the TPM chip. All the RSA keys are preloaded. They will try to make contact with the VW. One will authenticate by bypass. Then it will send that IP of say for examplewe want will give the IP for we manage andthe V smart then they will meet the edge devicewill form the connection with the we manage via smartand the V bond connection will clear down. That will be the process. Once your control plane and data plane are up and running, you can go and do the optimization, which means you can put various types of policies and other stuff. Either we can create the policy and push it, or we can do it where the local policy changes as well. What is the complete overall workflow? Now we are in the network; now we are in the SDWAN type of network, where planning and designing are required. Now we have actual planning and 20% implementation. So if a network is something that we are going to operate or design, obviously we are going to operate. If the designing is good, operation becometroubleshooting, become easy, operation become easy, etcetera. All right, so what are the steps? You can plan the network and lay out your overlay network. See the components of the solution. Obviously, identify the type of hardware, the amount of throughput, the level of security, the level of optimization, the scalability, the amount of routing, and so on. on top of whatever final design you have. OK, so for example, I'll give you a use case. You have your existing van. You want to migrate to the SDWAN. So obviously, you should create the migration document. Once you have the migration documents, then piece bypiece by piece by piece you will migrate. Once you have complete SDWAN solution,then you can optimize, correct? So now you can see whether it's a greenfield deployment or a brownfield deployment, or maybe a migration. Then you should write it down on paper. As seen on paper, create the device configuration that implements the desired architecture and functionality. See the software documents for your software release. So what features do you want? You inspect the software release as well as the licence file or licence document. Then, with your CCO account, download the images. Once you download the image, the first thing is to deploy the V-Mesh and the control plane devices. So we manage here, and you can see whether you have cloud or you have on-prem to create a Vmanage VM instance either over ESXi or KVM and create a minimum configuration. And that's the thing we have already discussed earlier.All the nine steps that install or deploy over KVM Create the minimum configuration, do the intercontroller connectivity or routing, then do the certification. Add all the weeds we manage to the vanished cluster. At this point of time we should think thatthese V manage cluster that we are creating, howmany members we have inside the cluster first thing. Second thing: what type of cluster do I have? Do I have active standby cluster means I have cluster atDC one, I have cluster at DC two or DCPR. So we have to design. We have to plan first before doing anything. So we have to create proper designs. Once we have our vanguard install deployed, then we have to add the controllers inside the V manage.So either it's cloud-hosted or we bond. At the moment, we are talking about the on Prem.So whether it's a cloud hosted or the on premleave this cloud hosted at the moment on Prem deployment Create a rebound instance, which means installing over ESXi. Do the minimum configuration, do the baselinerouting configuration over VPN zero as well. Add the rebound orchestrator to the overlay network duringthis process which is like it's I'm going to show you all these steps, so don't worry. At this point in time, we don't need to memorise all these steps. I have all these summary steps that you can follow easily. So for example, these steps are common for installation minimum configuration certification. So, don't worry, these steps are common for us to manage what we want through smart, so don't be concerned. Step number one: install it. Step number two minimum configuration is step numberthree routing step number four certification process. and that's done. We are doing the same thing with the deployment of V Smart. all those steps. Once we complete all those steps, that means our control plane is up and running. So the next step is to implement or deploy the VH. Again, it may be cloud-hosted or it may be hardware. If it is hardware, it's very easy and simple to do the installation here. Also, you have to install the device, then you have to put in the minimum configuration, and then the certification will happen. Now, a good thing about the branch deployment is that we have ZTP zero touch provisioning or we have PNP CTP for web tablet devices and PNP for Cisco, C, and H. So for BH and CS, they have different deployment methods. Or if you want to do it manually, you can do it. But it may take some time to do it manually. So we can go and use GTP or PNP processes to deploy the edge devices. Later on we'll discuss more about GDP and PNP. And here too, your steps are the same. Deploy it. Do the minimum configuration. Do the routing configuration. Install the certificate. So once my control plane and my dataplan are deployed, that means that we are ready and good to do the optimization. All right? So let's stop here.
Let us discuss the hardware requirement and the steps involved in installing the OS over the hypervisor. Now that I have given a link here, you can go and check the requirement in detail, but we know from our previous discussion that the hardware requirement that we have for our VManage is via Smart and V Bond, so let me quickly describe the requirement; it's a little bit different. We know that the vanage with three veniks should be provided for the vanage, but why? One is for VPN zero, or the tunnel interface; one is for VPN five, one, two, and one should be there for interview management communication; that's the cluster link. So, if you want to group the we manage in a cluster, you'll need one more vinc example. Vinik for the message bus, but for the rest of the devices, they don't need three Venik; at minimum, two Venik are required. For example in case of rebond you need to venik,in case of via smart you need to venik butin case of we manage you need three. Other important requirements for VMware that we manage include a database, so you have a database for configuration, statistical data, and so on. So that's why we should have the database ordata store for we manage as well and hereyou can see the list to manage how manydevices, how much data store is required. Now, once you have a data store and you want to install these devices over the hypervisor, you should have the proper account to download the image from Cisco.com's download page. Here is Victoria.com, but now that it has been changed, we should go and download the image from Cisco.com. Once we have the image then over the hypervisor actually it'svery easy to install, you just go log into the hypervisorand then go to the file and click deploy OVA. While deploying this OVA, we should provide the data store. So you have the data store option based on the number of devices that we are going to manage, and here you can see that we should use this thick provisioning layer for high ability, not high availability, but we are fixing this much of a store for my view manager for my database. So this is something like a fixed type of storage or data store. So once we get there, obviously, we can go and create the Venix, and we can map the Veni. Once we have the veni, we can simply log in to the wemanage and inspect the configuration. So, if you want to do automatic band management, you can configure the VPN and five one two interfaces like this, but we'll go over these configurations in greater detail in an upcoming session, and I'll even log into the device and show you step by step how we can do all of this. But you can go and have your Vanage management interface configured. And once you have the We Manage management interface configured, you can go and access it via the GUI with the We Manage IP and the port number. Okay. Once you can log in, then again next ofthe steps, how you're going to proceed, each andeverything I'm going to explain in the upcoming sessions. Okay, so this was the overview. That what specific virtual league or the diskor the Ram or the memory are requiredwhile installing the OS over the compute? And then what will be the steps and the minimum configuration?
From here on, we are going to build the skills—how you are going to do the actual deployment and how you are going to build the configurations and the configuration template. So these videos, these sessions, and the upcoming recordings are actually very important and critical for us to understand the system bring-up and how we are going to build the configuration. Now while you are doing the deployment, you can see that you have a set of steps. So you have these steps to follow here you cansee first of all install all the operating system orinstall all the controllers over either KVM or the hypervisor. So far, we've seen the steps for installing it, such as steps one, two, and three. So for example our lab it is pre configured but we haveseen that you have to go and install all those things. Then do the second thing, which is the minimum configuration related to V Manage Reborn and via Smart. So once you install all the operating systems or controllers over the hypervisor, then you have to do the minimum configuration. Now what does it mean by "minimum configuration"? What exactly is there in the minimum configuration that we have to discuss? After you've completed the bare minimum of configuration, these controllers should be reachable. Among all these devices, you should have good reachability. Then finally, we have to do the certification process. So we should have the CSR certificate from where we are going to generate the Pinfile, and then all those control plane devices should do the mutual authentication with each other. So these are the high-level strips, and we are going to drill down in between them. Now what is the basic configuration? So I have one slide here just for explanation purposes. Let me quickly go and explain you.Now when we are talking about the "basic minimum configuration," what will be inside the "basic minimum configuration"? So let me change the color. Say you should have the system-wide configuration. System wide configuration then you should have VPNwide configuration should have VPN wide configuration. Inside VPN you should have VPN zero, VPN five one twoat the moment the service side VPNs are not mandatory. Those are optional configurations that you can add later on. Then you should have a policy. Now this policy can be local; now this policy can be global. We'll see what it means local policy" and "global policy." But by default, there will be some baseline policy pre configured.So no need to worry, no needto check about those things later on. Obviously, once your system is up and running, you can go and add a number of policies. All right, so we have system-wide configuration and VPN-wide configuration. Now when we are talking about system-wide configuration, what are the things we should have inside the system-wide configuration? So let me go ahead and draw inside system-wide configuration, assuming I have a box for system-wide configuration. I should give the host name; although this is not mandatory, we should give the host name. What are the mandatory things? We should go and give the system an IP, then a site ID, then a rebound IP or the URL. And finally, the organisation name or the organ name. Organization name. You should go and put these things away. Now one by one we are going to discuss about whatis the significance of system IP, site ID point and organ. So let me quickly clean this So for example, the first thing is system IP. What is the significance now? System IP is the IP over the box, and the use of System IP is that it's analogous to Loopback Zero, which is always on, and it is there to form the control connection. So if you go and check the TLS or TLS connection, you'll find that system IP is being used because irrespective of how many interfaces you have, system IP is there to form the channel. That's the one thing. The second very important thing about system IP is that system IP is one of the core components of a transport locator. Remember, a transport locator has three things: IP, color, and encapsulation. So the transport locators are enhanced ornew way of telling next stop. But the system IP is one of the attributes of transport locator, and we know that the use of transport locator is huge. That is yet another thing carried over the overlay management protocol. So here you can see the system IP when we are talking about that. This belongs to T lock, and T lock is one of the attributes or routes within OMP because we know that OMP T lock, so everything is interconnected. The other important thing is the site ID. Now, what is the importance of the site ID? I'm going to make a big statement here: whenever you're creating the policy, remember to use policy as a keyword 100% of the time with respect to site ID. You are always applying the policy with respect to site ID. That is the first time the year second has been used. Generally, we are grouping the devices under the same site ID. If the devices, or if the boxes contain devices, are part of the same site ID, by default they will not form the IP sector. If they are part of different site IDs, for example, site ID 200 and site ID 100, then only they will go and form the IP section. So that's the significance of site ID. Then you have the V bond IP. We know that the bond is there. Let me go back. We know that this thing that we bond over is there to bring up the secure tunnel or the fabric. Now if all the devices they will notreach to V bond or the orchestrator. Obviously V-Bond will not know what is happening inside the fabric, and it's very difficult to do the authentication, so that's why all these devices should have the V-Bond IP or V-Bond URL to reach the VPN, so we want to know who is joining. Who is leaving the network—that is the importance of the V-bond IP—and finally, the organisation name—this is also important. org name is one of the components inside the certificate, so whenever you have certificates, they all have a common organisation name, and according to that, they are doing the authentication, so for example, when you have your V bond and this V bond is authenticating with a V edge device, what this V bond is checking with this particular Vs device is that they are checking the serial number and chassis ID of the edge device, and what this edge device is checking is the serial number and chassis ID of the edge device, and what this edge It is checking the ORG name of the V bond, and later he will check the ORG name of the Vs Mart, then the ORG name of the V Manage, and finally the mutual authentication, so these are the important system-wide basic components. Now here you can see the same thing you have in the system configuration. These five things then you should go and do the VPN configuration and VPN five went to configuration later on. I'll go and explain the configuration inside VPN and five-one-two now we have support for up to 65,000 VPN or VRF so that is how you can do the configuration. I'll explain this configuration but this configuration is simple. It's very similar to Cisco configuration type config. Organization name all those things you can give then you cando the validate it's the keyword or commit check is thekeyword and then you can commit it now it is notrecommended that we should do the configuration via CLI it isrecommended that we should do the configuration or we should doeverything from the we manage with the help of template alrightand then finally you can see the same thing that wehave discussed we have system wide configuration we have VPN wideconfiguration and then we have policy in policy also you'll findthat you have local policy and then you have the globalpolicy.
This video and the six videos that follow will explain everything. That is how you will deploy the control plane devices in this video with the help of CLI. Although we are going to discuss whatever we are going to cover in the upcoming six recordings, So here you can see that there aresteps are that first of all you shouldinstall all these operating system over the compute. Once you do the installation, you need a minimum configuration. You need a VPN configuration in addition to the static route configuration. Once you do that all minimum configuration and therouting configuration you have to go and you haveto add the devices inside the we manage andyou have to complete the certification process. Now in this particular diagram, you can see what portion we are going to do. We are going to focus on the deployment of the control pin devices. So here you can see the V bond. We manage and we are smart, and you can see the IP addresses for these guys. For these guys, these interfaces that you are seeing that are going towards the goal are nothing but VPN zero, and we have one static route, something like an IP route, and that will be the default route pointed towards their gateway. So for Vsmart, the gateway is 2251 for V one, which is six one, and for Vanilla, it is seven one over VPN zero. Anyway, I'll go over VPN zero configuration with you as well. And in the last section, again, the same thing will come. So repetition will be there. We have already discussed the host name system, IP site ID or name, and the V want in order to fully comprehend this configuration. So we're aware of this step. Once we do this step, then step number two is to do the VPN configuration. Remember this VPN configuration that you are seeing here. It's in this order: go to Confty, then go to VPN 0. Then you will move to VPN Zero mode. Then you have to go inside the interface. So, if my internet face is one, I can go ahead and provide the IP address. And then one of the very important keywords we have is tunnel interface. Now if you use this tunnel interface, that means you want to form a DTLs or TLS connection. So we're actually forming the DTLs or TLS connection with the help of this tunnel interface, and then you've allowed service; you'll learn more about this later in the device configuration template. Also, by default, you have some services allowed and some services not allowed. If you have any MTU concerns, I can give them to you. Otherwise, you can leave it at "default" over the VPN zero. We have this IP route statement as well. Now the configuration that you are seeing here will be true for all the controllers. In the rest of the controllers, you'll find that only this IP will change and this gateway will change. Apart from that, here on top, you can see that you have a VPN five-one-two configuration where we are getting an IP higher than that, which will be used as an out-of-band management configuration. So, if you're configuring WEBONDER, you can see the same type of system-wide configuration via Smart. same type of system-wide configuration, only the IPS will get changed. Then again, if you want to configure V Smart, or if you want to configure V1, this is an example with V Smart. Here you can see that IP, and it should give you the IP route that is in the bottom; it's not shown here, but you should go here. And this is again going to be repeated in the lab. So never mind, you can make a note there. Now, once you've done all the baseline configuration, you have to log in to the Vanish dashboard. Inside we manage dashboard. You have to add the Vaunt IP and the odd name. So you can log into the dashboard, and then you can go to the administration. And then you have to go inside the setting. Actually, once you are inside the setting, you should go and give the organisation name and the VPN IP. Once you give the organisation name andVPN IP, next step is to addthe controllers inside the Vanish dashboard. So configuration devices go to the controllers, add the controllers, and we are going to add the controller. So we'll include the rebound and via smart. When we add the Vsmart versus V bond, you will notice a significant difference. Remember, this V bond understands only DTLs. But the Vsmart can understand DTLs or TLS. That's why you have the option here—you can choose DTLs or TLS. So we have options for both. But for Vsmart, I'm sorry, but for Vbond, you have only the DTLs option. You can click here to generate the CSR certificate signing request. Why? Because you want to generate the permanent file from the CSR. So do all the steps with all the controllers. Suppose for vanage, if certificate isnot CSR is not there. Then again, go to the configuration and the certificate and generate the CSR for the ones we manage as well. Now, once you have all the CSR generated, generate the CSR. Once you have all the CSR generated, you should see it at the bottom. On the bottom, you see that you have these options. Add the device means add the device to V manage, add the controller device to the vanage, generate the CSR, and create the permanent file using the CSR. Then upload the certificate. You can see on the top that you have installed the certificate option. Upload the certificate, then they will update the V one automatically. So now here, you can see that we have the CSR. We are going to download the CSR for all the devices, all the control-plane devices. once I download the CSR for all the devices. Then, if I have my local root CA and have downloaded the CSR, I want to generate the PM file from the CSR. I will log in to my local root CA; I will put the CSR there, and my local root CA will generate all the permanent files that I need to download. So the next step is to go and download all the permanent files. Obviously, once I have all of the permanent files, you should install the public key from your CA server to all of the devices. That's the final step we need to take. So here you can see that we are installingwhen you can see in the CLI below aswell that we are installing the public key. Here it's clear we are installing the public key for all the devices from the root CA. Why we are doing this? Because later on when we install thepermanent certificate, the next step is toinstall the permanent certificate to the controller. So you select the controller, click Install certificate, and once you go and click Install certificate, what you will find in the bottom is that the update certificate will have a check mark. The update we want will check mark. So this is a step we have to follow for all the controllers. Let's say we start with VanV Bond and we're clever. And once we've done that, you'll notice that the bottom is all green, all green. That means that if you go to the WeManage dashboard, you will now see counters for the controllers. So you have one for Vs. Smart, one for VBond, and we manage it by default as the local host. That will be the end result later on, when we'll go and add the VS devices, so their counters will also get increased. So these are the steps that we are going to see in the upcoming six videos with explanations. Assume that if you miss something else, you will be able to catch up on all of these steps from there.
Let us do the system-wide configuration. While we are doing system configuration, we need to configure these five things. So we need to configure the host, the system IP, the siteid.org name, and the VM's IP. So let me do all these configurations one by one. Here you can see that all my OBS, they areinstalled and let me show that how I log intoall these OBS because at the moment I have blankconfig or you can say the flat or the defaultconfig that once you boot up the device you willhave your default config and other prerequisite we have thatwe need at least two nick or virtual nicks. So let me show you the description here that I haveone nick say e zero and other is e one. And if I show you therunning config, nothing is configured. Here everything is set to default, even in VPN Zero. I get my IP from the DHCP server at my ISP, and apart from that nothing is configured. Likewise, I can check my V bond because the Vbond OVR and the VH OVR are the same. So at the moment, as you can see, the host name is by default VH. That will change if Ido say show interface description. Also, you can see VPN zero and VPN five one two. Although here it is getting thecorrect type in the correct interface. If I do show it and say VPN five one two, you can see it is getting an IP from DHCP, although here we also have this IP DHCP configuration. So we need to remove this configuration and replace it with ours; it is getting over VPN zero, and I don't have any management interfaces like VPN five one two. So this is a quick way to see how many interfaces you have and what IP addresses they received from the controller or, better yet, the cloud DHCP server. So let me go and configure the V manager. Let's give it a name because, for these system-wide configurations, obviously you have to go inside the system first. Likewise, in Cisco, if you type a question mark, you will get the options, and if you type host, then tab, it will auto-complete the configuration hostname. Let's give say manage one then I can give system IP. So the system IP is 172, 270 five, and because it's system IP, it's very similar to the loopback addresses found in standard Cisco devices. Or you can think of this as a system that we have on the F-5 device. It's not a routable address, but it is the identification of a system, and it will be used inside T lock. Okay, now let me give you the site ID. So I have a list based on that list based on the site ID, system IP, or IP address planning. I'm giving all these things The algname can then be given. Let me give you a gigonet. Then I can give you the coveted IP address. So the Vault IP address is 2262 and it is hosted in the cloud. I can validate this configuration. I can check the configuration here. Yeah, that's correct. Now I can commit. So this is my system-wide configuration that is successful. Now, go to V Bond the next time, and we want the same thing. I can go to System Host Name, say V Bond, then say System IP 172,27,Zero 4, then SiteID 1001, then I can give the VPN IP and the organ. So let me give you the organ first. These Organ names are importantin the digital certifications. As a result, they will use this corporate name or company name as their signing authority or inside that certificate at that time. This is one of the attributes of that. Finally, we can assign an IP address to the v-bond. That is two, two, C, six, two. Once I complete this, then I'll go and configure the VSMART system-wide configuration. So here it is. I can go to the system, and the host name is actually Vsmart. That is correct. Even if you want, you can give it an organisation name or the V-Bond IP. You can give it's not like in orderyou have to give all these things. Even now, we can copy some of the lines. So far, the main goal has been to complete the system-wide configuration. You can check after you've completed the system-wide configuration. I will show you how to do check it.Let me give the site ID, say 1000, and the system IP, which is 172 270 6; if I do show configuration, it will show me the configuration that I'm going to commit. So let me commit and quit. Okay, so these are the systemwide configurations that we have. And now if I want to verify it, verification is simple. You can do "show run" and then "system." You'll get only that portion of the configuration. Okay, so let me close here. The next section will add some routing or VPN interface stuff, and we'll check the connectivity.
Similar Cisco Video Courses
Only Registered Members Can Download VCE Files or View Training Courses
Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.
Log into your ExamCollection Account
Please Log In to download VCE file or view Training Course
Only registered Examcollection.com members can download vce files or view training courses.
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from email@example.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.
Feel Free to Post Your Comments About EamCollection's Cisco CCNP Enterprise 300-415 Certification Video Training Course which Include Cisco 300-415 Exam Dumps, Practice Test Questions & Answers.