C8000v 初始虚机创建 #
本文章基于 vManage-20.9.3, C8000v 选择 ISO 文件进行部署在本地私有云上(c8000v-universalk9.17.09.03a.iso)。
由于是用来作为测试使用, 资源并没有选择太多, 在创建的时候注意至少创建 3 个 Network, 设置完成后打开 VM 可以看到如下提示,我们选择 no,设置 enable 密码后进入系统。
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
The enable secret is a password used to protect
access to privileged EXEC and configuration modes.
This password, after entered, becomes encrypted in
the configuration.
-------------------------------------------------
secret should be of minimum 10 characters and maximum 32 characters with
at least 1 upper case, 1 lower case, 1 digit and
should not contain [cisco]
-------------------------------------------------
Enter enable secret: ************
Confirm enable secret: ************
The following configuration command script was created:
enable secret 9
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [1]: 1
修改模式为控制器模式,此时设备会进行重启。
Router# controller-mode enable
Enabling controller mode will erase the nvram filesystem, remove all configuration files, and reload the box!
Ensure the BOOT variable points to a valid image
Continue? [confirm]
% Warning: Bootstrap config file needed for Day-0 boot is missing
Do you want to abort? (yes/[no]): no
Mode change success
设备起来后为端口配置 IP-address,并开启 SSH 功能:
Router#show run | se line vty
line vty 0 4
transport input ssh
Router#show run int gigabitEthernet 1
interface GigabitEthernet1
ip address dhcp
negotiation auto
no mop enabled
no mop sysid
end
准备 bootstrap 文件 #
从 17.7 起运行 IOS-XE SDWAN 的 c8000v 虚拟路由器,首次启动时需要在控制器管理模式下进行有效的 Day0/Bootstrap 配置.需要此文件来向路由器提供有效的 SD-WAN 通用设备标识符 (UID)
在 vMange -> Configuration -> Devices, 选定一个还未上线的 C8000v,选择Generate Bootstrap Configuration
Download 此文件后, 并在本地修改为ciscosdwan_cloud_init.cfg, 上传到本地 ftp 服务器上。
上传文件并重新加载设备 #
Router#copy ftp://calo:[email protected]:/ciscosdwan_cloud_init.cfg bootflash:
Destination filename [ciscosdwan_cloud_init.cfg]?
Accessing ftp://*:*@10.122.153.158/ciscosdwan_cloud_init.cfg...
[OK - 167/4096 bytes]
167 bytes copied in 3.340 secs (50 bytes/sec)
Router#
Router#
Router#
Router#dir bo
Router#dir bootflash:
Directory of bootflash:/
32 -rw- 167 Jul 27 2024 15:42:35 +00:00 ciscosdwan_cloud_init.cfg
393217 drwx 12288 Jul 27 2024 15:35:17 +00:00 tracelogs
131074 drwx 4096 Jul 27 2024 15:31:47 +00:00 .cdb_backup
12 -rwx 905 Jul 27 2024 15:31:46 +00:00 mode_event_log
2097155 drwx 4096 Jul 27 2024 15:31:45 +00:00 sdwan
33 -rw- 107 Jul 27 2024 15:31:40 +00:00 pki_certificates
26 -rw- 106 Jul 27 2024 15:31:19 +00:00 cvac.log
2097153 drwx 4096 Jul 27 2024 15:31:18 +00:00 license_evlog
28 -rw- 157 Jul 27 2024 15:31:18 +00:00 csrlxc-cfg.log
262146 drwx 4096 Jul 27 2024 15:30:43 +00:00 .geo
25 -rw- 30 Jul 27 2024 15:30:40 +00:00 throughput_monitor_params
2752514 drwx 4096 Jul 27 2024 15:30:18 +00:00 vmanage-admin
2359297 drwx 1024 Jul 27 2024 15:30:18 +00:00 .sdwaninstaller
1048578 drwx 4096 Jul 27 2024 15:30:17 +00:00 .sdwaninternal
1179649 drwx 4096 Jul 27 2024 15:29:01 +00:00 .dbpersist
30 -rw- 5626 Jul 27 2024 15:29:01 +00:00 original-xe-config
2490370 drwx 4096 Jul 27 2024 15:28:48 +00:00 pnp-tech
917505 drwx 4096 Jul 27 2024 15:28:28 +00:00 pnp-info
27 -rw- 301 Jul 27 2024 15:26:57 +00:00 .iox_dir_list
2228226 drwx 4096 Jul 27 2024 15:26:55 +00:00 iox_host_data_share
1048577 drwx 4096 Jul 27 2024 15:26:55 +00:00 guest-share
1835009 drwx 4096 Jul 27 2024 15:26:53 +00:00 onep
786433 drwx 4096 Jul 27 2024 15:26:24 +00:00 virtual-instance
23 -rw- 20109 Jul 27 2024 15:26:22 +00:00 ios_core.p7b
24 -rw- 1923 Jul 27 2024 15:26:22 +00:00 trustidrootx3_ca_092024.ca
1703937 drwx 4096 Jul 27 2024 15:26:18 +00:00 core
1966081 drwx 4096 Jul 27 2024 15:26:14 +00:00 bootlog_history
2490369 drwx 4096 Jul 27 2024 15:26:13 +00:00 .prst_sync
20 -rw- 797361240 Jul 27 2024 15:25:33 +00:00 c8000v-mono-universalk9.17.09.03a.SPA.pkg
22 -rw- 5794 Jul 27 2024 15:25:33 +00:00 packages.conf
21 -rw- 51970675 Jul 27 2024 15:25:33 +00:00 c8000v-rpboot.17.09.03a.SPA.pkg
15 -rw- 13038668 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_nim_async.17.09.03a.SPA.pkg
17 -rw- 4346952 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_nim_ge.17.09.03a.SPA.pkg
18 -rw- 11568204 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_nim_shdsl.17.09.03a.SPA.pkg
14 -rw- 11760716 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_ngwic_t1e1.17.09.03a.SPA.pkg
16 -rw- 17724492 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_nim_cwan.17.09.03a.SPA.pkg
19 -rw- 5575756 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_nim_xdsl.17.09.03a.SPA.pkg
13 -rw- 66636 Jul 27 2024 15:25:31 +00:00 c8000v-firmware_dreamliner.17.09.03a.SPA.pkg
262145 drwx 4096 Jul 27 2024 15:25:30 +00:00 appqoe-service
131073 drwx 4096 Jul 27 2024 15:25:29 +00:00 .rollback_timer
2228225 drwx 4096 Jul 27 2024 15:25:19 +00:00 SHARED-IOX
11 drwx 16384 Jul 27 2024 15:25:10 +00:00 lost+found
47795126272 bytes total (43961167872 bytes free)
Router#dir bootflash: | in cfg
32 -rw- 167 Jul 27 2024 15:42:35 +00:00 ciscosdwan_cloud_init.cfg
28 -rw- 157 Jul 27 2024 15:31:18 +00:00 csrlxc-cfg.log
Router#reload
Proceed with reload? [confirm]Connection to 10.70.79.161 closed by remote host.
Connection to 10.70.79.161 closed.
重启设备后我们再登陆设备就可以看到 UDI 可以正常显示:
Router#show license udi
UDI: PID:C8000V,SN:C8K-011ACCA8-BDEB-1957-E4A0-3C4D89C95344
上线 C8000v #
为设备配置一些基本配置:
Router#config-transaction
admin connected from 127.0.0.1 using console on Router
Router(config)# interface Tunnel 1
Router(config-if)# ip unnumbered GigabitEthernet1
Router(config-if)# tunnel source GigabitEthernet1
Router(config-if)# tunnel mode sdwan
Router(config-if)# no shut
Router(config-if)#
Router(config-if)# sdwan
Router(config-sdwan)# interface GigabitEthernet1
Router(config-interface-GigabitEthernet1)# tunnel-interface
Router(config-tunnel-interface)# encapsulation ipsec
Router(config-tunnel-interface)# allow-service all
Router(config-tunnel-interface)# allow-service sshd
Router(config-tunnel-interface)# allow-service netconf
Router(config-tunnel-interface)# exit
Router(config-interface-GigabitEthernet1)# exit
Router(config-sdwan)# exit
Router(config)# exit
Uncommitted changes found, commit them? [yes/no/CANCEL] yes
Commit complete.
Router#config-t
admin connected from 127.0.0.1 using console on Router
Router(config)# system
Router(config-system)# system-ip 10.1.12.12
Router(config-system)# site-id 1012
Router(config-system)# organization-name xuxing.eve.lab
Router(config-system)# vbond 10.70.79.151
Router(config-system)# commit
Commit complete.
Router(config-system)# end
从 vMange 上找到对应的 token,激活设备。
Router#request platform software sdwan vedge_cloud activate chassis-number C8K-011ACCA8-BDEB-1957-E4A0-3C4D89C95344 token 37f634788f5b48f68b467c24b719c92a
Router#
Router#
完成后,您应该在日志中看到 vManage 使用 NETCONF over SSH 登录到 cEdge,生成 CSR,然后对其进行签名并安装设备证书。然后,cEdge 路由器应与 vSmart 建立 OMP 对等互连,并开始接收 TLOC 和 OMP 路由。 并且控制层面可以顺利建立:
*Jul 27 15:53:01.145: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'vmanage-admin' authenticated successfully from 10.1.1.12:50318 for netconf over ssh. External groups:
*Jul 27 15:54:05.230: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'vmanage-admin' authenticated successfully from 10.1.1.12:50526 for netconf over ssh. External groups:
*Jul 27 15:54:05.984: %Cisco-SDWAN-Router-OMPD-3-ERRO-400002: vSmart peer 10.1.3.3 state changed to Init
*Jul 27 15:54:08.114: %Cisco-SDWAN-Router-OMPD-6-INFO-400002: vSmart peer 10.1.3.3 state changed to Handshake
*Jul 27 15:54:08.116: %Cisco-SDWAN-Router-OMPD-5-NTCE-400002: vSmart peer 10.1.3.3 state changed to Up
*Jul 27 15:54:08.116: %Cisco-SDWAN-Router-OMPD-6-INFO-400005: Number of vSmarts connected : 1
*Jul 27 15:54:09.381: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
Router#show sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vsmart dtls 10.1.3.3 100 1 10.70.79.152 12346 10.70.79.152 12346 xuxing.eve.lab default No up 0:00:09:12 0
vbond dtls 0.0.0.0 0 0 10.70.79.151 12346 10.70.79.151 12346 xuxing.eve.lab default - up 0:00:09:15 0
vmanage dtls 10.1.1.12 100 0 10.70.79.242 12346 10.70.79.242 12346 xuxing.eve.lab default No up 0:00:09:15 0