Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configure the vSmart Controller

Once you have set up and started the virtual machines (VMs) for the vSmart controllers in your overlay network, they come up with a factory-default configuration. You then need to manually configure a few basic features and functions so that the devices can be authenticated and verified and can join the overlay network. These features include the IP address of your network's vBond orchestrator, the device's system IP address, and a tunnel interface in VPN 0 to use for exchanging control traffic among the network controller devices (the vBond, vManage, and vSmart devices).

For the overlay network to be operational and for the vSmart controllers to participate in the overlay network, you must do the following:

  • Configure a tunnel interface on at least one interface in VPN 0. This interface must connect to a WAN transport network that is accessible by all Viptela devices. VPN 0 carries all control plane traffic among the Viptela devices in the overlay network.
  • Ensure that the Overlay Management Protocol (OMP) is enabled. OMP is the protocol responsible for establishing and maintaining the Viptela control plane. It is enabled by default, and you cannot disable it. When you edit the configuration from the CLI, do not remove the omp configuration command.

You create these initial configuration by using SSH to open a CLI session to the the vSmart controller.

After you have created the initial configuration, you create the full configuration by creating configuration templates on the vManage NMS and then attaching them to the vSmart controllers. When you attach the configuration template to the vSmart controllers, the configuration parameters in the templates overwrite the initial configuration.

In this initial configuration, you should assign a system IP address to the vSmart controller. This address, which is similar to the router ID on non-Viptela routers, is a persistent address that identifies the controller independently of any interface addresses. The system IP is a component of the device's TLOC address. Setting the system IP address for a device allows you to renumber interfaces as needed without affecting the reachability of the Viptela device. Control traffic over secure DTLS or TLS connections between vSmart controllers and vEdge routers and between vSmart controllers and vBond orchestrators is sent over the system interface identified by the system IP address. In the transport VPN (VPN 0), the system IP address is used as the device's loopback address. You cannot use this same address for another interface in VPN 0.

Note: For the overlay network to function properly and predictably, the policies configured on all vSmart controllers must be identical.

Create Initial Configuration for the vSmart Controller

To create the initial configuration on a vSmart controller from a CLI session:

  1. Open a CLI session to the Viptela device via SSH.
  2. Log in as the user admin, using the default password, admin. The CLI prompt is displayed.
  3. Enter configuration mode:
    vSmart# config
    vSmart(config)#
  4. Configure the hostname:
    Viptela(config)# system host-name hostname
    Configuring the hostname is optional, but is recommended because this name in included as part of the prompt in the CLI and it is used on various vManage NMS screens to refer to the device.
  5. Configure the system IP address. In Releases 16.3 and later, the IP address can be an IPv4 or an IPv6& address. In earlier releases, it must be an IPv4 address.
    vSmart(config-system)# system-ip ip-address
    The vManage NMS uses the system IP address to identify the device so that the NMS can download the full configuration to the device.
  6. Configure the numeric identifier of the site where the device is located:
    vSmart(config-system)# site-id site-id
    If you configure a vSmart controller as a container in a vContainer host, you must assign each vSmart controller within an organization a unique site ID. This is required because the private IP address of a vSmart controller in a vContainer host is not accessible outside the vContainer host.
  7. Configure the numeric identifier of the domain in which the device is located:
    vSmart(config-system)# domain-id domain-id
  8. Configure the IP address of the vBond orchestrator or a DNS name that points to the vBond orchestrator. The vBond orchestrator's IP address must be a public IP address, to allow all Viptela devices in the overlay network to reach it.
    vSmart(config-system)# vbond (dns-name | ip-address)
  9. Configure a time limit for confirming that a software upgrade is successful:
    vSmart(config-system)# upgrade-confirm minutes
    The time can be from 1 through 60 minutes. If you configure this time limit, when you upgrade the software on the device, the vManage NMS (when it comes up) or you must confirm that a software upgrade is successful within the configured number of minutes. If the device does not received the confirmation within the configured time, it reverts to the previous software image.
  10. Change the password for the user "admin":
    vSmart(config-system)# user admin password password
    The default password is "admin".
  11. Configure an interface in VPN 0 to be used as a tunnel interface. VPN 0 is the WAN transport VPN, and the tunnel interface carries the control traffic among the devices in the overlay network. The interface name has the format ethnumber. You must enable the interface and configure its IP address, either as a static address or as a dynamically assigned address received from a DHCP server. In Releases 16.3 and later, the address can be an IPv4 or an IPv6 address, or you can configure both to enable dual-stack operation. In earlier releases, it must be an IPv4 address.
    ​vSmart(config)# vpn 0
    ​vSmart(config-vpn-0)# interface interface-name
    vSmart(config-interface)# (ip dhcp-client | ip address prefix /length)
    vSmart(config-interface)# (ipv6 address ipv6-prefix/length​​​​​​​ | ipv6 dhcp-client [​​​​​​​dhcp-distance ​​​​​​​number | ​​​​​​​dhcp-rapid-commit​​​​​​​])
    vSmart(config-interface)# no shutdown
    vSmart(config-interface)# tunnel-interface
    ​​​​​​​vSmart(config-tunnel-interface)# allow-service netconf

Note: You must configure a tunnel interface on at least one interface in VPN 0 in order for the overlay network to come up and for the vSmart controller to be able to participate in the overlay network. This interface must connect to a WAN transport network that is accessible by all Viptela devices. VPN 0 carries all control plane traffic among the Viptela devices in the overlay network.

  1. Configure a color for the tunnel to identify the type of WAN transport. You can use the default color (default), but you can also configure a more appropriate color, such as mpls or metro-ethernet, depending on the actual WAN transport.
    vSmart(config-tunnel-interface)# color color
  1. Configure a default route to the WAN transport network:
    vSmart(config-vpn-0)# ip route 0.0.0.0/0 next-hop
  2. Commit the configuration:
    vSmart(config)# commit and-quit
    vSmart#
  3. Verify that the configuration is correct and complete:
    vSmart# show running-config

After the overlay network is up and operational, create a vSmart configuration template on the vManage NMS that contains the initial configuration parameters. Use the following vManage feature templates:

  • System feature template to configure the hostname, system IP address, and vBond functionality.
  • AAA feature template to configure a password for the "admin" user.
  • VPN Interface Ethernet feature template to configure the interface, default route, and DNS server in VPN 0.

In addition, it is recommended that you configure the following general system parameters:

  • Organization name, on the vManage Administration ► Settings screen.
  • Timezone, NTP servers, and device physical location, from the Configuration ► Templates ► NTP and System feature configuration templates.
  • Login banner, from the Configuration ► Templates ► Banner feature configuration template.
  • Logging parameters, from the Configuration ► Templates ► Logging feature configuration template.
  • AAA, and RADIUS and TACACS+ servers, from the Configuration ► Templates ► AAA feature configuration template.
  • SNMP, from the Configuration ► Templates ► SNMP feature configuration template.

Sample Initial CLI Configuration

Below is an example of a simple configuration on a vSmart controller. Note that this configuration includes a number of settings from the factory-default configuration and shows a number of default configuration values.

vSmart# show running-config 
system
 host-name         vSmart
 gps-location latitude 40.7127837
 gps-location longitude -74.00594130000002
 system-ip         172.16.240.172
 site-id           200
 organization-name "Viptela Inc"
 clock timezone America/Los_Angeles
 upgrade-confirm   15
 vbond 184.122.2.2
 aaa
  auth-order local radius tacacs
  usergroup basic
   task system read write
   task interface read write
  !
  usergroup netadmin
  !
  usergroup operator
   task system read
   task interface read
   task policy read
   task routing read
   task security read
  !
  user admin
   password encrypted-password
  !
 !
 logging
  disk
   enable
  !
  server 192.168.48.11
   vpn      512
   priority warm
  exit
 !
!
omp
 no shutdown
 graceful-restart
!
snmp
 no shutdown
 view v2
  oid 1.3.6.1
 !
 community private
  view          v2
  authorization read-only
 !
 trap target vpn 0 10.0.1.1 16662
  group-name     Viptela
  community-name private
 !
 trap group test
  all
   level critical major minor
  exit
 exit
!
vpn 0
 interface eth1
  ip address 10.0.12.22/24
  tunnel-interface
   color public-internet
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   allow-service netconf
   no allow-service ntp
   no allow-service stun
 !
  no shutdown
 !
vpn 512
 interface eth0
  ip dhcp-client
  no shutdown
 !
!
  • Was this article helpful?