USD ($)
$
United States Dollar
India Rupee

Configuring Switch and Installing CA Server

Created by Deepak Sharma in Cisco SD-WAN Labs 28 Jan 2025
Share
«How to Configure WAN Cloud Components - ...

This is an SD-WAN lab practical that will show how to configure Switch and Install CA Server. You can practice along with this practical, using our SD-WAN virtual lab.

Tasks 

Configure the hostname as “SW” Switch, which is present in the physical topology of SD-WAN controllers.  

Configure VLAN 192 and VLAN 200 and assign the respective VLANs on the ports connected to SD-WAN Controller devices and CA Server as per the table below. Then, verify it with the logical topology diagram.  

SW
Interfaces VLANs Description (Optional)
Eth0/0 192 Connected to vManage 192.168.10.2
Eth0/1 192 Connected to vSmart 192.168.10.3
Eth0/2 192 Connected to vBond 192.168.10.4
Eth0/3 192 Connected to CA-Server 192.168.10.5
Eth1/0 200 Connected to vManage 200.1.1.2
Eth1/1 200 Connected to vSmart 200.1.1.3
Eth1/2 200 Connected to vBond 200.1.1.4
Eth1/3 200 Connected to CA-Server 200.1.1.5
Eth2/0 200 Connected to HQ 200.1.1.1
Online Cisco SD-WAN TrainingLearn from expert trainers and master SD-WAN..Explore course
custom banner static image


On CA-Server  

1. Configure IP addresses 192.168.10.5 and 200.1.1.5 on Interfaces Eth0 and Eth1 respectively. Also assign gateway IP address as 200.1.1.1 on interface Eth1. 

2. Enable DHCP on interface Eth2 to receive a dynamic IP address from the Internet. Make sure it gets an IP address in range 192.168.1.0/24 

3. Set the clock back by eight hours to synchronize with other devices 

4. Add role as certification authority (CA) server by adding Active Directory Certification Services.  

● Cryptography CSP as RSA with key length of 2048 

● Common name is CA-Server 

● Validity is 5 years 

5. Install WinSCP and PuTTY in Windows Server (CA-Server) 

Configuration and Verification 

All SDWAN controllers’ devices are connected via a switch, first, we need to configure this switch to get the connectivity between these devices.  

ShapeVLAN 200 is configured on switch interfaces Eth1/0-3 and Eth2/0 which gives layer 3 connectivity towards HQ and VLAN 192 is configured on switch interfaces Eth0/1-3 which gives layer 3 connectivity to SDWAN controller devices. You can also give interface descriptions if you are wise.

enable 

 configure terminal 

 hostname SW 

 vlan 192,200 

  exit 

 interface range Eth0/0-3 

  switchport access vlan 192 

  switchport host 

  no shutdown 

 interface range Eth1/0-3, Eth2/0 

  switchport access vlan 200 

  switchport host 

  no shutdown 

  end 

write 

Verify that the VLANs are created, and switch interfaces are assigned on the respective VLANs.

SW#show vlan brief  

VLAN Name                             Status    Ports 

---- -------------------------------- --------- ------------------------------- 

192  VLAN0192                         active    Et0/0, Et0/1, Et0/2, Et0/3 

200  VLAN0200                         active     

SW#show interfaces status 

Port      Name               Status       Vlan       Duplex  Speed Type  

Et0/0                        connected    192          a-full   auto RJ45 

Et0/1                        connected    192          a-full   auto RJ45 

Et0/2                        connected    192          a-full   auto RJ45 

Et0/3                        connected    192          a-full   auto RJ45 

Et1/0                        connected    200          a-full   auto RJ45 

Et1/1                        connected    200          a-full   auto RJ45 

Et1/2                        connected    200          a-full   auto RJ45 

Et1/3                        connected    200          a-full   auto RJ45 

Et2/0                        connected    200          a-full   auto RJ45

Now configure the Windows Server 2008 interfaces for it to be prepared for CA-Server, power on this windows server and login into it. On the console of this server use virtual keyboard to press CTRL+ALT+DELETE to login

Image description

Image description

Image description

In this way you can have a login prompt (here you can close the virtual keyboard), here you can see two users. Login via username “uninets” or “Administrator” and password “uninets@123”

Image description

After login it will prompt an activation windows, just need to cancel it. (DO NOT ACTIVATE) 

Image description

Image description

Once you logged into the windows server, you can start configuring its interfaces, open “open Network and Sharing Centre” to configure its interfaces. 

Image description

Go to the change adaptor settings, where you can see all the interfaces of the server 

Image description

There are 4 network interfaces out of which Local Area Connection 4 (depicted as E2 on our topology diagram) is connected to internet, so make sure this interface is configured to receive a dynamic IP address in range 192.168.1.0/24 form DHCP. 

Image description

Verify that IP address received on this interface and other details like gateway and ping www.google.com to check we have internet connectivity on the server. 

Image description

Configure interface Local Area connection (Depicted as E0 on our topology diagram) with a static IP address 192.168.10.5/24 which is in VLAN 192 on the switch side and connecting to all other SDWAN controller devices internally.

Image description

Similarly configure interface Local Area connection 2 (Depicted as E1 on our topology diagram) with a static IP address 200.1.1.5/24 which is in VLAN 200 on the switch side and connecting to HQ router. 

Image description

Verify that both IP addresses are configured on these interfaces, we have already checked the interface which is connected to the internet. 

Image description

Now it’s the time to install root certificate server. First add role for “Active Directory Certificate Services”. Login to window server with username “Administrator” and password “uninets@123”. Go to the Server Manager and Add Roles. 

Image description

It will open a Add Roles wizard, just click on next to move forward 

Image description

It will not open a server role wizard wherein select “Active Directory Certificate Services” and click on next to continue

Image description

Click on Next to continue

Image description

On the role services, select “Certification Authority Web Enrolment” to install Active Directory Certificate Services. “Certificate Authority” is already selected. It will prompt the below windows just click on “Add Required Role Services” 


Image description

On the setup type “Standalone” is selected by default so just click on Next to continue

Image description

Next specify the CA type, here you select the Root CA and click Next 

Image description

Now to generate and issues certificates to clients, CA should have a private key, so select “Create a new Private Key” on the next window and click on Next to continue 

Image description

On Cryptography select CSP as RSA with key length of 2048 and click on Next

Image description

As per the task common name for CA server should be CA-Server and click on Next 

Image description

Select 5 years for the validity period for the certificate generated for CA. Also select the default path for CA database (it is selected by default so nothing to change) then click on Next  

Image description

Image description

Now click on next on all window (nothing to change) and finally reach to confirmation, it will give you warnings just ignore them and click on Install 

Image description

It will now start the installation so wait till the installation gets completed


Image description

Image description

Once the installation has been completed check on Results, it will show installation successful. Close this window to proceed further.  

Image description

We are also required to install WinSCP and putty application on the server. These applications will be used by other labs in this workbook. 

Open google chrome and search for “download WinSCP for windows” and “download putty” and download them, once downloaded them execute these files to install these applications by double clicking on the exe files.

Image description

Putty application, this application will be used to login devices in other labs 

Image description

WinSCP application, this application will also be used for getting access of the devices in other labs 

Image description

How to Initialize and Configure VManage»
Deepak Sharma

He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ...

More... | Author`s Bog | Book a Meeting

Comments (0)

Deepak Sharma

Deepak Sharma

Senior Instructor (Part Time) at UniNets Instructor role
★★★★★ 4.91
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer

Upcoming batches

+91 8383 96 16 46

Enquire Now

Captcha
Share to your friends

Share

Share this post with others

Contact learning advisor

Captcha image