If the device is not listed as an unclaimed WAN edge device, check whether the device can connect to the Cisco vBond Orchestrator and correct any connectivity issues. From the Cisco vManage menu, choose Configuration > Devices. When prompted, see the following instructions for creating the credentials: Click (i) for Client ID and open the Cisco API Console page in a browser window to create Cloud Connector credentials if you do not already have credentials. If your Cisco IOS XE SD-WAN device is Then the initial and OTP-authenticated devices such as ASR1002-X, use the bootstrap file name as ciscosdwan_cloud_init.cfg. network before configuring the use of OTP, Public Key, and SHA2 enterprise interface. The device is removed from Unclaimed WAN to the home or parent directory of the USB drive. If the control connection between the device and Cisco vManage does not come up within 15 minutes, Cisco vManage automatically reverts the device to the previously running software image. actions in Cisco vManage: From the Cisco vManage menu, choose Administration > Settings. If the Cisco vBond Orchestrator address was defined as a hostname, configure DNS: Save the changes and exit configuration mode: If you are using a certificate signed by your enterprise root CA, install the certificate: Verify that the control connections are up and the router is validated. authentication and secure the device against SHA1 vulnerabilities. Install the SD-AVC package as described below. Perform this You can upgrade the software version on the controller devicesCisco vManage instances, Cisco vSmart Controllers, and Cisco vBond Orchestratorswithout upgrading the vEdge routers to the same version. You can download and store multiple software images on a Cisco vEdge device. The device disables AVNET/TPM1.2 SHA1 certificate authentication. The ASR 1000 Cisco vBond Orchestrator series router has at least 8 GB of DRAM installed. Beginning with the 18.4 release, SD-WAN can optionally incorporate Cisco Software-Defined Application Visibility and Control In a group software upgrade operation, you can upgrade up to 40 Cisco vEdge devices or Cisco IOS XE SD-WAN devices and reboot or activate upto 100 Cisco vEdge devices or Cisco IOS XE SD-WAN devices simultaneously (when the new image is available locally). If running Release 16.6.1 or earlier on an ASR series router, issue the show sdwan certificate serial command. From the Cisco vManage menu, choose Configuration > Certificates > WAN Edge List. From the Cisco vManage menu, choose Configuration > Certificates > WAN Edge List, the device certificate state is shown as CSR. Cisco vManage Release 20.6.x and earlier: To verify that the device has established control connections and is part of the In the Terms of Service section, select the check box to agree with the terms. These steps are provided here for convenience, Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Enabled. For the selected device, click and choose Delete WAN Edge. In the Export Bootstrap Configuration dialog box, enter the VPN0 Interface name. From the Cisco vManage menu, choose Configuration > Certificates. Click OK to confirm the move to the invalid Click Browse to select the software images or Drag and Drop the images for vEdge routers, Cisco vSmart Controllers, or Cisco vManage. Save. If the new software images are in the image repository on Cisco vManage, ensure that the WAN in which Cisco vManage is located has sufficient capacity for concurrent file transfers. The virtual machine in which Cisco vManage operates must have the following resources available to dedicate to the SD-AVC network service: Ensure that the downloaded SD-WAN image is compatible with your version of Cisco vManage. After using this password for the first time, the administrator The file is named in the format .cfg. Reset the device software configuration by issuing the following commands on Edges, WAN Edge To upgrade the software, you obtain the software images from Cisco SD-WAN, add the new software images to the repository located on either Cisco vManage or a remote server, and install the new software image on the device. USB drive. For the desired host (the portal on which you are enabling SD-AVC), click and select Edit. If an upgrade fails and the device does On the Cisco vBond Orchestrator, you can view the unclaimed WAN edge devices by using the command show orchestrator unclaimed-vedges . installed images for both Cisco IOS XE SD-WAN and Cisco vEdge devices. functional state. Cisco vEdge 5000 device. Enter the URL of the FTP or HTTP server on which the images reside. When the Cisco vEdge 5000 device boots, it uses the Configuring the hostname is optional, but it is recommended because this name in included as part of the prompt To activate If you are upgrading the software image on a remote Cisco vManage, the overlay network must already be up and operational. To upgrade the software image from within the CLI: Configure the time limit for confirming that a software upgrade is successful. template. For information regarding Cisco IOS XE Release 17.2 and later, see Install and Upgrade Cisco IOS XE Release 17.2 and Later. To perform the on-site bootstrap process for a device, follow these steps: Upload the Chassis ID and the serial number of the device to Cisco vManage. Enabled, go to Step 2. For information on factory reset procedures on different platforms, see: Cisco ASR 1000 Series Aggregation Services Routers, Cisco 4000 Series Integrated Services Routers. Telemetry: (optional) Disable collecting telemetry data. Cisco vManage 18.4 on a self-managed cloud or local server. VPN 0 WAN interface by using the following commands: Click WAN Edge List and choose the device to invalidate. To install software on a Cisco vSmart Controller, see Create vSmart VM Instance on ESXi or Create vSmart VM Instance on KVM. For software devices (CSR and ISRv), The reboot option activates the new software image and reboots the device after the installation completes. Click Sync Smart Account to download the updated device list to Cisco vManage and send it to the Cisco vBond Orchestrator. This topic links to the hardware recommendations for the Cisco vBond Orchestrator server, vEdge Cloud router server, Cisco vManage server, and Cisco vSmart Controller server: Cisco vManage Release 20.1.x and earlier releases, Cisco vManage Release 20.4.x (On-Prem, Multitenant). You install software on Cisco SD-WAN devices when you first bring up the overlay network and add those devices to the network: To install software on a Cisco vBond Orchestrator, see Create vBond VM Instance on ESXi or Create vBond VM Instance on KVM. This is the configuration file for the on-site bootstrap process. When any of these software versions (or Disabled, click such as QoS and application-based firewall policy. Beginning with Cisco vManage Release 20.3.1/Cisco IOS XE Release 17.3.1a, the Cisco SD-AVC installation has changed. For the selected device, click and select View Enterprise CSR. For the desired template, click and choose Attach Devices. a One Time Password (OTP) and a Public Key, and install an SHA2 enterprise In the Upload WAN Edge List dialog box, select the the To upgrade the software running on the devices in the overlay network, you must first obtain the new software packages from Cisco vManage 18.4 on a cloud-based server, provided fully configured by the Cisco cloud operations team. at the system prompt: If your IOS Ex router is connected to a DHCPserver and you are not using PnP, or if your IOS XE router is not connected to The on-site bootstrap process involves generating a bootstrap configuration file that Every time you generate the Cloud-Init(Encrypted OTP) bootstrap Click Install Certificate button located in the upper-right corner of the screen. The on-site bootstrap process consists of this general workflow: Use Cisco vManage to generate a configuration file, Copy the configuration file to a bootable USB drive and plug the drive into a device, or copy the configuration to the bootflash Similarly if you To install the certificate on the device, perform the following steps: From the Cisco vManage menu, choose Configuration > Certificates > Controllers. If you need to disable the application server, do not do this at the same time In the local console of the device, enter SD-WAN config mode. Before you upgrade the software on Cisco vEdge devices, ensure that the devices are running the required software version. Organization-name, Cisco vBond Orchestrator IP address, OTP token, and Enterprise root-ca are retrieved from the configuration file. certificate. Check the current configuration on Cisco vManage using the command show system status. the controllers using the SHA2 Enterprise Certificate. Select whether the software image is available on Cisco vManage or on the Remote Server. It is recommended that the router have 8 GB of Optionally, specify the VPN identifier in which the server is located. If you select Cisco vManage in Step 5, you can choose to automatically activate the new software image and reboot the device by selecting the Activate and Reboot check box. You can do this for a single device or for multiple devices simultaneously. The ISRv router is running the minimum required version of the CIMC and NFVIS software, as shown in the following table: To download the Cisco IOS XE SD-WAN software from the Cisco site: Click Support & Downloads from the menu on the left side. Cisco vManage prompts you to confirm before rebooting the device to apply the changes to the device. Ensure that the Public Key entry for the device is available on the PNP server before generating the serial.viptela file. 16.12.2: After the device comes back up, configure a new admin password. A progress bar indicates the status of the software upgrade. see Supported Interface Modules and Supported Crypto Modules. List, show crypto pki certificates CISCO_IDEVID_SUDI, request platform software sdwan software upgarde-confirm, request platform software sdwan software reset, What's New in Cisco IOS XE (SD-WAN) and Cisco SD-WAN Releases, Install and Upgrade Cisco IOS XE Release 17.2.1r and Later, Cisco SD-WAN Overlay Network Bring-Up Process, Manage Licenses for Smart Licensing Using Policy, Onboarding Modular Cisco ASR 1000 Series Platforms, API Cross-Site Request Forgery Prevention, Deploy Cisco SD-WAN Controllers in Microsoft Azure, On-Site Bootstrap Process for Cisco SD-WAN Devices, On-Site Bootstrap Process for Cisco vEdge 5000 using SHA2 Enterprise Certificates, Installing Cisco SD-AVC, Cisco vManage 20.1.1 and Earlier, Enable SD-AVC on Cisco IOS XE SD-WAN Devices, Install Cisco SD-AVC, Cisco vManage Release 20.3.1 and Later, Enable Cisco SD-AVC, Cisco vManage Release 20.3.1 and Later, Software Installation and Upgrade for Cisco IOS XE Routers, Download Cisco IOS XE SD-WAN Software for Cisco IOS XE SD-WAN Release 16.12 and Earlier, Install the Cisco IOS XE SD-WAN Software for Cisco IOS XE SD-WAN Release 16.12 and Earlier, Add IOS XE Devices to the Plug and Play Portal, Software Installation and Upgrade for vEdge Routers, Add New Software Images to the Repository, Downgrade a Cisco vEdge Device to an Older Software Image, Upgrade Memory and vCPU Resources on a Virtual Machine Hosting Cisco vManage, Cisco Plug and Play Support Guide for Select the Cisco vEdge 5000 device for which to sign a provision process must be restarted. (Optional) If the device WAN interface is not assigned an IP address See Cisco SD-WAN Command Reference guide for more information. Public Key, and install an SHA2 enterprise certificate on the this feature, you can authenticate the device using an OTP and a was updated, and the URL. The bootstrap configuration enables a DHCP client on the designated VPN 0 From the Cisco vManage menu, choose Configuration > Policies. To upload the SD-AVC virtual service package to Cisco vManage: From the Cisco vManage menu, choose Maintenance > Software Repository. The on-site bootstrap process involves generating a bootstrap configuration file that loads from a bootable USB drive or from Cisco vManage generates a random authentication token for the device. After a signed SHA2 enterprise certificate is installed on a Cisco vEdge 5000 is interrupted or terminated before the password is changed and saved, subsequent login attempts fail. The strings mips64 and x86_64 represent the underlying chip architecture. To restore login access The next reboot occurs immediately if you select the In the Devices list, click on the serial number of the of a device. a DHCP server on the WAN, configure the routermanually using the CLI as shown in the following steps. While generating the generic bootstrap configuration on Cisco vManage, you select the interface that will serve as the VPN 0 (WAN) interface on the Cisco IOS XE SD-WAN device. To view the status of software upgrades on each device and a log of related activities: If you need to upgrade a software image directly on a device, or if you are not using Cisco vManage in your network, to upgrade the software image, you can either repeat the installation process or you can install the software For a list of supported modules, installed on the device. to controllers. Click Upgrade. For information about restoring the password, see Recover the Default Password. Click Update. By authenticating the device using an OTP and a Public All rights reserved. Bootstrap Process for Cisco SD-WAN Devices. that is used as the data disk partition. installing the device. Click Save. Have the upgraded vEdge routers run for at least one day (24 hours) to ensure that the Cisco SD-WAN devices and the overlay network are stable and running as expected. Key column. tunnel to go down before it comes up again when the In the Device Information dialog box, check whether From the Cisco vManage menu, choose Administration > Settings and make sure that the Organization Name and the Cisco vBond Orchestrator IP address are configured properly. By authenticating the device using an OTP and a Public Click Upgrade and the Software Upgrade dialog box opens. Download the Cisco IOS XE SD-WAN software image from the Cisco site. (Optional) After pushing the update to the device, you can check the status of SD-AVC on the device with one of the following From the device SSH terminal, shut down the To verify that the device has established control connections and is part of the overlay network, from the Cisco vManage menu, choose Monitor > Overview and click Devices. Connect to the device using SSH. Cisco SD-AVC must operate on only one Cisco vManage instance. Download the .config file to a bootable USB drive and insert the After the software images are present in Cisco vManage image repository, you can upload the software image on a device: From the Cisco vManage menu, choose Maintenance > Software Upgrade. The partition resizing will take some time to complete. Click Virtual Images and select Upload Virtual Image to upload the SD-AVC package. Click Send to Controllers to synchronize the WAN Edge list on all controllers. Once you have downloaded the new software packages from the Cisco SD-WAN website, upload them into Cisco vManage repository. Cisco SD-WAN Products. If templates are not configured on Cisco vManage, configure the required system configuration on the device.
Sitemap 6
Share