This article shows how to onboard a Branch Device using Versa Director.

Please refer to the reference deployment architecture here

Pre-requisites:

The device is already added on Versa Director using Workflows -> Devices as shown in this article and has status as Deployed.

Step 1:

For the script based Zero Touch Provisioning (ZTP), the user has to login to the Versa FlexVNF (CPE) as admin user.

Change to the scripts directory as shown below:

cd /opt/versa/scripts

$ sudo ./staging.py -w 0 -c 103.231.208.33 -s 103.231.208.45/30 -g 103.231.208.46 -l SDWAN-Branch@Provider.com -r Controller1-staging@Provider.com

-w Physical port number on the CPE which will be WAN port. 2^nd port from left is considered port 0

-c IP address of Controller with which staging is to be performed.

-s Static IP address with prefix, to be assigned to the WAN port (0 in this case)

-g Next hop IP address for the WAN port.

-l Local Identifier for IPSec tunnel (on the branch)

-r Remote Identifier for IPSec Tunnel (on the Controller)

During staging the Branch establishes IPSec IKE tunnel with the Controller and these parameters are used for the same.

103.231.208.33/30:It is the WAN IP address of the Controller (Controller WAN interface towards the MPLS).

103.231.208.45/30: It is the WAN IP address of the Branch (Branch WAN interface towards the MPLS).

103.231.208.46: It is the MPLS router interfaces IP (MPLS Router interfaces towards the Branch).

The Local Auth identifier has standard format of SDWAN-Branch@Provider.com

How to find Remote Auth Identifier? 

Appliance Context > Configurations > Controller name> Services > IP sec > VPN Profiles > Organization.

Click on the Task button on the top right side on the Screen and see the progress

Once the Branch is deployed, the Tunnel interfaces will be added.