This is a supplementary article for onboarding Elisity Virtual Edges and Virtual Edge Nodes that covers our Bulk Onboarding feature to make deployment scalable for large enterprises. This article shows this workflow for Cloud Control Center version 15.5 and newer.
Bulk Onboarding Virtual Edges
Requirements
You should familiarize yourself with deployment requirements and the full deployment process for an individual Virtual Edge Node within each of our deployment methods prior to using our bulk onboarding feature. This feature allows you to provision your Virtual Edges and Nodes in Cloud Control Center all at once using an Excel data sheet rather than provisioning each Virtual Edge and Node Individually; additional steps are required outside of provisioning in Cloud Control Center. You can review our in-depth Virtual Edge Deployment Guides here:
Deploy Elisity Virtual Edge (Switch Hosted)
Deploy Elisity Virtual Edge VM (Hypervisor Hosted)
Onboarding Catalyst 9000/3850/3650 as a Virtual Edge Node
To begin, navigate to the Virtual Edge section in Cloud Control Center and click Add Virtual Edge. From here you will be presented with the option to add a single Virtual Edge or the option to add multiple Virtual Edges. Click "Add Multiple Virtual Edges" as seen in the screenshot below.
Next we need to download the Excel Template for bulk onboarding Virtual Edges. There is a different template for onboarding Swich-hosted and hypervisor-hosted Virtual Edges. This means it is important that you only enter information for the appropriate type of Virtual Edge on these excel sheets to ensure a successful onboarding. Note that the only difference between these templates is the inclusion of the required Uplink VLAN field for switch-hosted deployments.
Select the type of Virtual Edges you will be onboarding and then click Download Sample.
Here we have downloaded sample templates for each type of VE which each have a different name.
Open the template and fill out the required fields indicated by an asterisk, as well as any additional data you want to include.
After modifying the Excel file, save the file and upload to Cloud Control Center on the same screen where you downloaded the template. You must select the appropriate type of Virtual Edge for the template that you are uploading or you will have multiple errors which prevent you from uploading the list.
Any configuration errors will be checked and presented to the user, who will then need to correct the errors and reupload.
If there are no further errors, you will see the confirmation that there are no errors and the submit button will be highlighted, which allows you to then submit your Virtual Edge upload.
From here, you need to finish the onboarding process for each Virtual Edge by following the corresponding guides, skipping the creation of Virtual Edges in Cloud Control Center. These guides can be found here.
Deploy Elisity Virtual Edge (Switch Hosted)
Deploy Elisity Virtual Edge VM (Hypervisor Hosted)
Bulk Onboarding Virtual Edge Nodes
Requirements
Be sure that each switch you want to onboard as a Virtual Edge Node meets these requirements, and has the appropriate admin credentials setup.
NOTE:
- IOS-XE version 17.6.6a/17.9.4 is the minimum recommended code version
- All switches being onboarded must have their clocks synchronized with the Active Directory server so that attachment events are displayed accurately. You can use your own NTP server or a public one such as time.google.com.
- Catalyst series switches require a minimum of IPBase licensing to be onboarded as Virtual Edge Nodes.
CATALYST 9400 SPECIFIC NOTE:
- Catalyst 9410 series switch. If the Catalyst 9410 being onboarded is hosting a Virtual Edge using the Application Hosting functionality, it is mandatory to disable Elisity identity on GigabitEthernet4/0/48. See disabling identity on select switchports in this article for instructions.
On each switch, you should either have a user account with privilege 15 configured or TACACS login configured to provide privilege 15 level access. This is needed for the Virtual Edge to authenticate with the switch. Execute the following command under global configuration mode if a local account is being used and is not already configured:
switch(config)# username <username> privilege 15 secret 0 <password>
Add the following commands to your switch configuration if using TACACS
switch(config)# aaa authentication login HTTP_AUTH group <group name> local
switch(config)# ip http authentication aaa login-authentication HTTP_AUTH
Bulk Onboarding Process
You can start bulk onboarding Virtual Edge nodes in two ways.
Method 1: Select your Virtual Edge and Add VENs
Go to the Virtual Edge dashboard in Cloud Control Center, select the Virtual Edge you would like to use as the parent for the Virtual Edge Nodes you are about to onboard.
After clicking on the VE, you can click on Add Virtual Edge Node and select Add Multiple Virtual Edge Nodes.
Method 2: Onboard VENs Directly from the Virtual Edge Node panel.
Select the Virtual Edge Node tab in the bottom menu, and select Add Virtual Edge Node then select Add Multiple Virtual Edge Nodes. Note that adding VENs from this screen still requires you to select a Virtual Edge as a parent.
Adding Multiple Virtual Edges Nodes
Below is an overview of the options when adding multiple Virtual Edge Nodes and what each option can be used for.
Step 1 - Select Virtual Edge
This is the option for selecting the parent Virtual Edge. This field is pre-populated if you select your Virtual Edge and then click Add Virtual Edge Nodes. Clicking edit here allows you to select a different Virtual Edge as the parent to the VENs you are trying to onboard. You can search, filter by site label, and more to find a specific Virtual Edge. You can quickly see the Virtual Edge name, Online Status, and Site Label for the selected Virtual Edge. You can only select ONE Virtual Edge at a time for onboarding VENs.
Step 2 - Set Switch Credentials
This option allows you to enter individual switch credentials for each switch you will be onboarding as a VEN, or the option to use the Global Credentials that are set for all VENs. This option directly impacts which example spreadsheet you will download in step 3.
Step 3 - Download and Populate Example Spreadsheet
Downloading and populating the data fields in the example spreadsheet is very similar to the process for bulk onboarding Virtual Edges. Simply download the template, fill out the required fields and additional fields as needed, and reupload in the same window that you downloaded the template.
Here is an example spreadsheet that is NOT using global switch credentials, meaning there are additional fields for switch usernames and passwords.
The required data fields are marked with an asterisk in red. The following chart provides details about each field.
Management IP* |
This is the management IP of the switch you wish to onboard as a Virtual Edge Node for policy enforcement. This can be an IP as long as it is reachable by the previously deployed Virtual Edge container. This field is mandatory. |
Username* |
This is the admin username of the switch you wish to onboard as a Virtual Edge Node for policy enforcement. This can either be local or TACACS/RADIUS. Privilege 15 is required. This field is mandatory. |
Password* |
This is the admin password of the switch you wish to onboard as a Virtual Edge Node for policy enforcement. This can either be local or TACACS/RADIUS. |
Description |
This allows a user-defined description to be configured for the VEN. This field is optional. |
Enable Flow Telemetry |
Setting this option to TRUE enables the collection of flow data and network traffic analytics that are sent to Cloud Control Center. (Recommended) |
Enable Passive Endpoint Discovery |
Setting this option to TRUE enables the passive collection of identifying data using data plane telemetry about endpoints discovered behind a VEN. (Recommended) |
Enable Enhanced Endpoint Discovery |
Setting this option to TRUE enables the active collection of identifying data for endpoints discovered behind a VEN, gleaned from access switch telemetry. This feature actively tracks assets for updates in identifying data. (Recommended) |
Site Label |
Site labels can be applied to Virtual Edge Nodes for policy distribution and for analytics purposes. Site labels are used to assign Virtual Edges and Virtual Edge Nodes to Policy Sets. If this field is left blank, the site label from the parent Virtual Edge is inherited, if it exists. |
Step 4 - Upload Your Populated Spreadsheet of VENs
Fill out these fields in the Excel sheet as well as any additional data you want to include, save the file, and upload in the same place that you downloaded the Virtual Edge Node onboarding template. Attempting to submit your spreadsheet will reveal any issues with the configuration of your Virtual Edge Nodes.
On the left hand side of your list of Virtual Edge Nodes will be a red indicator to show that something is wrong in the row with one of the fields. You can easily find and note any issues with the configuration of your list of VENs.
Fix these issues in Excel or another editor, save and reupload until you have no errors.
After successfully uploading your file, you should begin to see Virtual Edge Nodes registered in Cloud Control Center. Some additional configuration may be required on each onboarded Node, you can find those details in our Onboarding Virtual Edge Nodes Article and our article for Onboarding Catalyst IE3400 Series Switches Article.