Device-level Actions

CloudVision Portal (CVP) enables you to provision devices as needed based on your current networking requirements. Some examples of the types of actions you can perform include:

  • Adding devices (use this action to add devices from the undefined container to defined containers)
  • Moving devices (used this action to move devices from one defined container to another defined container)
  • Removing devices (removing devices from the CVP topology)
  • Reset devices
  • Replace devices

When resetting a device:

  • The device will be removed from the parent container.
  • The running configuration of the device will be flushed.
  • Device will reboot with ZTP mode enabled.
  • Device will be identified under undefined container.

There are three options you can use to move devices. They are:

  • Option 1
  • Option 2
  • Option 3

Option 1:

  1. Locate the device.
  2. Right-click the device and choose Factory Reset.
    Figure 1: Resetting the Device (option 1)

Option 2:

  1. Locate the parent container.
  2. Right-click the container and choose Show All Devices. This will list all the devices under the container.
    Figure 2: Showing all devices during factory reset (option 2)


  3. Right-click the device and choose Factory Reset.
    Figure 3: Resetting the device (option 2)


Option 3:

  1. Locate the parent container.
  2. Right-click the container and choose Manage > Device. This will load the inventory of all the child devices under the container.
  3. Select the checkbox of the device to be reset, and click the reset icon.
    Figure 4: Selecting the device and resetting it (option 3)


    On saving the session, a task will be spawned to reset the selected device.

Adding Devices (from Undefined Container)

Adding devices from the undefined container is the most common method for adding devices to a container in the CVP topology. This method involves adding devices that are not part of the hierarchy of devices to defined containers in the CVP topology. Containers that receive the added devices are called destination containers.

Complete the following steps to add a device from the undefined container to a destination container:

  1. Locate the container to which you want to add a device.
  2. Right-click the container and choose Add > Device. The current inventory of undefined devices for the selected container appears.
    Figure 5: Adding a device


  3. Select the device and click Add.
  4. Save the session.
  5. Execute the Device Add task using the Task Management module to add the device to destination container.

Deploying vEOS Routers

CVP deploys and provisions vEOS routers from cloud and datacenter to Amazon Web Services (AWS) and Microsoft Azure. Based on the requirement in vEOS deployment, configlets are assigned for push EOS configuration along with deployment parameters such as AWS Virtual Private Cloud (VPC), subnets, and security groups.

Note: When CVP is deployed behind NAT devices, the vEOS telemetry configuration needs to be updated. You can view telemetry data coming from the deployed device when you configure the public IP address of CVP.

Prerequisites

The prerequisites to deploy vEOS routers within a cloud are:

  • vEOS version 4.21.1.1F or later
  • CVP 2018.2.0
  • vEOS license
  • Cloud (AWS/Microsoft Azure) credentials
  • vEOS deployment parameters including VPC within which the vEOS has to be deployed, subnets and security groups associated with vEOS
  • IP connectivity from deployed vEOS to CVP

Adding IPSec and vEOS Licenses

The addition of an IPSec license is optional based on the deployment.

Perform the following steps to add IPSec and vEOS licenses:

  1. Click the gear icon at the upper right corner of the CVP. The system displays the Settings screen.
  2. Click EOS Feature Licenses in the left pane. The system displays the EOS Feature Licenses screen.
    Figure 6: EOS Feature Licenses Screen


  3. Click Add License in the right pane. The system displays the Add License window.
    Figure 7: Add License Window


  4. Click Select license file. The system displays the Windows Explorer.
  5. Navigate to the required location and select the license.
  6. Click Open.
  7. Select the required option from the License type drop-down menu.
  8. Click Upload. The system lists uploaded licenses in the EOS Feature Licenses screen.
    Figure 8: Licenses Listed in EOS Feature Licenses Screen


Adding AWS to Public Cloud Accounts

AWS Security Token Service (STS) is required when adding an AWS account to public cloud accounts.

AWS STS gives CVP temporary access to your AWS environment with proper permissions. This allows CVP to deploy the vEOS router and related resources in your AWS VPC.

CVP calls certain AWS APIs to query VPC information and creates a vEOS router Virtual Machine (VM) in VPC. It needs an AWS IAM (Identity and Access Management) role with permissions as listed in the code below .

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"ec2:DescribeVpcs",
"ec2:DescribeImages",
"ec2:DescribeAddresses",
"ec2:DescribeKeyPairs",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DetachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RunInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
}
]
}
Note: You receive the STS token after the IAM role is created.

Perform the following steps to add a AWS account to public cloud accounts:

  1. Click Provisioning. The system displays the Network Provisioning screen.
  2. Click Public Cloud Accounts in the left pane. The system displays the Public Cloud Accounts screen.
    Figure 9: Public Cloud Accounts Screen


  3. Click Add Credentials in the upper right corner of the right pane. The system displays the Add Credentials window.
  4. Select Amazon Web Services from the Provider drop-down menu.
    Figure 10: Add Credentials Window for AWS


  5. On the Provider Details pane, provide the access key, secret key, and token details in the corresponding fields.
  6. Click Save. The system displays the configured AWS account in the Public Cloud Accounts screen.
    Figure 11: AWS Configured in Public Cloud Accounts


Deploying the vEOS Router to AWS

Perform the following steps to deploy the vEOS router to AWS:
  1. Click Devices. The system displays the Inventory screen.
  2. Click the Add Devices drop-down menu at the upper right corner of the right pane.
  3. Select Deploy vEOS Router. The system displays the Deploy vEOS Router window.
    Figure 12: Deploy vEOS Router Window


  4. Provide the following IPSec details in the appropriate fields:
    • Shared Secret Key (optional) - Pre-shared key for IPSec profile
    • Tunnel Interface IP (optional) - IP address under tunnel interface
    • Tunnel#1 Destination IP (optional) - Peer's (tunnel destination) IP address
  5. Click the Select Provider drop-down menu and select AWS.
    Figure 13: VM Details for AWS


  6. Provide the following VM details in the appropriate fields:
    • Name - The name of the vEOS router instance
    • Access Key - The access key used in the public cloud account
    • Region - The region that the vEOS router will be deployed in
    • Instance Type - The type of vEOS router that the instance will run on
    • Key Pair Name - The Elastic Compute Cloud (EC2) keypair used to log in to the vEOS router
    • Amazon Machine Identifier - The vEOS AMIs on the AWS marketplace
    • VPC ID - The VPC that the vEOS router will be deployed to
    • Security Group - The security group that will be associated with the vEOS interface
    • Availability Zone - The availability zone that vEOS will be deployed in
    • Subnet #1 - The first subnet that vEOS puts Ethernet1 in
    • Assign Public IP Address to Subnet #1 - Select Yes if you need a public IP address assigned to the vEOS router; otherwise, select No
    • Use Public IP Address as Local ID - The public IP address of the vEOS router
      Note: The system displays the public IP address of the vEOS router after the VM is created.
    • Subnet #2 (optional) - The second subnet that vEOS puts Ethernet2 in
    • Configlet (optional) - The configlet to configure vEOS once it is active
  7. Click Create VM with vEOS. The system displays the status of vEOS deployment under the Progress column on the Status pane.
    Figure 14: Status of vEOS Deployment to AWS


    You can also check the VM deployment process on your AWS Portal. Hover the mouse over the corresponding information icon to view detailed information about the vEOS router deployment. After the successful deployment of the vEOS router to AWS, you can use your AWS SSH Privacy Enhanced Mail (PEM) key to login to vEOS.
    Note: To make CVP manage vEOS routers, register this device using the instructions in Registering Devices. Ensure that the AWS security group associated with vEOS router VM has an ingress rule of allowing TCP port 9910 from CVP's IP address. You must configure AWS for the vEOS router to function as a VPC gateway using the instructions in Using vEOS Router on the AWS Platform.

Deploying a vEOS Router to Microsoft Azure

Perform the following steps to deploy a vEOS router to the Azure VNET:
  1. Click Devices. The system displays the Inventory screen.
  2. Click the Add Devices drop-down menu at the upper right corner of the right pane.
  3. Select Deploy vEOS Router. The system displays the Deploy vEOS Router window.
  4. Provide the following IPSec details in the appropriate fields:
    • Shared Secret Key (optional) - Pre-shared key for IPSec profile
    • Tunnel Interface IP (optional) - IP address under tunnel interface
    • Tunnel#1 Destination IP (optional) - Peer's (tunnel destination) IP address
  5. Select Azure from the Select Provider drop-down menu.
    Figure 15: VM Details for Microsoft Azure
  6. Provide the following VM details in the appropriate fields:
    • Name - The name of the vEOS router instance.
    • Subscription ID - The subscription that the vEOS router will be deployed to.
    • Instance Size - The size of vEOS router that the instance will run on.
    • Resource Group - The resource group that the vEOS router will be deployed to.
    • Location - The Azure region that contains the VNET.
    • Security Group - The network security group that will be associated with the vEOS interface.
    • Virtual Network - The VNET that vEOS will be deployed in.
    • Subnet #1 - The first subnet that vEOS puts Ethernet1 in.
    • Assign Public IP Address to Subnet #1 - Select Yes if you need a public IP address assigned to vEOS router, else select No.
    • Use Public IP Address as Local ID - The public IP address of vEOS Router.
      Note: The system displays the public IP address of vEOS router after the VM is created.
    • Subnet #2 - The second subnet that vEOS puts Ethernet2 in.
    • Configlet - The configlet to configure vEOS once it is up.
    • EOS Image - The vEOS images on Azure marketplace.
  7. Click Create VM with vEOS. The system displays the status of vEOS deployment under the Progress column in the Status pane.
    Figure 16: Status of vEOS Deployment to Microsoft Azure
    You can also check the VM deployment process on your Microsoft Azure Portal. Hover the mouse over the corresponding information icon to view detailed information about the vEOS router's deployment. It contains the initial login credentials you can use to login to vEOS router, you can change the credentials after logging into the device.
    Note: To make CVP manage vEOS routers, register this device using the instructions in Registering Devices. Ensure that the Azure network security group associated with vEOS router VM has an ingress rule of allowing TCP port 9910 from CVP's IP address. You must configure Microsoft Azure for the vEOS router to function as VNET gateway using the instructions in Using the vEOS Router on Microsoft Azure.

Adding Microsoft Azure to Public Cloud Accounts

You need a subscription ID, a tenant ID, a client ID, and client server details in order to an azure account to public cloud accounts.

To get these details, you must create an application in the Azure active directory and assign proper permissions to CVP for authentication with Microsoft Azure environment to make API calls. CVP uses a few APIs to create a vEOS router. Therefore, you must add a contributor role to the resource group that has either Virtual Network Protocol (VNET) or the whole subscription.

Perform the following steps for adding the Microsoft Azure account to public cloud accounts:

  1. Click Provisioning. The system displays the Network Provisioning screen.
  2. Click Public Cloud Accounts in the left pane. The system displays the Public Cloud Accounts screen.
  3. Click Add Credentials in the upper right corner of the right pane. The system displays the Add Credentials window.
    Figure 17: Add Credentials Window for Microsoft Azure


  4. Select Azure from the Provider drop-down menu.
  5. Under the Provider Details pane, provide the subscription ID, tenant ID, client ID, and client server details in the appropriate fields.
  6. Click Save. The system displays the configured Microsoft Azure account in the Public Cloud Accounts screen.
    Figure 18: Microsoft Azure Configured in Public Cloud Accounts


Registering Devices

Registering is the method used for adding devices to CVP. As a part of registering devices, CloudVision automatically enables streaming of the registered devices' state to the cluster by installing and configuring the TerminAttr agent. Newly registered devices are always placed under an undefined container.

Note: Manual installation or configuration of streaming telemetry is not required prior to registration.

Complete the following steps to register devices with CVP:

  1. Navigate to the Inventory screen.
  2. Click the Add Device drop-down menu and select Register Existing Device. The Device Registration pop-up window appears.
    Figure 19: Add Device for Registration


  3. Enter the host name or IPv4 addresses of the device(s) to be registered; and click Register.
    Figure 20: Selecting Device for Registering


    The following figures show the device registration status through the registration process.

    Figure 21: Registration Status


    Figure 22: Registration Successful


    The newly registered devices are now shown in the inventory.
    Figure 23: List of Registered Devices


    The newly registered devices are shown in the undefined container in the Network Provisioning view.

    Figure 24: Registered Devices in the Network Provisioning View


Moving Devices from one Container to Another Container

Moving devices from one defined container to another is a method you can use to add devices to a container in the CVP topology. You use this method when you want to add devices to a container, and the device you want to add is currently under another container in the CVP topology. This method involves locating the device to be moved, and then moving it to the destination container. Containers that receive the imported devices are called destination containers.

There are three options you can use to move devices. They are:

Option 1

  1. Locate the device.
  2. Right-click the device and choose Move.
    Figure 25: Selecting the device to be moved (option 1)


  3. Select the destination container from the drop-down menu.
  4. Save the session to move the device to the destination container.

Option 2

  1. Locate the container that has the device you want to move.
  2. Right-click the container and choose Show All Devices. This will load the inventory of all the devices under the container.
  3. Locate the device to be moved.
  4. Right-click the device and choose Move. After moving there will be a "T" icon to indicate the move has been tasked. (The task won't automatically be executed.)
    Figure 26: Device with pending move task (option 2)


  5. Go to Tasks and explicitly execute the move task. After the task has been executed, the "T" icon is removed.

Option 3

  1. Locate the container that has the device you want to move.
  2. Right-click the container and choose Manage > Device. This will load the inventory of all the devices under the container.
  3. Select the device to be moved and click <–> to choose the destination container.
  4. From the popup menu, select the destination container and click OK. This will provision a move for the device

Removing a Device from a Container

A device can be removed from a container. Removing a device from the container will:

  • Remove the device from parent container.
  • Clear all information about the device in the CloudVision Portal.
  • Stop any monitoring of the device.

There are three options you can use to remove devices. They are:

Option 1

  1. Locate the device.
  2. Right-click the device and choose Remove.
    Figure 27: Removing a device (option 1)


Option 2

This option is available only for topology views.

  1. Locate the parent container.
  2. Right-click the container and choose Show All Devices. All the devices under the container are listed.
    Figure 28: Selecting the device to be removed (option 2)


  3. Select the device you want to remove.
  4. Right-click the device and choose Remove. The device is removed from the Network Provisioning view.
    Figure 29: Removing the device (option 2)


Option 3

This option is available only for the list view of the Network Provisioning screen.

  1. Locate the parent container.
  2. Right-click the container and choose Manage > Device. This will load the inventory of all the child devices under the container.
    Figure 30: Remove device from the container (option 3)


  3. Select the device you want to remove and then click Remove. On saving the session, a task will be spawned to reset the selected device.

Device Factory Reset

When resetting a device:

  • The device will be removed from the parent container.
  • The running configuration of the device will be flushed.
  • Device will reboot with ZTP mode enabled.
  • Device will be identified under undefined container.

There are three options you can use to move devices. They are:

Option 1

  1. Locate the device.
  2. Right-click the device and choose Factory Reset.
    Figure 31: Resetting the device (option 1)

Option 2

  1. Locate the parent container.
  2. Right-click the container and choose Show All Devices. This will list all the devices under the container.
    Figure 32: Showing all devices during factory reset (option 2)


  3. Right-click the device and choose Factory Reset.
    Figure 33: Resetting the device (option 2)


Option 3

  1. Locate the parent container.
  2. Right-click the container and choose Manage > Device. This will load the inventory of all the child devices under the container.
  3. Select the checkbox of the device to be reset, and click the reset icon. On saving the session, a task will be spawned to reset the selected device.
    Figure 34: Selecting the device and resetting it (option 3)