0% found this document useful (0 votes)

285 views212 pages

NSX-T 2.4-Lab-Ie

Uploaded by

knl.sundeep

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

285 views212 pages

NSX-T 2.4-Lab-Ie

Uploaded by

knl.sundeep

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 212

VMware NSX-T Data Center:

Install, Configure, Manage

Lab Manual
VMware NSX-T™ Data Center

VMware® Education Services

VMware, Inc.
www.vmware.com/education
VMware NSX-T Data Center: Install, Configure, Manage
Lab Manual
VMware NSX-T™ Data Center
Part Number EDU-EN-NSXTICM24-LAB (9/2019)
Copyright © 2019 VMware, Inc. All rights reserved. This manual and its accompanying materials
are protected by U.S. and international copyright and intellectual property laws. VMware
products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or
other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies. VMware ESXi™, VMware Go™, VMware Horizon® View™, VMware
NSX®, VMware NSX® Data Center, VMware NSX® Edge™, VMware NSX® Manager™,
VMware NSX-T™ Data Center, VMware Service Manager™, VMware vCenter Server®,
VMware Verify™, VMware View®, VMware vSphere®, VMware vSphere® Distributed Switch™,
VMware vSphere® vMotion®, VMware vSphere® Web Client, VMware Workspace ONE®,
VMware Workspace™, VMware Workspace™ for Android, VMware Workspace™ for iOS,
VMware Workspace™ for Mac, and VMware Workspace™ for Windows are registered
trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
The training material is provided “as is,” and all express or implied conditions, representations,
and warranties, including any implied warranty of merchantability, fitness for a particular purpose
or noninfringement, are disclaimed, even if VMware, Inc., has been advised of the possibility of
such claims. This training material is designed to support an instructor-led training course and is
intended to be used for reference purposes in conjunction with the instructor-led training course.
The training material is not a standalone training tool. Use of the training material for self-study
without class attendance is not recommended. These materials and the computer programs to
which it relates are the property of, and embody trade secrets and confidential information
proprietary to, VMware, Inc., and may not be reproduced, copied, disclosed, transferred,
adapted or modified without the express written approval of VMware, Inc.

www.vmware.com/education
CONTENTS

Lab 1 Labs Introduction ..................................................................... 1

Lab 2 Reviewing the Configuration of the Predeployed NSX
Manager Instance ............................................................................... 3
Task 1: Access Your Lab Environment ........................................................................ 4
Task 2: Prepare for the Lab .......................................................................................... 4
Task 3: Verify the vCenter Server System and the ESXi Hosts Licensing................... 7
Task 4: Verify the NSX Manager Configuration and Licensing .................................... 9
Task 5: Review the NSX Management Cluster Information from the NSX CLI.......... 10
Task 6: Set the Management Cluster Virtual IP Address and Verify Its Operation .... 12
Task 7: Register the vCenter Server System to NSX Manager ................................. 13
Lab 3 Deploying a 3-Node NSX Management Cluster ................... 17
Lab 4 Preparing the NSX Infrastructure.......................................... 19
Task 1: Prepare for the Lab ........................................................................................ 20
Task 2: Create Transport Zones................................................................................. 21
Task 3: Create IP Pools .............................................................................................. 23
Task 4: Prepare the ESXi Hosts ................................................................................. 25
Task 5: Prepare the KVM Hosts ................................................................................. 30
Lab 5 Configuring Segments ........................................................... 33
Task 1: Prepare for the Lab ........................................................................................ 34
Task 2: Create Segments ........................................................................................... 35
Task 3: Attach VMs to Segments ............................................................................... 38
Task 4: Test Layer 2 Connectivity and Verify the Segments Configuration ............... 42
Lab 6 Deploying and Configuring NSX Edge Nodes ..................... 47
Task 1: Prepare for the Lab ........................................................................................ 48
Task 2: Deploy Two Edge Nodes from the NSX Manager Simplified UI.................... 49
Task 3: Enable SSH on the Edge Nodes ................................................................... 56
Task 4: Configure an Edge Cluster ............................................................................ 57
Lab 7 Configuring the Tier-1 Gateway ............................................ 59
Task 1: Prepare for the Lab ........................................................................................ 60
Task 2: Create a Tier-1 Gateway ............................................................................... 61
Task 3: Create Gateway Ports on Segments ............................................................. 62
Task 4: Test East-West L3 Connectivity..................................................................... 64

i
Lab 8 Configuring the Tier-0 Gateway ............................................ 65
Task 1: Prepare for the Lab ........................................................................................ 66
Task 2: Create Uplink Segments ................................................................................ 67
Task 3: Create a Tier-0 Gateway ............................................................................... 68
Task 4: Connect the Tier-0 and Tier-1 Gateways ...................................................... 72
Task 5: Test the End-to-End Connectivity .................................................................. 74
Lab 9 Verifying Equal-Cost Multipathing Configurations ............. 75
Task 1: Prepare for the Lab ........................................................................................ 75
Task 2: Verify the BGP Configuration......................................................................... 76
Task 3: Verify That Equal-Cost Multipathing Is Enabled ............................................ 78
Task 4: Verify the Result of the ECMP Configuration ................................................ 78
Lab 10 Configuring Network Address Translation ........................ 83
Task 1: Prepare for the Lab ........................................................................................ 84
Task 2: Create a Tier-1 Gateway for Network Address Translation........................... 85
Task 3: Create a Segment .......................................................................................... 86
Task 4: Attach a VM to the NAT-LS Segment ............................................................ 87
Task 5: Configure NAT ............................................................................................... 88
Task 6: Configure Route Advertisement and Route Redistribution ............................ 90
Task 7: Verify the IP Connectivity............................................................................... 93
Lab 11 Configuring the DHCP Server on the NSX Edge Node ...... 95
Task 1: Prepare for the Lab ........................................................................................ 96
Task 2: Configure a DHCP Server ............................................................................. 97
Task 3: Verify the DHCP Server Operation .............................................................. 100
Task 4: Prepare for the Next Lab ............................................................................. 105
Lab 12 Configuring Load Balancing ............................................. 107
Task 1: Prepare for the Lab ...................................................................................... 108
Task 2: Test the Connectivity to Web Servers ......................................................... 109
Task 3: Create a Tier-1 Gateway Named T1-LR-LB and Connect it to T0-LR-01 ... 110
Task 4: Create a Load Balancer ............................................................................... 111
Task 5: Configure Route Advertisement and Route Redistribution for the Virtual IP115
Task 6: Use the CLI to Verify the Load Balancer Configuration ............................... 120
Task 7: Verify the Operation of the Backup Server .................................................. 122
Task 8: Prepare for the Next Lab ............................................................................. 123
Lab 13 Deploying Virtual Private Networks .................................. 125
Task 1: Prepare for the Lab ...................................................................................... 126
Task 2: Deploy Two New NSX Edge Nodes to Support the VPN Deployment ........ 127
Task 3: Enable SSH on the Edge Nodes ................................................................. 131
Task 4: Configure a New Edge Cluster .................................................................... 132

ii Contents
Task 5: Deploy and Configure a New Tier-0 Gateway and Segments for
VPN Support ................................................................................................ 133
Task 6: Create an IPSec VPN Service ..................................................................... 136
Task 7: Create an L2 VPN Server and Session ....................................................... 137
Task 8: Deploy the L2 VPN Client ............................................................................ 139
Task 9: Verify the Operation of the VPN Setup ........................................................ 142
Lab 14 Configuring the NSX Distributed Firewall ........................ 147
Task 1: Prepare for the Lab ...................................................................................... 148
Task 2: Test the IP Connectivity ............................................................................... 149
Task 3: Create IP Set Objects .................................................................................. 151
Task 4: Create Firewall Rules .................................................................................. 154
Task 5: Create an Intratier Firewall Rule to Allow SSH Traffic ................................. 157
Task 6: Create an Intratier Firewall Rule to Allow MySQL Traffic ............................ 158
Task 7: Prepare for the Next Lab ............................................................................. 160
Lab 15 Configuring the NSX Gateway Firewall ............................ 163
Task 1: Prepare for the Lab ...................................................................................... 164
Task 2: Test SSH Connectivity ................................................................................. 165
Task 3: Configure a Gateway Firewall Rule to Block External SSH Requests ........ 166
Task 4: Test the Effect of the Configured Gateway Firewall Rule ............................ 169
Task 5: Prepare for the Next Lab ............................................................................. 170
Lab 16 Managing Users and Roles with
VMware Identity Manager............................................................... 171
Task 1: Prepare for the Lab ...................................................................................... 172
Task 2: Add an Active Directory Domain to VMware Identity Manager ................... 173
Task 3: Create the OAuth Client for NSX Manager in VMware Identity Manager ... 180
Task 4: Gather the VMware Identity Manager Appliance Fingerprint ...................... 182
Task 5: Enable VMware Identity Manager Integration with NSX Manager .............. 184
Task 6: Assign NSX Roles to Domain Users and Test Permissions ........................ 185
Task 7: Prepare for the Next Lab ............................................................................. 187
Lab 17 Configuring Syslog ............................................................ 191
Task 1: Prepare for the Lab ...................................................................................... 192
Task 2: Configure Syslog on NSX Manager and Review the Collected Logs .......... 193
Task 3: Configure Syslog on an NSX Edge Node and Review the Collected Logs . 194
Lab 18 Generating Technical Support Bundles ........................... 195
Task 1: Prepare for the Lab ...................................................................................... 196
Task 2: Generate a Technical Support Bundle for NSX Manager ........................... 197
Task 3: Download the Technical Support Bundle .................................................... 199

Contents iii
Lab 19 Using Traceflow to Inspect the Path of a Packet ............. 201
Task 1: Prepare for the Lab ...................................................................................... 202
Task 2: Configure a Traceflow Session .................................................................... 203
Task 3: Examine the Traceflow Output .................................................................... 204

iv Contents
Lab 1 Labs Introduction

Lab Environment Key Knowledge Points

The lab environment in which you work is highlighted by the Lab Environment Topology Map.
You need to know and use these important items when you work with the NSX-T 2.4 ICM labs
that impacts the lab performance:
• In these labs, you enter the environment by using MSTSC (Remote Desktop Protocol -
RDP) initially to the student desktop. The student desktop resides on the Management
Network (SA-Management) and you can start deploying the various NSX-T fabric items
from here.
• You find a vCenter Server and NSX Manager predeployed with two clusters populated
with various virtual machines.
• At various points within the labs you are directed to copy and paste information for later
use.

When you initially access the student desktop, right-click the Start button > Run> notepad
and note the following useful items:

• Password used on many occasions: VMware1!VMware1!

• User for the vSphere Web Client: [email protected]
• Save it to your desktop and name it Lab-notes.

1
Lab Environment Topology Map

You can refer to this topology map periodically, which you would find useful.

2 Lab 1 Labs Introduction

Lab 2 Reviewing the Configuration
of the Predeployed NSX Manager
Instance

Objective: Verify the NSX Manager appliance settings

In this lab, you perform the following tasks:

1. Access Your Lab Environment
2. Prepare for the Lab
3. Verify the vCenter Server System and the ESXi Hosts Licensing
4. Verify the NSX Manager Configuration and Licensing
5. Review the NSX Manager Cluster Information from the NSX CLI
6. Set the Management Cluster Virtual IP Address and Verify Its Operation
7. Register the vCenter Server System to NSX Manager

For this lab environment, you use a single-node NSX cluster. In a production environment, a
three-node cluster must be deployed to provide redundancy and high availability.

3
Task 1: Access Your Lab Environment
You use Remote Desktop Connection to connect to your lab environment.
1. Use the information provided by your instructor to log in to your lab environment.
2. If the message Kiwi Syslog free version supports up to 5 message
sources. Please define them under Inputs in Setup. appears, click OK to
close the Kiwi Syslog Service Manager window.
The Kiwi Syslog application is a free Syslog collector preinstalled as a service on your
student desktop to be used in a future lab.

Task 2: Prepare for the Lab

You log in to the vSphere Web Client UI and the NSX Manager Simplified UI.
1. From your student desktop, log in to the vSphere Web Client UI.
a. Open the Chrome web browser.
Use Chrome as your primary browser, unless you are instructed to use a different
browser.

NOTE
On first opening Chrome, you might see a message indicating that VMware
Enhanced Authetication Plugin has updated its SSL certification. Click OK to
close.

b. Click the vSphere Site-A > vSphere Web Client (SA-VCSA-01) bookmark.
c. On the login page, enter [email protected] as the user name and
VMware1! as the password.

4 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

2. Log in to the NSX Simplified UI.
a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. If you see the Your connection is not private message, click ADVANCED
and click the Proceed to sa-nsxmgr-01.vclass.local (unsafe) link.
d. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.
3. On login, you are prompted with the acceptance of the End User License Agreement.
a. Scroll to the bottom of the window and select the I understand and accept the terms of
the license agreement check box and click CONTINUE.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 5

4. After accepting the EULA, you are prompted to Join the VMware Customer Experience
Improvement Program.
a. For the purposes of the labs you must deselect the Join the VMware Customer
Experience Improvement Program check box.

A login prompt appears as Welcome to NSX-T and Get Started for a guided workflow
experience.

6 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

5. Click FABRIC NODES to bypass the guided tour and proceed.

Task 3: Verify the vCenter Server System and the ESXi

Hosts Licensing
You verify the licenses of the vCenter Server system and ESXi hosts. Your instructor provides
the necessary licenses.
1. From the vSphere Web Client UI, point to the Home icon at the top and select
Administration.
2. In the Navigator pane, click Licenses.
3. Verify that the vCenter Server license is valid.
a. In the middle pane, click the Assets tab.
b. Click the vCenter Server Systems tab and verify the license expiration date.
4. If the license is not valid, assign a vCenter Server license key to the vCenter Server
instance by following the substeps below. Otherwise, proceed with the next step.
a. With your vCenter Server instance selected, click All Actions and select Assign
License.
b. In the Assign License Key panel, click the plus sign.
c. In the License key text box, enter or paste the vCenter Server license key provided by
the instructor and click Next.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 7

d. Review the expiration date and license capacity.
e. Click Next.
f. Click Finish.
g. In the Assign License panel, select the license key that you added and click OK.
5. Verify that the ESXi hosts licenses are valid.
a. In the center pane, click the Assets then Hosts tab and verify the license expiration
dates.
6. If the licenses are not valid, assign a license key to each ESXi host by following the
substeps below.
a. Select the first ESXi host in the list.
b. Right-click the ESXi hosts.
c. Select the Assign License Key link.
d. In the Assign License Key panel, click the plus sign.
e. In the License key text box, enter or paste the license key provided by the instructor
and click Next.
f. Review the expiration date and license capacity.
g. Click Next.
h. Click Finish.
i. In the Assign License panel, select the license key that you added and click OK.

8 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

Task 4: Verify the NSX Manager Configuration and
Licensing
You examine the configuration and licensing information of the predeployed NSX Manager
appliance.
1. On the NSX Simplified UI Home page, click System.
2. Under Overview, view the information of the predeployed NSX Manager (172.20.10.41),
including the IP address, NSX Version, Cluster Connectivity, System Load, Repository
Status, and Disk Utilization.

Information for only one NSX Manager node appears because in this lab you are using a
single-node cluster.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 9

3. Verify the License of NSX Manager by clicking System > Licenses.
The license should show Valid.

Task 5: Review the NSX Management Cluster Information

from the NSX CLI
You review the configuration and status information of the NSX Cluster from the NSX CLI.
1. On your student desktop, open the MTPuTTY application from the system tray.

2. Double-click sa-nsxmgr-01 to open a console connection.

3. If a PuTTY Security Alert appears, click Yes to proceed.
4. Disable the command-line timeout.

set cli-timeout 0

10 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

5. View the status of the NSX cluster.
get cluster status

This command returns the status for each of the roles in the NSX Cluster including Policy,
Manager, and Controller. You can see that the cluster for each of these components is
STABLE. Note that in the lab you use a single-node NSX cluster.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 11

Task 6: Set the Management Cluster Virtual IP Address
and Verify Its Operation
1. If not already opened, open Chrome and click the NSX-T Data Center > NSX Manager
bookmark.
2. On the NSX Manager > System > Overview page next to Virtual IP: Not Set, click Edit.

3. On the Change Virtual IP page, enter 172.20.10.48 and click SAVE.

4. You see the message indicating that New Virtual IP for Management Cluster has been
assigned.
a. Click REFRESH.

12 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

5. Test the new VIP by opening a new browser tab and enter https://172.20.10.48.

If you see the Your connection is not private message, click ADVANCED and click the
Proceed to 172.20.10.48 (unsafe) link.

A new Management Cluster login page opens.

Task 7: Register the vCenter Server System to NSX

Manager
You register the vCenter Server system to NSX Manager to establish communication between
them.
1. Open a new tab on your browser and click the NSX-T Data Center > NSX Manager
bookmark.
2. From the NSX Simplified UI Home page, click System > Fabric > Compute Managers >
+ADD.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 13

3. On the New Compute Manager page, provide the configuration details.
• Name: Enter sa-vcsa-01.vclass.local.
• Domain Name/IP Address: Enter 172.20.10.94.
• Type: vCenter (default).
• Username: Enter [email protected].
• Password: Enter VMware1!.
• SHA-256 Thumbprint: Leave empty.

4. Click ADD.

14 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance

5. When the Thumbprint is Missing message appears, click ADD to use the server's default
thumbprint.

6. Wait until the Registration Status shows Registered and the Connection Status shows Up.
Click Refresh at the bottom of the display to update the contents.

7. Verify that the of version of vCenter Server is 6.7.0.

Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance 15

16 Lab 2 Reviewing the Configuration of the Predeployed NSX Manager Instance
Lab 3 Deploying a 3-Node NSX
Management Cluster

Objective: Deploy a 3-Node NSX Management Cluster

from the NSX Manager Simplified UI

In this lab simulation, you perform the following tasks:

1. Prepare for the Lab
2. Deploy the Second NSX Manager
3. Deploy the Third NSX Manager
4. Review the NSX Management Cluster Information from the NSX Manager Simplified UI
5. Review the NSX Management Cluster Information from the NSX CLI

Go to https://vmware.bravais.com/s/kLHVhYZCzUZPeBYx2N4G to open the simulation.

17
IMPORTANT
Do not refresh, navigate away from, or minimize the browser tab hosting the
simulation. These actions might pause the simulation and the simulation might not
progress.

18 Lab 3 Deploying a 3-Node NSX Management Cluster

Lab 4 Preparing the NSX
Infrastructure

Objective: Deploy transport zones, create IP pools, and

prepare hosts for NSX usage

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Create Transport Zones
3. Create IP Pools
4. Prepare the ESXi Hosts
5. Prepare the KVM Hosts

19
Task 1: Prepare for the Lab

You log in to the NSX Simplified UI.

1. From your student desktop, open the Chrome web browser.
2. Click the NSX-T Data Center > NSX Manager bookmark.
3. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

20 Lab 4 Preparing the NSX Infrastructure

Task 2: Create Transport Zones
You create an overlay transport zone and a VLAN transport zone.
1. Create a global overlay transport zone.
a. On the NSX Simplified UI System page, click Fabric > Transport Zones > +ADD.
b. Provide the configuration details in the New Transport Zone window.
• Name: Enter Global-Overlay-TZ.
• N-VDS Name: Enter PROD-Overlay-NVDS.
• N-VDS Mode: Standard (default).
• Traffic Type: Overlay (default)
• Uplink Teaming Policy Name: Leave empty (default).

c. Click ADD.

Lab 4 Preparing the NSX Infrastructure 21

A new transport zone appears.

2. Create a Global VLAN-based transport zone to communicate with the nonoverlay

networks which are external to the NSX-T Data Center.
a. On the NSX Simplified UI System page, select Fabric > Transport Zones page, click
+ADD.
b. Provide the configuration details in the New Transport Zone window.
• Name: Enter Global-VLAN-TZ.
• N-VDS Name: Enter PROD-VLAN-NVDS.
• N-VDS Mode: Standard (default).
• Traffic Type: Select VLAN.
• Uplink Teaming Simplified Names: Leave empty (default).
c. Click ADD.
A new transport zone appears.

22 Lab 4 Preparing the NSX Infrastructure

Task 3: Create IP Pools
You create an IP pool for assigning IP addresses to the NSX transport nodes.
1. On the NSX Simplified UI Home page, click Networking > IP Address Management >
IP Address Pools > ADD IP ADDRESS POOL.
2. Provide the configuration details in the ADD IP ADDRESS POOL window.
• Name: VTEP-IP-Pool.
• Description: IP Pool for ESXi, KVM, and Edge.
• Click Set under Subnets, Select ADD SUBNET > IP Ranges, and provide the
configuration details.
• IP Ranges: Enter 172.20.11.151-172.20.11.170 click Add item(s).
• CIDR: Enter 172.20.11.0/24.
• Gateway IP: Enter 172.20.11.10.

Lab 4 Preparing the NSX Infrastructure 23

a. Click ADD on the ADD SUBNETS page.
3. Click on the Set Subnets page, and click APPLY.
4. Click SAVE.

24 Lab 4 Preparing the NSX Infrastructure

Task 4: Prepare the ESXi Hosts
You prepare the ESXi hosts to participate in the virtual networking and security functions
offered by NSX-T Data Center.
1. On the NSX Simplified UI Home page, click System >Fabric > Nodes > Host
Transport Nodes.
2. From the Managed by drop-down menu, select sa-vcsa-01.
Two clusters appear: SA-Management-Edge and SA-Compute-01.
3. Expand the SA-Compute-01 cluster view.
The NSX Configuration status of the hosts appears as Not Configured and Node Status
is Not Available.

4. Select the SA-Compute-01 check box and click CONFIGURE NSX.

Lab 4 Preparing the NSX Infrastructure 25

5. In the Configure NSX dialog box, click Create New Transport Node Profile.
a. Provide the required details in the Add Transport Node Profile - General window.
• Select Deployment Profile: Click Create New Transport Node Profile.
• Name: Enter ESXi_TN_Profile.
• Transport Zones Available (2) : Select Global-Overlay-TZ and Global-VLAN-
TZ, and click the right arrow to move to Selected.

26 Lab 4 Preparing the NSX Infrastructure

b. Provide the required details in the Add Transport Node Profile - N-VDS window.
• N-VDS Name: Select PROD-Overlay-NVDS.
• NIOC Profile: Select nsx-default-nioc-hostswitch-profile.
• Uplink Profile: Select nsx-default-uplink-hostswitch-profile.
• LLDP Profile: Select LLDP [Send packets disabled].
• IP Assignment: Select Use IP Pool.
• IP Pool: Select VTEP-IP-Pool.
• Physical NICs: Enter vmnic4 and select uplink-1 from the drop-down menu.

Lab 4 Preparing the NSX Infrastructure 27

6. Scroll back up to the top of the page and click on +ADD-N-VDS.
Add Transport Node Profile - N-VDS
• N-VDS Name: Select PROD-VLAN-NVDS.
• NIOC Profile: Select nsx-default-nioc-hostswitch-profile.
• Uplink Profile: Select nsx-default-uplink-hostswitch-profile.
• LLDP Profile: Select LLDP (Send Packets Disabled).
• IP Assignment: [Disabled].
• Physical NICs: Enter vmnic5, and select uplink-2 from the drop-down menu.

28 Lab 4 Preparing the NSX Infrastructure

7. Click ADD
a. In the Configure NSX window, Click SAVE.
The autoinstall process starts.
The process might take approximately 5 minutes to complete.
b. Click REFRESH at the bottom of the page.
8. When the installation completes, verify that NSX is installed on the hosts, and sa-Compute
Cluster Nodes Status shows Up.

You might need to click REFRESH at the bottom of the screen to refresh the page.

NOTE
When you next look at the vCenter Inventory, ESXi hosts sa-esxi-04.vclass.local
and sa-esxi-05.vclass.local show a red alarm for their loss of network redundancy.
Click Reset to Green to resolve the host alarm.

Lab 4 Preparing the NSX Infrastructure 29

Task 5: Prepare the KVM Hosts
You prepare the kernel-based virtual machine (KVM) hosts to participate in the NSX virtual
networking and security functions.
1. Add the sa-kvm-01 KVM host to NSX.
a. From the Managed by drop-down menu, select None: Standalone Hosts.
b. Click +ADD.
c. Provide the configuration details in the Add Transport Node window.
• Name: Enter sa-kvm-01.vclass.local.
• IP Addresses: Enter 172.20.10.151.
• Operating System: Select Ubuntu KVM.
• Username: Enter vmware.
• Password: Enter VMware1!.
• SHA-256 Thumbprint: Leave empty (default)

d. Click Next.
e. When the Thumbprint is missing message appears, click ADD. When the Add
Transport Node returns, click Next.

30 Lab 4 Preparing the NSX Infrastructure

On the Configure NSX window, provide the configuration details:
• Transport Zone: Select Global-Overlay-TZ.
• N-VDS Name: Select PROD-Overlay-NVDS.
• Uplink-Profile: Select nsx-default-uplink-hostswitch-profile.
• LLDP Profile: Select LLDP (Send Packets Disabled).
• IP Assignment: Select Use IP Pool.
• IP Pool: Select VTEP-IP-Pool.
• Physical NICs: Enter eth1 amd select uplink-1.

Click SAVE and the NSX Install process starts.

Lab 4 Preparing the NSX Infrastructure 31

2. Repeat step 1 to add the sa-kvm-02 KVM host to NSX.
On the Add Transport Node window provide the configuration details:
• Name: Enter sa-kvm-02.vclass.local.
• IP Addresses: Enter 172.20.10.152.
• Operating System: Select Ubuntu KVM.
• Username: Enter vmware.
• Password: Enter VMware1!.
• SHA-256 Thumbprint: Leave empty (default).
On the Configure NSX window, provide the configuration details:
• Transport Zone: Select Global-Overlay-TN.
• N-VDS Name: Select PROD-Overlay-NVDS.
• Uplink-Profile: Select nsx-default-uplink-hostswitch-profile.
• LLDP Profile: Select LLDP (Send Packets disabled).
• IP Assignment: Select Use IP Pool.
• IP Pool: Select VTEP-IP-Pool.
• Physical NICs: Enter eth1 and select uplink-1.
This process might take approximately 5 minutes to complete.
3. Verify that Deployment Status shows Configuration State as Success and Status shows
Up for the two KVM hosts.
You might need to refresh the page to update the status of the installation.

32 Lab 4 Preparing the NSX Infrastructure

Lab 5 Configuring Segments

Objective: Create segments for VMs residing on the ESXi

and KVM hosts

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Create Segments
3. Attach VMs to Segments
4. Test Layer 2 Connectivity and Verify the Segmenting Configuration

33
Task 1: Prepare for the Lab

You log in to the vSphere Web Client UI and the NSX Manager Simplified UI.
1. From your student desktop, log in to the vSphere Web Client UI.
a. Open the Chrome web browser.
b. Click the vSphere Site-A > vSphere Web Client (SA-VCSA-01) bookmark.
c. On the login page, enter [email protected] as the user name and
VMware1! as the password.

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

34 Lab 5 Configuring Segments

Task 2: Create Segments
You create three segments namely Web-LS, App-LS, and DB-LS.
1. Create a segment named Web-LS.
a. On the NSX Simplified UI Home page, click Networking > Segments.
b. Click ADD SEGMENT and provide the configuration details.
• Segment Name: Enter Web-LS.
• Uplink & Type: Leave blank.
• Transport Zone: Select Global-Overlay-TZ.
• Leave all the other options as default.
• Click SAVE.

2. Click SAVE
a. When the message to continue segment configuration appears, click NO.

Lab 5 Configuring Segments 35

3. Add a Segment named App-LS.
a. On the NSX Simplified UI Home page, click Networking > Segments.
b. Click ADD SEGMENT and provide the configuration details.
• Segment Name: Enter App-LS.
• Transport Zone: Select Global-Overlay-TZ (default).
• Uplink & Type: Leave blank.
• Leave all the other options as default.
c. Click SAVE.
d. When the message to continue segment configuration appears, click NO.
4. Add a Segment named DB-LS.
a. On the NSX Simplified UI Home page, click Networking > Segments.
b. Click ADD SEGMENT and provide the configuration details.
• Segment Name: Enter DB-LS.
• Transport Zone: Select Global-Overlay-TZ (default).
• Uplink & Type: None.
• Leave all the other options as default.
c. Click SAVE.
d. When the message to continue segment configuration appears, click NO.
5. Verify that the three segments are created successfully, and the Status is Up.

6. On the vSphere Web Client home page, click Networking.

36 Lab 5 Configuring Segments

7. Expand the Navigator view and verify that the three newly created segments are listed
under SA-Datacenter.

Lab 5 Configuring Segments 37

Task 3: Attach VMs to Segments
You attach VMs running on the ESXi hosts and KVM hosts to their corresponding segments.
1. In the navigator pane of vSphere Web Client, click the Hosts and Clusters tab and expand
the view of SA-Datacenter > SA-Compute-01.
2. Add T1-Web-01 to the Web-LS segment.
a. Right-click T1-Web-01 and select Edit Settings.
b. From the Network adapter 1 drop-down menu, select Web-LS (nsx.LogicalSwitch).
c. Verify that the Connected check box is selected.
d. Click OK.

3. Add T1-Web-02 to the Web-LS segment.

a. Right-click T1-Web-02 and select Edit Settings.
b. From the Network adapter 1 drop-down menu, select Web-LS (nsx.LogicalSwitch).
c. Verify that the Connected check box is selected.
d. Click OK.

38 Lab 5 Configuring Segments

4. Add T1-App-01 to the App-LS. segment.
a. Right-click T1-App-01 and select Edit Settings.
b. From the Network adapter 1 drop-down menu, select App-LS (nsx.LogicalSwitch).
c. Verify that the Connected check box is selected.
d. Click OK.
5. Verify the status of the logical ports.
a. On the NSX Simplified UI Home page, click Advanced Networking & Security >
Switching > Ports.
b. Verify that the two logical ports for the Web-LS and one logical port for the App-LS
VMs are listed with Admin Status as Up and Operational Status as Up.

6. Power on T1-DB-01 on host sa-kvm-01.

a. Open MTPuTTY and double-click the SA-KVM-01 connection.
b. Switch the user to root.
sudo -s

c. Check the status of the VMs running on the SA-KVM-01 host.

virsh list –-all

Your T1-DB-01 VM is in the shut down state.

Lab 5 Configuring Segments 39

d. Power on the VM.
virsh start T1-DB-01

e. Verify that T1-DB-01 is powered on.

virsh list --all

7. Power on T1-Web-03 on host sa-kvm-02.

a. Open MTPuTTY and double-click the SA-KVM-02 connection.
b. Switch the user to root.
sudo -s

c. Check the status of the VMs running on the SA-KVM-02 host.

virsh list –-all

d. Power on the VM.

virsh start T1-Web-03

8. Attach T1-DB-01 to the DB-LS Segment.

a. At the SA-KVM-01 command prompt, view the UUID (shown as interfaceid)
associated with T1-DB-01.
virsh dumpxml T1-DB-01 | grep interfaceid

b. Copy and paste the UUID to a notepad so it can be used in a future step.
In this example, the UUID associated with T1-DB-01 is 57601300-2e82-48c4-8c27-
1e961ac70e81.

c. On the NSX Simplified UI Home page, click Networking > Segments and click the
three vertical ellipses icon next to DB-LS and select Edit.
d. Click Ports, then click Set, and then click ADD SEGMENT PORT.
The Set Segment Ports window appears.

40 Lab 5 Configuring Segments

e. Provide the details in the Set Segment Ports window.
• Name: Enter DB01-LS-Port.
• Type: Select Independent.
• ID: Copy and paste the ID (numbers between the single quotes) from the notepad
to the ID.
f. Click SAVE.
g. Click CLOSE.
h. Click CLOSE EDITING.
9. Attach T1-Web-03 to the Web-LS Segment.
a. At the SA-KVM-02 command prompt, obtain the UUID associated with T1-Web-03
and record it in a notepad.
virsh dumpxml T1-Web-03 | grep interfaceid

The UUID associated with T1-Web-03 is 57601300-2e82-48c4-8c27-1e961ac70e79.

10. Create a logical port.
a. On the NSX Simplified UI Home page, click Segments and click the three vertical
ellipses icon next to Web-LS and select Edit.
b. Click the expand > icon next to Ports and click the number 2.
The Set Segments Ports window appears.
c. On the Add Segment Port window, enter the details.
• Name: Enter Web03-LS-Port.
• Type: Select Independent.
• ID: Copy and paste the ID (only numbers between the single quotes from notepad).
d. Click SAVE.
e. Click CLOSE .
f. Click CLOSE EDITING.

Lab 5 Configuring Segments 41

11. Navigate to Advanced Networking & Security >Switching > Ports and verify that the
two logical ports KVM-DB-01 and KVM-Web-03 are created with Admin Status and
Operational Status as Up.
You might need to refresh the page.

Task 4: Test Layer 2 Connectivity and Verify the

Segments Configuration
You verify the information about segments from the control plane, data plane, and management
plane.
1. Open a console connection to T1-Web-01.
a. From the vSphere Web Client Home page, click Hosts and Clusters.
b. In the Navigator pane, right-click T1-Web-01 and select Open Console.
c. When the remote console window opens, mouse click in the window and press enter
to activate activate the screen.
d. Enter root as the user name and VMware1! as the password.
2. Ping the T1-Web-02 (172.16.10.12) VM which resides on an ESXi host.
ping -c 3 172.16.10.12
Your ping should be successful.

42 Lab 5 Configuring Segments

3. Ping the T1-Web-03 (172.16.10.13) VM which resides on a KVM host.
ping -c 3 172.16.10.13
Your ping should be successful.

NOTE
You can press Ctrl+Alt to escape from the console window.

4. Retrieve the VNI and UUID information for each segment.

a. From MTPuTTY, connect to sa-nsxmgr-01.
b. Retrieve information for the segments.
get logical-switches

c. Record the VNI and UUID values for Web-LS in a notepad.

The VNIs and UUIDs in your lab environment might be different from the screenshot.
5. Retrieve the Tunnel Endpoint (TEP) information for the Web-LS Segment.
get logical-switch Web-LS_VNI_number vtep

The above sample output shows the TEPs connected to the VNI 73728 (Web-LS) control
plane.

Lab 5 Configuring Segments 43

6. Retrieve the MAC table information for Web-LS.
get logical-switch Web-LS_VNI_number mac

7. Retrieve the ARP table information for Web-LS.

get logical-switch Web-LS_VNI_number arp

If your Address Resolution Protocol (ARP) table is empty, initiate ping between the Web-
Tier VMs.
8. Retrieve information about the established host connections on Web-LS.
get logical-switch Web-LS_UUID ports

9. From MTPuTTY, connect to the sa-esxi-04 host.

10. Go to the nsxcli mode.
nsxcli

44 Lab 5 Configuring Segments

11. Retrieve the segment information from the sa-esxi-04 host.
get logical-switches

Lab 5 Configuring Segments 45

Lab 6 Deploying and Configuring
NSX Edge Nodes

Objective: Deploy NSX Edge nodes and configure them

as transport nodes

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Deploy Two Edge Nodes from the NSX Simplified UI
3. Enable SSH on the Edges Nodes
4. Configure an Edge Cluster

47
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

48 Lab 6 Deploying and Configuring NSX Edge Nodes

Task 2: Deploy Two Edge Nodes from the NSX Manager
Simplified UI
You deploy NSX Edge nodes on ESXi hosts to perform routing and other Layer 3 networking
functionality.
1. On the NSX Simplified UI Home page, click System > Fabric > Nodes > Edge
Transport Nodes.
2. Click +ADD EDGE VM.
3. Provide the configuration details in the Add Edge VM window.
• Name: Enter sa-nsxedge-01.
• Host name/FQDN: Enter sa-nsxedge-01.vclass.local.
• Form Factor: Medium (default).

4. Click NEXT.

Lab 6 Deploying and Configuring NSX Edge Nodes 49

5. On the Credentials page, enter VMware1!VMware1! as the CLI password and the system
root password.

6. Click NEXT.

50 Lab 6 Deploying and Configuring NSX Edge Nodes

7. On the Configure Deployment page, provide the configuration details.
• Compute Manager: Select sa-vcsa-01.vclass.local (begin by typing sa and the full
name should appear).
• Cluster: Select SA-Management-Edge from the drop-down menu.
• Resource Pool: Leave empty.
• Host: Leave empty.
• Datastore: Select SA-Shared-02-Remote from the drop-down menu.

8. Click NEXT.

Lab 6 Deploying and Configuring NSX Edge Nodes 51

9. On the Configure Ports page, provide the configuration details.
• IP Assignment: Select Static.
• Management IP: Enter 172.20.10.61/24.
• Default Gateway: Enter 172.20.10.10.
• Management Interface: Select pg-SA-Management from the drop-down menu.

52 Lab 6 Deploying and Configuring NSX Edge Nodes

10. On the Configure NSX page, provide the configuration details.
• Transport Zone: Select Global-Overlay-TZ and Global-VLAN-TZ.
• Edge Switch Name: Select PROD-Overlay-NVDS.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.
• IP Assignment: Select Use IP Pool from the drop-down menu.
• IP Pool: Select VTEP-IP-Pool from the drop-down menu.
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Overlay from the
drop-down menu.

11. On the Configure NSX page, click + Add N-VDS

Provide the configuration details.
• Edge Switch Name: Select Prod-VLAN-NVDS from the drop-down menu.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.
• IP Assignment: [Disabled].
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Uplinks from the
drop-down menu.
• Click FINISH.

Lab 6 Deploying and Configuring NSX Edge Nodes 53

12. Click FINISH.

NOTE
The Edge deployment might take a several minutes to complete. The deployment
status displays various values, for example, Node Not Ready, which is only
temporary.

NOTE
Please wait until the Configuration status displays Success and Status is Up. You
might click REFRESH occasionally.

13. On the NSX Simplified UI Home page, click System > Fabric > Nodes > Edge
Transport Nodes.
Provide the configuration details to deploy the second edge node.
a. On the Name and Description window, enter the following details.
• Name: Enter sa-nsxedge-02.
• Host name/FQDN: Enter sa-nsxedge-02.vclass.local.
• Form Factor: Medium (default).
b. On the Credentials window, enter the following details.
• Enter VMware1!VMware1! as the CLI password and the system root password.
c. On the Configure Deployment window, enter the following details.
• Compute Manager: Select sa-vcsa-01.vclass.local (begin by typing sa and the
full name should appear).
• Cluster: Select SA-Management-Edge from the drop-down menu.
• Resource Pool: Leave empty.
• Host: Leave empty.
• Datastore: Select SA-Shared-02-Remote from the drop-down menu.
d. On the Configure Ports window, enter the following details.
• IP Assignment: Click Static.

54 Lab 6 Deploying and Configuring NSX Edge Nodes

• Management IP: Enter 172.20.10.62/24.
• Default Gateway: Enter 172.20.10.10.
• Management Interface: Select pg-SA-Management from the drop-down menu.
e. On the Configure NSX window, enter the following details.
• Transport Zone: Select Global-Overlay-TZ and Global-VLAN-TZ.
• Edge Switch Name: Select PROD-Overlay-NVDS.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down
menu.
• IP Assignment: Select Use IP Pool from the drop-down menu.
• IP Pool: Select VTEP-IP-Pool from the drop-down menu.
• DPDK Fastpath Interfaces: uplink-1 is populated. Select connect to pg-SA-Edge-
Overlay from the drop-down menu.
f. On the Add N-VDS window, enter the following details.
• Click ADD N-VDS.
• Edge Switch Name: Select Prod-VLAN-NVDS from the drop-down menu.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down
menu.
• IP Assignment: [Disabled].
• DPDK Fastpath Interfaces: uplink-1 is populated. Select connect to pg-SA-Edge-
Uplinks from the drop-down menu.
g. Click FINISH.

NOTE
The Edge deployment might take a several minutes to complete. The deployment
status displays various values, for example, Node Not Ready which is only
temporary.

NOTE
Please wait until the Configuration status displays Success and Status is Up. You
might click REFRESH occasionally.

Lab 6 Deploying and Configuring NSX Edge Nodes 55

14. Verify that the two edge nodes are deployed and listed on the Edge VM list.

Configuration Status shows Success and Node Status is UP.

Task 3: Enable SSH on the Edge Nodes

You enable the SSH service on each edge node that you created.
1. From the vSphere Web Client Home page, click Hosts and Clusters.
2. In the navigator pane, right-click sa-nsxedge-01 and select Open Console.
3. Enter admin as the user name and VMware1!VMware1! as the password.
4. Verify that the SSH service is stopped.
get service ssh

5. Start the SSH service.

start service ssh

6. Set the SSH service to autostart when the VM is powered on.

set service ssh start-on-boot

7. Verify that the SSH service is running and Start on boot is set to True.
get service ssh

56 Lab 6 Deploying and Configuring NSX Edge Nodes

8. Configure SSH on sa-nsxedge-02.
a. From the vSphere Web Client Home page, click Hosts and Clusters.
b. In the navigator pane, right-click sa-nsxedge-02 and select Open Console.
c. Enter admin as the user name and VMware1!VMware1! as the password.
d. Verify that the SSH service is stopped.
get service ssh

e. Start the SSH service.

start service ssh

f. Set the SSH service to autostart when the VM is powered on.

set service ssh start-on-boot

g. Verify that the SSH service is running and Start on boot is set to True.
get service ssh

Task 4: Configure an Edge Cluster

You create an edge cluster and add the two edge nodes to the cluster.
1. On the NSX Simplified UI Home page, click System >Fabric > Nodes > Edge Clusters.
2. Click +ADD.
3. Provide the configuration details in the Add Edge Cluster window.
• Name: Enter Edge-Cluster-01.
• Edge Cluster Profile: Select nsx-default-edge-high-availability-profile (default).
• Member Type: Edge Node (default).
4. In the Available (2) pane, select both sa-nsxedge-01 and sa-nsxedge-02 and click the right
arrow to move them to the Selected (0) pane.
5. Click ADD.
6. Click Refresh once Edge Cluster is created.
7. Verify that Edge-Cluster-01 appears in the Edge Cluster list.

Lab 6 Deploying and Configuring NSX Edge Nodes 57

8. Click 2 in the Transport Nodes column and verify that sa-nsxedge-01 and sa-nsxedge-02
appear in the list.

58 Lab 6 Deploying and Configuring NSX Edge Nodes

Lab 7 Configuring the Tier-1
Gateway

Objective: Create a Tier-1 gateway and configure gateway

ports

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Create a Tier-1 Gateway
3. Create Gateway Ports on Segments
4. Test East-West L3 Connectivity

59
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

60 Lab 7 Configuring the Tier-1 Gateway

Task 2: Create a Tier-1 Gateway
You create a Tier-1 gateway to provide east-west connectivity.
1. On the NSX Simplified UI Home page, click Networking > Tier-1 Gateways.
2. Click ADD Tier-1 GATEWAY.
3. Provide the configuration details in the ADD TIER-1 GATEWAY window.
• Name: Enter T1-LR-01.
• Linked Tier-0 Gateway: Leave empty because the Tier-0 gateway is not yet created.
• Failover: Leave default - nonpreemptive.
• Edge Cluster: Leave empty

4. Click SAVE.
You see a message message that you want to continue editing the Tier-1GW, click YES.

Lab 7 Configuring the Tier-1 Gateway 61

5. Scroll to the lower portion of the T1-LR-01 gateway and expand Route Advertisement
using the expand > icon next to it and select the options.
• Select All Static Routes.
• Select All Connected Segments & Service Ports.

6. Click SAVE followed by CLOSE EDITING.

Task 3: Create Gateway Ports on Segments

You create gateway ports to associate the gateway with segments.
1. On the NSX Simplified UI Home page, click Networking > Segments.
2. Click the three vertical ellipses icon next to APP-LS and select Edit.
a. Select T1-LR-01 from the Uplink & Type drop-down menu.
b. Click Set Subnets > ADD SUBNET.
c. Enter 172.16.20.1/24 in the Gateway field for App-LS on the Set Subnets page.
d. Click ADD followed by APPLY and SAVE.
e. Click CLOSE EDITING.

62 Lab 7 Configuring the Tier-1 Gateway

3. Use the following configuration details to add ports for DB-LS.
a. Click the three vertical ellipses icon next to DB-LS and select Edit.
b. Select T1-LR-01 from the Uplink & Type drop-down menu.
c. Click Set Subnets > ADD SUBNET.
d. Enter 172.16.30.1/24 in the Gateway field for DB-LS on the Set Subnets page.
e. Click ADD followed by APPLY and SAVE.
f. Click CLOSE EDITING.
4. Use the following configuration details to add ports for Web-LS.
a. Click the three vertical ellipses icon next to Web-LS and select Edit.
b. Select T1-LR-01 from the Uplink & Type drop-down menu.
c. Click Set Subnets > ADD SUBNET.
d. Enter 172.16.10.1/24 in the Gateway field for Web-LS on the Set Subnets page.
e. Click ADD followed by APPLY and SAVE.
f. Click CLOSE EDITING.

Lab 7 Configuring the Tier-1 Gateway 63

Task 4: Test East-West L3 Connectivity
You verify east-west connectivity among the tenant networks.
1. From vSphere Web Client, open a console to T1-Web-01 and enter root as the user name
and VMware1! as the password.
2. From T1-Web-01, verify that you can reach the tenants in the App-Tier and DB-Tier
networks.
ping -c 3 172.16.20.11 (T1-App-01)
ping -c 3 172.16.30.11 (T1-DB-01)

64 Lab 7 Configuring the Tier-1 Gateway

Lab 8 Configuring the Tier-0
Gateway

Objective: Create a Tier-0 gateway and configure north-

south end-to-end connectivity

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Create Uplink Segments
3. Create a Tier-0 Gateway
4. Connect the Tier-0 and Tier-1 Gateways
5. Test the End-to-End Connectivity

65
Task 1: Prepare for the Lab

You log in to the NSX Manager Simplified UI.

66 Lab 8 Configuring the Tier-0 Gateway

Task 2: Create Uplink Segments
You create segments for the two uplinks used by the Tier-0 gateway to connect to the upstream
gateway.
1. On the NSX Simplified UI Home page, click Networking > Segments > ADD
SEGMENT.
2. Provide the configuration details in the window.
On the General tab:
• Name: Enter Uplink-1.
• Uplink & Type: None.
• Transport Zone: Select Global-VLAN-TZ.
• VLAN: Enter 0 and click Add Item(s).

3. Click SAVE.
a. When the message appears asking whether you want to continue Configuring the
Segment, specify NO.
4. Repeat steps 1-3 to create another logical segmentnamed Uplink-2 for the second uplink.
• Name: Enter Uplink-2.
• Uplink & Type: None.
• Transport Zone: Select Global-VLAN-TZ.
• VLAN: Enter 0 and click Add Item(s).
a. Click SAVE.
b. When the message appears asking whether you want to continue Configuring the
Segment, specify NO.

Lab 8 Configuring the Tier-0 Gateway 67

5. Verify that the two Segments for uplinks appear in the Segments list.

Task 3: Create a Tier-0 Gateway

You create a Tier-0 gateway.
1. On the NSX Simplified UI Home page, click Networking > Tier-0 Gateways.
2. Click ADD TIER-0 GATEWAY.
a. Provide the configuration details in the ADD TIER-0 GATEWAY window.
• Name: Enter T0-LR-01.
• HA Mode: Select Active-Active (using the drop-down menu select the value).
• Edge Cluster: Select Edge-Cluster-01.

b. Click SAVE.
3. When the message appears asking that you want to continue editing this Tier-0 gateway,
click YES.

68 Lab 8 Configuring the Tier-0 Gateway

4. Select ROUTE RE-DISTRIBUTION and click SET.
a. Provide the configuration details in the Set Route Redistribution page.
Tier-O Subnets:
• Select Static Routes.
• Select Connected Interfaces & Segments and all the suboptions.
Advertise Tier-1 Subnets:
• Select Connected Subnets.
• Select Static Routes.

b. Click APPLY followed by click SAVE.

5. Click the expand > icon next to Interfaces and click Set.

Lab 8 Configuring the Tier-0 Gateway 69

6. In the Set Interfaces page, click ADD INTERFACE.
a. Provide the configuration information for the interfaces.
• Name: Enter Uplink-1-Intf.
• Type: External (default).
• IP Address / Mask: Enter 192.168.100.2/24 and click Add Item(s).
• Connected To(Segments): Select Uplink-1.
• Edge Node: Select sa-nsxedge-01.
b. Click SAVE.
7. In the Set Interfaces page, click ADD INTERFACE.
a. Enter the configuration information for the interfaces.
• Name: Enter Uplink-2-Intf.
• IP Address / Mask: Enter 192.168.110.2/24 and click Add Item(s).
• Connected To(Segments): Uplink-2.
• Edge Node: Select sa-nsxedge-02.
b. Click SAVE followed by CLOSE.
8. Click the expand > icon next to BGP and provide the configuration details.
• Local AS: 100
• BGP: On
• Inter SR iBGP: OFF
• ECMP: On
• Multipath Relax: On
Leave all the other options as default.
a. Click SAVE.
b. Click Set next to BGP Neighbors.
Click ADD BGP NEIGHBOR and enter the configuration information.
• IP Address : 192.168.100.1
• Remote AS: 200
c. Click SAVE.

70 Lab 8 Configuring the Tier-0 Gateway

d. Click ADD BGP NEIGHBOR and enter the configuration information.
• IP Address : 192.168.110.1
• Remote AS: 200
e. Click SAVE.
f. Click CLOSE followed by CLOSE EDITING.

9. You should see your Tier-0 Gateway in the window with the status as UP.

Lab 8 Configuring the Tier-0 Gateway 71

Task 4: Connect the Tier-0 and Tier-1 Gateways
You connect the two gateways together because the direct connection between Tier-0 and Tier-
1 gateways is not automatic.
1. On the NSX Simplified UI Home page, click Networking > Tier-1 Gateways.
2. Select the Tier-1 T1-LR-01 gateway, click the three vertical ellipses icon next to the T1-
LR-01 entry, and from the menu select Edit.

3. On the T1-LR-1 edit page, click the down arrow in the Linked Tier-0 Gateway field and
select T0-LR-1.
4. Click SAVE followed by CLOSE EDITING.

72 Lab 8 Configuring the Tier-0 Gateway

5. Verify that a Linked Tier-0 Gateway is created on both the gateways .
a. Check T1-LR-01 to verify that a Linked Tier-0 Gateway is connected to T0-LR-01.

b. Select Tier-0 Gateways link in the navigation menu.

In the T0-LR-1 list, verify that a Linked T0-LR-1 is connected to T1-LR-1 by clicking on 1
in the Linked Tier-1 Gateways column.

Lab 8 Configuring the Tier-0 Gateway 73

Task 5: Test the End-to-End Connectivity
You test the connectivity from your student desktop to tenant VMs to verify that end-to-end
routing is working.
In the lab environment, routing has been preconfigured on your student desktop, the RRAS
server, and the Vyos router.
1. To verify connectivity, ping from the console of any tenant VM (T1-Web-01, T1-App-01,
T1-DB-01, and so on) to the gateway 192.168.100.1.

ping -c 3 192.168.100.1
ping -c 3 192.168.110.1

Your pings should be successful.

2. From the command prompt of your student desktop, verify that you can reach all the tenant
VMs.
ping 172.16.10.11
ping 172.16.20.11
ping 172.16.30.11

You should be able to ping from your student desktop to any of the tenant networks, which
verifies that the north-south routing is working properly.

74 Lab 8 Configuring the Tier-0 Gateway

Lab 9 Verifying Equal-Cost
Multipathing Configurations

Objective: Enable equal-cost multipathing on gateways

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Verify the BGP Configuration
3. Verify That Equal-Cost Multipathing Is Enabled
4. Verify the Result of the ECMP Configuration

Task 1: Prepare for the Lab

75
You log in to the NSX Manager Simplified UI.
1. From your student desktop, open the Chrome web browser.
2. Click the NSX-T Data Center > NSX Manager bookmark.
3. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

Task 2: Verify the BGP Configuration

You verify the BGP neighbor relationship between the edge nodes and the upstream VyOS
router.
1. Verify that the BGP neighbor relationship is established between the VyOS and the sa-
nsxedge-01 gateway.
a. From MTPuTTY, connect to sa-nsxedge-01.
b. When the PuTTY Security Alert appears, click Yes to proceed.
c. Disable the command-line timeout.
set cli-timeout 0
d. Obtain information for the gateways.
get logical-routers
e. Verify that the SR-T0-LR-01 service gateway appears with an associated VRF ID.

In the command output, VRF 6 is associated with SR-T0-LR-01. The VRF ID in your lab
might be different.

76 Lab 9 Verifying Equal-Cost Multipathing Configurations

f. Access the Tier-0 service gateway mode.
vrf vrf_ID

g. Verify the BGP state.

get bgp neighbor
The BGP state should show Established, up. Press q to quit out of BGP neighbor
output.

h. Exit the Tier-0 VRF service gateway mode.

exit

NOTE
On sa-nsxedge-01, the BGP state for neighbor 192.168.100.1 is established and up.

2. From MTPuTTY, connect to sa-nsxedge-02 and repeat step 1 to verify that the BGP
neighbor relationship is established between the VyOS router and the sa-nsxedge-02
gateway.

NOTE
On sa-nsxedge-02, the BGP neighbor state for neighbor 192.168.100.1 is active.

Lab 9 Verifying Equal-Cost Multipathing Configurations 77

Task 3: Verify That Equal-Cost Multipathing Is Enabled
You enable Equal-Cost Multipathing (ECMP) between the Tier-0 gateway and VyOS router so
that both the links can be used.
1. On the NSX Simplified UI Home page, click Networking > Tier-0 Gateways > T0-LR-
01.
a. Clikc the > icon next to BGP.
2. Verify that both BGP, ECMP, and Multipath Relax appear as On.

Task 4: Verify the Result of the ECMP Configuration

You perform a packet capture from both the edge nodes to verify that the traffic is sent across
both the uplinks.
1. From MTPuTTY, connect to SA-VYOS-01.
2. Verify that each tenant network (Web-Tier 172.16.10.0/24, App-Tier 172.16.20.0/24, and
DB-Tier 172.16.30.0/24) has two next-hops through the 192.168.100.2 and 192.168.110.2
interfaces on the T0-LR-1 gateway.
show ip route

78 Lab 9 Verifying Equal-Cost Multipathing Configurations

3. In MTPuTTY, connect to sa-nsxedge-01.
4. Capture packets on sa-nsxedge-01.

set capture session 1 interface fp-eth1 direction in

set capture session 1 expression src net 172.20.10.0/24

5. In MTPuTTY, connect to sa-nsxedge-02.

6. Capture packets on sa-nsxedge-02.
set capture session 1 interface fp-eth1 direction in
set capture session 1 expression src net 172.20.10.0/24

7. On the student desktop, double-click the httpdata11.bat and httpdata12.bat scripts,

which start a large number of HTTP requests to the web VMs.

Lab 9 Verifying Equal-Cost Multipathing Configurations 79

8. Verify that the traffic is going through both sa-nsxedge-01 and sa-nsxedge-02, as a result
of your ECMP configuration.

NOTE
Your results might reflect that the traffic for 172.16.10.11 flows goes to edge-01
and the traffic for 172.16.10.12 goes to edge-02, or vice versa.

80 Lab 9 Verifying Equal-Cost Multipathing Configurations

9. Terminate the packet capture in the sa-nsxedge-01 console.
a. Press Ctrl+C.
b. Delete the capture.
del capture session 1

10. Terminate the packet capture in the sa-nsxedge-02 console..

a. Press Ctrl+C.
b. Delete the capture.
del capture session 1

11. If the .bat scripts do not automatically terminate, stop them manually.
a. In the httpdata11.bat window, press Ctrl+C to stop the script, and enter Y to terminate
the batch job.
b. In the httpdata12.bat window, press Ctrl+C to stop the script, and enter Y to terminate
the batch job.

Lab 9 Verifying Equal-Cost Multipathing Configurations 81

Lab 10 Configuring Network
Address Translation

Objective: Configure source and destination network

address translation rules on the Tier-1 gateway

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Create a New Tier-1 Gateway for Network Address Translation
3. Create a Segment
4. Attach a VM to the NAT-LS Segment
5. Configure NAT
6. Configure Route Advertisement and Route Redistribution
7. Verify the IP Connectivity

83
Task 1: Prepare for the Lab

You log in to the vSphere Web Client UI and the NSX Manager UI.
1. From your student desktop, log in to the vSphere Web Client UI.
a. Open the Chrome web browser.
b. Click the vSphere Site-A > vSphere Web Client (SA-VCSA-01) bookmark.
c. On the login page, enter [email protected] as the user name and
VMware1! as the password.

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

84 Lab 10 Configuring Network Address Translation

Task 2: Create a Tier-1 Gateway for Network Address
Translation
You create another Tier-1 gateway to support Network Address Translation (NAT).
1. On the NSX Simplified UI Home page, click Networking > Tier-1 Gateways > ADD
TIER-1 GATEWAY.
2. Provide the configuration details in the ADD TIER-1 GATEWAY window.
• Name: Enter T1-LR-2-NAT.
• Tier-0 Router: Select T0-LR-01.
• Failover Mode: Non Preemptive (default).
• Edge Cluster: Select Edge-Cluster-01.
• Route Advertisement: Select All Static Routes, All Connected Segments & Service
Ports, and All NAT IPs.
Leave all the other options as default.

3. Click SAVE.
You see a message message asking whether you want to continue editing the Tier1
Gateway. Click NO.

Lab 10 Configuring Network Address Translation 85

4. Verify that the NAT gateway appears in the Tier-1 Gateway list and the Status is UP.

Task 3: Create a Segment

You create a logical segmentthat connects to the NAT network.
1. On the NSX Simplified UI Home page, click Networking > Segments > ADD
SEGMENT.
2. Provide the configuration details in the ADD SEGMENT window.
• Name: Enter NAT-LS.
• Uplink & Type: Select T1-LR-2-NAT.
• Transport Zone: Select Global-Overlay-TZ.
a. Click Set Subnets followed by ADD SUBNET.
• Set Subnets: Enter 172.16.101.1/24.
Leave all the other options as default.
b. Click ADD.
c. Click APPLY followed by SAVE.
3. When the message Want to continue this Segment appears, click No.

86 Lab 10 Configuring Network Address Translation

4. Verify that the NAT-LS logical segment is successfully created.

Task 4: Attach a VM to the NAT-LS Segment

You attach the VM T2-NAT-01 to the newly-created NAT-LS segment.
1. From the vSphere Web Client UI, go to Hosts and Clusters.
2. Right-click the T2-NAT-01 VM and select Edit Settings.
3. From the Network adapter 1 drop-down menu, select NAT-LS (nsx.LogicalSwitch).

4. Verify that the Connected check box is selected.

5. Click OK.

Lab 10 Configuring Network Address Translation 87

Task 5: Configure NAT
You configure the source and destination NAT rules on the Tier-1 NAT gateway.
1. From the home of the NSX Simplified UI, click Networking > NAT.
2. Click Gateway and select T1-LR-2-NAT from the drop-down menu.
a. Click ADD NAT RULE.
3. Provide the configuration details in the ADD NAT RULE window.
• Name: Enter NAT-Rule-1.
• Action: Select SNAT.
• Source IP: Enter 172.16.101.11.
• Destination IP: Leave blank.
• Translated IP: Enter 80.80.80.1.
• Firewall: Select By Pass.
• Priority: Enter 1024.
Leave all the other options as default.

4. Click SAVE.

88 Lab 10 Configuring Network Address Translation

5. Verify that the SNAT rule appears in the list.

6. Click ADD NAT RULE again and check that T1-LR-2-NAT is still the value in the
Gateway field.
7. Provide the configuration details in the New NAT Rule window.
• Name: Enter NAT-Rule-2.
• Action: Select DNAT.
• Source IP: Leave blank.
• Destination IP: Enter 80.80.80.1.
• Translated IP: Enter 172.16.101.11.
• Firewall: Select By Pass.
• Priority: Enter 1024.
Leave all the other options as default.

8. Click SAVE.

Lab 10 Configuring Network Address Translation 89

9. Verify that the DNAT rule appears in the list.

Task 6: Configure Route Advertisement and Route

Redistribution
You verify route advertisement in the NAT network to the upstream VyOS router.
1. Using MTPuTTY, connect to sa-vyos-01 and verify that the 172.16.101.0/24 route is
advertised by entering show ip route.

90 Lab 10 Configuring Network Address Translation

2. On the Tier-0 Gateways, redistribute the NAT route (80.80.80.1/32) so that the upstream
gateway learns about it.
a. On the NSX Simplified UI Home page, click Networking > T0 Gateways and select
T0-LR-01.
b. Click the vertical three dot icon and select Edit from the menu.
c. Expand the ROUTE RE-DISTRIBUTION option and click the current count value
7.
d. Select the Advertised Tier-1 Subnets > NAT IP check box.
e. Click APPLY.
f. When the TIER-0 Gateway window appears, click SAVE.
You see that the ROUTE RE-DISTRIBUTION count is 8.

3. Click SAVE followed by CLOSE EDITING.

Lab 10 Configuring Network Address Translation 91

4. Click the value 8 current count.

a. Click CLOSE.
The T0-LR-01 Gateway Status shows Down until the configuration is realized on the NSX
Manager, which might take a few seconds.
5. Switch back to the MTpuTTY connection for sa-vayos-01 and enter show ip route
again to verify that 80.80.80.1/32 is displayed.

92 Lab 10 Configuring Network Address Translation

Task 7: Verify the IP Connectivity
You test the connectivity to the NAT network.
1. From MTPuTTY, connect to sa-nsxedge-01.
2. Retrieve gateway instances and identify the virtual routing and forwarding (VRF) instance
context for SR-T0-LR-01.
get logical-routers

In the above command output, the VRF ID for SR-T0-LR is 9. The VRF ID in your lab
might be different.
3. Access the VRF for SR-T0-LR-01 and view the routing table of the Tier-0 SR -1.
vrf 9
get route

Lab 10 Configuring Network Address Translation 93

4. From your student desktop, open a browser window, and enter http://80.80.80.1
(NAT web server).
A test page appears indicating that your NAT is successful.

94 Lab 10 Configuring Network Address Translation

Lab 11 Configuring the DHCP Server
on the NSX Edge Node

Objective: Configure the DHCP Server on the NSX Edge

Node

In this lab, you perform the following tasks:

1 Prepare for the Lab
2 Configure a DHCP Server
3 Verify the DHCP Server Operation
4 Prepare for the Next Lab

95
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

96 Lab 11 Configuring the DHCP Server on the NSX Edge Node

Task 2: Configure a DHCP Server
You log in to the NSX Manager UI and configure a DHCP server, Tier-1 Gateway, and a
Segment.
1. Navigate to NSX Simplified UI > Networking > IP Address Management > DHCP.
a. Click ADD SERVER.
b. Select DHCP Server from the drop-down menu for Server Type.
Enter the configuration for the DHCP Server.
• Name: Enter DHCP-Server.
• Server IP Address: Enter 192.168.100.18/24.
• Lease Time (seconds): 86400 (default).
• Edge Cluster: Select Edge-Cluster-01.
c. Click SAVE.

Lab 11 Configuring the DHCP Server on the NSX Edge Node 97

2. Navigate to NSX Simplified UI > Networking > Tier-1 Gateways.
a. Click the three vertical ellipse icon next to T1-LR-01 and select Edit.
b. Click No IP Allocation Set next to the configuration option IP Address
Management.
c. From the Type drop-down menu, select DHCP Local Server.
d. From the DHCP Server drop-down menu, select DHCP-Server.

e. Click SAVE and SAVE again followed by CLOSE EDITING.

3. Navigate to NSX Simplified UI > Networking > Segments.
a. Click ADD SEGMENT.
b. Enter the configuration for the DHCP Segment.
• Name: Enter DHCP-LS.
• Uplink & Type: Select T1-LR-01 from the drop-down menu.
• Uplink Type: Select Flexible (default).

98 Lab 11 Configuring the DHCP Server on the NSX Edge Node

• Transport Zone: Select Global-Overlay-TZ | Overlay.
c. Click Set Subnets and click ADD SUBNET.
• Gateway: Enter 172.16.40.1/24.
• DHCP Ranges: Enter 172.16.40.25-172.16.40.35 and click Add item(s).
d. Click ADD then APPLY followed by SAVE.
e. When the message asking whether you want to continue Configuring this Segment?
appears, click YES.
f. Continue to enter the configuration for the DHCP Segment.
• Domain Name: Enter vclass.local.
g. Click SAVE followed by CLOSE EDITING.

Lab 11 Configuring the DHCP Server on the NSX Edge Node 99

Task 3: Verify the DHCP Server Operation
You log in to the vSphere Web Client and attach two virtual Machines to the DHCP segment.
Next you use MTpuTTY to validate the DHCP server configuration. Finally, you configure one
of the virtual Machines to acquire an IP address from DHCP.
1. Switch to the vSphere Web Client and navigate to Hosts and Clusters.
a. Right-click on Ubuntu-01a and select from the Edit Settings menu.
b. Change the Network Adapter 1 to connect to DHCP-LS, make sure Connected is
selected, and click OK.

100 Lab 11 Configuring the DHCP Server on the NSX Edge Node
2. Connect Ubuntu-02a to the DHCP-LS.
a. Right-click Ubuntu-02a and select from the Edit Settings menu.
b. Change the Network Adapter 1 to connect to DHCP-LS, make sure Connected is
selected, and click OK.
3. Verify that the two virtual machines can communicate on the newly attached segment.
a. In the vSphere Web Client, select Hosts and Clusters and right-click Ubuntu-01a
from the inventory, and select Open Console.
b. Log in to Ubuntu-01a using vmware as the user name and VMware1! as the password.
c. Ping Ubuntu-02a.
ping -c 3 172.16.40.12

Your ping should be successful.

Lab 11 Configuring the DHCP Server on the NSX Edge Node 101
4. Verify the DHCP server configurations using the command line.
a. Switch to MTpuTTY and connect to sa-nsxedge-01.
b. Log in with admin as user name and VMware1!VMware1! as the password.
c. Get the DHCP servers.
get dhcp servers

102 Lab 11 Configuring the DHCP Server on the NSX Edge Node
5. Verify the configurations of the DHCP IP pools.
get dhcp ip-pools

Lab 11 Configuring the DHCP Server on the NSX Edge Node 103
6. Verify that the DHCP server operates as expected.
a. Switch to the vSphere Web Client and open a console for Ubuntu-02a.
b. Log in using the user name vmware and password VMware1!.
c. Gain root access by entering sudo -s and enter VMWare1! when prompted for the
password.
d. Clear the IP address assignment and request a new one from DHCP. Enter the
ifconfig ens160 0.0.0.0 0.0.0.0 && dhclient command.
ifconfig ens160 0.0.0.0 0.0.0.0 && dhclient

NOTE
Note the space between the two zero groupings for the IP address and netmask.

e. View the newly assigned IP address (172.16.40.25) from the DHCP pool with the
ifconfig command.
You see that the new inet addr: is now 172.16.40.25, which is the first address in
the DHCP IP pool.

104 Lab 11 Configuring the DHCP Server on the NSX Edge Node
7. Switch back to MTpuTTY to verify the DHCP lease.
a. Get the DHCP lease.
get dhcp leases

Task 4: Prepare for the Next Lab

In preparation for the next lab, you use the vSphere Web Client and MTpuTTY to reconfigure
Ubuntu-01a and Ubuntu-02a to its original IP address and attached network.
1. Switch back to the Ubuntu-02a virtual machine console in the vSphere Web Client and
return back to its original static IP address.
a. Enter the command killall dhclient && ifconfig ens160 172.16.40.12
netmask 255.255.255.0.

Lab 11 Configuring the DHCP Server on the NSX Edge Node 105
2. Switch to the vSphere Web Client and return the virtual machines back to their original
network.
a. Right-click on Ubuntu-01a and select Edit Settings.

3. While still in the vSphere Web Client, open a console to Ubuntu-01a.

a. Login with user name vmware and password VMware1!.
b. Enter ifconfig at the command line and verify that the IP address for Ubuntu-01a is
172.16.40.11.
c. Switch back to the vSphere Web Client, right-click on Ubuntu-01a, and select Edit
Settings.
d. Verify that Ubuntu-01a is attached to the VM Network.
Otherwise, edit the network configuration.

106 Lab 11 Configuring the DHCP Server on the NSX Edge Node
Lab 12 Configuring Load Balancing

Objective: Configure load balancing on the Tier-1

gateway to distribute web traffic

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Test the Connectivity to Web Servers
3. Create a Load Balancer
4. Configure Route Advertisement and Route Redistribution for the Virtual IP
5. Use the CLI to Verify the Load Balancer Configuration
6. Verify the Operation of the Backup Server
7. Prepare for the Next Lab

107
Task 1: Prepare for the Lab

108 Lab 12 Configuring Load Balancing

2. Log in to the NSX Simplified UI.
a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

Task 2: Test the Connectivity to Web Servers

You verify the end-to-end connectivity from your student desktop to the web servers on Web-
Tier.
1. On your student desktop, open a command prompt window.
2. Ping the three web servers and verify that the pings are successful.

ping 172.16.10.11
ping 172.16.10.12
ping 172.16.10.13

3. On your student desktop, open a browser tab and verify that you can access the three web
servers.
http://172.16.10.11
http://172.16.10.12
http://172.16.10.13

Do not proceed to the next task if you cannot access the three web servers.

Lab 12 Configuring Load Balancing 109

Task 3: Create a Tier-1 Gateway Named T1-LR-LB and
Connect it to T0-LR-01
1. Create T1-LR-LB and attach it to T0-LR-01.
a. From the Simplified UI, click the Networking tab.
b. Click Tier-1 Gateways.
c. Click ADD TIER-1 GATEWAY and enter the following details to create a T1-LR-
LB.
• Tier-1 Gateway Name: Enter T1-LR-LB.
• Linked Tier-0 Gateway: Select T0-LR-01.
• Fail Over: Select Non Preemptive.
• Edge Cluster: Select Edge-Cluster-01.
d. Click SAVE.
e. When the message appears asking whether you want to continue configuring the Tier-
1 gateway, click NO.

110 Lab 12 Configuring Load Balancing

2. Attach Web-LS to T1-LR-LB.
a. Click Segments.
b. Click the dotted vertical line to edit Web-LS.
• Uplink & Type: Select T1-LR-LB from the drop-down menu.
c. Click SAVE followed by CLOSE EDITING.

Task 4: Create a Load Balancer

You create a load balancer and attach it to the Tier-1 gateway.
1. Create a load balancer by navigating to NSX-T UI Home > Networking > Load
Balancing > ADD LOAD BALANCER.
a. Provide the configuration details on the ADD LOAD BALANCER page.
• Name: Enter Web-LB.
• Size: Select Small.
• Tier-1 Gateway: Select T1-LR-LB.
• Leave all other options blank.
b. Click SAVE.
c. When the Continue Configuring this Load Balancer message displays, click Yes.
d. On the Load Balancer options page, expand VIRTUAL SERVERS and click Set
Virtual Servers.
2. Create a new virtual server.
a. Click ADD VIRTUAL SERVER > L4 TCP.
• Name: Enter Web-IP-VIP.
• IP Address: Enter 192.168.100.7.
• Ports: Enter 80 and click add item.
• Server Pool: Click the three vertical ellipses icon next to field and select Create
New.

Lab 12 Configuring Load Balancing 111

3. Create a server pool for the web servers.
a. Provide the configuration details on the General Properties page in the Add New
Server Pool window.
• Name: Enter Web-IP-Pool.
• Description: Enter Server pool for web servers.
• Load Balancing Algorithm: Select ROUND_ROBIN (default).
• Select Members: Click Select Members.
• Leave all the other settings as default.

112 Lab 12 Configuring Load Balancing

b. On the Configure Server Pool Members page, click ADD MEMBER under Enter
individual members to add three (one acting as backup) web server nodes (T1-web-01,
T1-web-02, and T1-Web-03) to the pool member list.
• Name: Enter Node-1.
• IP: Enter 172.16.10.11.
• Port: Enter 80.
• Weight: 1 (default).
• State: ENABLED (default).
• Backup Member: Disabled.
Click ADD.

c. Click ADD MEMBER.

Enter the configuration information for the next member.
• Name: Enter Node-2.
• IP: Enter 172.16.10.12.
• Port: Enter 80.
• Weight: 1 (default).
• State: ENABLED (default).
• Backup Member: Disabled.
d. Click ADD MEMBER.

Lab 12 Configuring Load Balancing 113

Enter the configuration information for the last member.
• Name: Enter Node-3.
• IP: Enter 172.16.10.13.
• Port: Enter 80.
• Weight: 1 (default).
• State: ENABLED (default).
• Backup Member: Enabled.
e. Click ADD followed by APPLY.
f. On the Create Server Pool page, click SAVE.
g. On the Set Virtual Servers page, click SAVE and CLOSE.
h. On the ADD LOAD BALANCER page, click SAVE.
4. Select the SERVER POOLS tab and verify that the newly created Web-LB-Pool appears
in the server pool list.

5. Select the VIRTUAL SERVERS tab and verify that the newly created Web-LB-VIP
appears in the virtual server list.

6. Navigate to NSX-T Home UI > Networking > Load Balancers > LOAD BALANCERS.

a. Verify that the Web-LB load balancer is attached to the T1-LR-LB gateway and the
load balancer’s operational status is Up.

114 Lab 12 Configuring Load Balancing

Task 5: Configure Route Advertisement and Route
Redistribution for the Virtual IP
You advertise the load balancer's virtual IP (VIP) and verify that the HTTP traffic is being
handled by both web servers in a round-robin method.
1. Use the Chrome browser to access the load balancer VIP.
a. From your student desktop, open a Chrome browser window and try to access the load
balancer’s VIP address http://192.168.100.7.
b. Verify that the website cannot be reached.
The website cannot be reached because the load balancer’s VIP is not advertised and
is unknown to the outside clients.

Lab 12 Configuring Load Balancing 115

2. Use curl to verify access to the load balancer VIP.
a. From your student desktop, open the command prompt window and access the load
balancer’s VIP address.
curl -i http://192.168.100.7

b. Verify that the website cannot be reached.

The website cannot be reached because the load balancer’s VIP is not advertised and
is unknown to the outside clients.

3. Configure the T1-LR-LB gateway to advertise the VIP route.

a. On the NSX Simplified UI Home page, click Networking > Tier-1 Gateways > T1-
LR-LB.
b. Click the three vertical ellipses icon and select Edit.
c. Expand the option by clicking the > icon next to Route Advertisement.
d. In the Edit Route Advertisement Configuration window, click Advertise All LB VIP
Routes.

4. Click SAVE followed by CLOSE EDITING.

116 Lab 12 Configuring Load Balancing

5. Configure the T0-LR-1 gateway to redistribute the VIP route to its upstream VyOS router.
a. Select Networking > Tier-0 Gateways > T0-LR-01.
b. Click the three vertical ellipses icon next to TO-LR-01 and select Edit.
c. Expand the ROUTE RE-DISTRIBUTION option and click the Route Re-
distribution number.
d. In the Edit Redistribution Criteria window, select the LB VIP check box.

6. Click APPLY.
a. Click SAVE followed by CLOSE EDITING.

Lab 12 Configuring Load Balancing 117

7. Use Firefox to verify the access to the load balancer VIP.
a. From student desktop, open a Firefox browser and access the VIP address using
http://192.168.100.7.
The webpage should appear.
b. Refresh the browser display to verify that both back-end web servers are being used
(as a result of the configured round-robin method).
The client’s HTTP requests alternate between T1-Web-01 and T1-Web-02.
Due to the browser cache behavior, you might need to press Ctrl+F5 (force refresh) to see
the traffic being load balanced between the two web servers.

118 Lab 12 Configuring Load Balancing

8. Use curl to verify access to the load balancer VIP.
a. From student desktop, open Windows command prompt and access the load
balancer’s VIP address.
curl -i http://192.168.100.7

The webpage should appear.

b. Run the same curl command again to verify that both back-end web servers are being
used in a round-robin method.

Lab 12 Configuring Load Balancing 119

Task 6: Use the CLI to Verify the Load Balancer
Configuration
You verify the configuration of the load balancer using the NSX Edge CLI.
1. Verify the load balancer configuration.
a. In MTPuTTY, open a connection to either sa-nsxedge-01 or sa-nsxedge-02 and
retrieve the load balancer information.
get load-balancer

The output shows the general load balancer configuration, including UUID and
Virtual Server ID.
b. Copy the UUID and the Virtual Server IIDd values and paste them to a notepad.
2. Verify the virtual server configuration.
get load-balancer UUID virtual-server Virtual_Server_ID

120 Lab 12 Configuring Load Balancing

3. Verify the server pool configuration.
get load-balancer UUID pools

UUID is the value that you recorded for the load balancer.

Lab 12 Configuring Load Balancing 121

Task 7: Verify the Operation of the Backup Server
You verify the operation of the backup server configured in the server pool.
1. Verify the operations of the backup server .
a. From the vSphere Web Client UI, Shut Down Guest OS for the two web servers (T1-
Web-01 and T1-Web-02) which belong to the default server pool for load balancing.
b. From your student desktop, open the Firefox browser window and connect to the load
balancer’s VIP address http://192.168.100.7.
T1-Web-03 in the backup pool is now in use because the servers in the default pool servers
are down.

NOTE
You might need to wait a few minutes before trying to access the backup server.

122 Lab 12 Configuring Load Balancing

Task 8: Prepare for the Next Lab
You restart the web server VMs and disable the load balancer.
1. From the vSphere Web Client UI, power on the T1-Web-01 and T1-Web-02 VMs.
a. When the Power On Recommendations page display, click OK.

2. Disable the load balancer.

a. From NSX Manager web UI, click Networking > Load Balancing > LOAD
BALANCERS.
b. Click the three vertical ellipses icon next to the Web-LB and select Edit.
c. Toggle the Admin State to Disabled.
3. Detach the Web-LB load balancer from the T1-LR-LB gateway.
a. Clear the Tier-1 Gateway box by clicking the X beside the value in the box and
clicking outside the box.
b. Click SAVE.

Lab 12 Configuring Load Balancing 123

4. From the NSX Simplified UI, click Networking > Segments and click on dotted vertical
line and select Edit Web-LS.
a. Select T1-LR-01 from Uplink & Type.
b. Click Save.
c. Click CLOSE EDITING.

124 Lab 12 Configuring Load Balancing

Lab 13 Deploying Virtual Private
Networks

Objective: Configure the VPN tunnel and verify the

operation

In this lab, you perform the following tasks:

1 Prepare for the Lab
2 Deploy Two New NSX Edge Nodes to Support the VPN Deployment
3 Enable SSH on the Edge Nodes
4 Configure a New Edge Cluster
5 Deploy and Configure a New Tier-0 Gateway and Segments for VPN Support
6 Create an IPSec VPN Service
7 Create an L2 VPN Server
8 Create an L2 VPN Session
9 Deploying the L2 VPN Client
10 Verify the Operation of the VPN Setup

125
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

126 Lab 13 Deploying Virtual Private Networks

Task 2: Deploy Two New NSX Edge Nodes to Support the
VPN Deployment
1. You need to complete the configurations for the new edge transport nodes in order to use
them later in this lab.
a. On the NSX Simplified UI home page, click System > Fabric > Nodes > Edge
Transport Nodes.
b. Click +ADD EDGE VM.
c. Provide the configuration details in the Name and Description window.
• Name: Enter sa-nsxedge-03.
• Host name/FQDN: Enter sa-nsxedge-03.vclass.local.
• Form Factor: Select Medium (default).
d. Click NEXT.
2. On the Credentials page, enter VMware1!VMware1! as the CLI password and the system
root password.
a. Click NEXT.
3. On the Configure Deployment page, provide the configuration details.
• Compute Manager: Select sa-vcsa-01.vclass.local (begin by typing sa and the full
name should appear).
• Cluster: Select SA-Management-Edge from the drop-down menu.
• Resource Pool: Leave empty.
• Host: Leave empty.
• Datastore: Select SA-Shared-02-Remote from the drop-down menu.
a. Click NEXT.
4. On the Configure Ports page, provide the configuration details.
• IP Assignment: Select Static.
• Management IP: Enter 172.20.10.63/24.
• Default Gateway: Enter 172.20.10.10.
• Management Interface: Select pg-SA-Management from the drop-down menu.
a. Click NEXT.

Lab 13 Deploying Virtual Private Networks 127

5. On the Configure NSX page, provide the configuration details.
• Transport Zone: Select Global-Overlay-TZ and Gloal-VLAN-TZ.
• Edge Switch Name: Select PROD-Overlay-NVDS.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.
• IP Assignment: Select Use IP Pool from the drop-down menu.
• IP Pool: Select VTEP-IP-Pool from the drop-down menu.
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Overlay from the
drop-down menu.
6. Continuing on the Configure NSX page, click + Add N-VDS.
• Edge Switch Name: Select PROD-VLAN-NVDS from the drop-down menu.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.
• IP Assignment: [Disabled].
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Uplinks from the
drop-down menu.
a. Click FINISH.

NOTE
The edge deployment might take a several minutes to complete. The deployment
status displays various values, for example, Node Not Ready, which is only
temporary.

NOTE
Please wait until the Configuration status displays Success and Status is Up. You
might click REFRESH occasionally.

128 Lab 13 Deploying Virtual Private Networks

7. You need to deploy another NSX Edge node.
a. On the NSX Simplified UI home page, click System > Fabric > Nodes > Edge
Transport Nodes.
b. Click +ADD EDGE VM.
c. Provide the configuration details in the Name and Description window.
• Name: Enter sa-nsxedge-04.
• Host name/FQDN: Enter sa-nsxedge-04.vclass.local
• Form Factor: Select Medium (default).
d. Click NEXT.
8. On the Credentials page, enter VMware1!VMware1! as the CLI password and the system
root password.
a. Click NEXT.
9. On the Configure Deployment page, provide the configuration details.
• Compute Manager: Select sa-vcsa-01.vclass.local (begin by typing sa and the full
name should appear).
• Cluster: Select SA-Management-Edge from the drop-down menu.
• Resource Pool: Leave empty.
• Host: Leave empty.
• Datastore: Select SA-Shared-02-Remote from the drop-down menu.
a. Click NEXT.
10. On the Configure Ports page, provide the configuration details.
• IP Assignment: Select Static.
• Management IP: Enter 172.20.10.64/24.
• Default Gateway: Enter 172.20.10.10.
• Management Interface: Select pg-SA-Management from the drop-down menu.
a. Click NEXT.
11. On the Configure NSX page, provide the configuration details.
• Transport Zone: Select Global-Overlay-TZ and Global-VLAN-TZ.
• Edge Switch Name: Select PROD-Overlay-NVDS.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.

Lab 13 Deploying Virtual Private Networks 129

• IP Assignment: Select Use IP Pool from the drop-down menu.
• IP Pool: Select VTEP-IP-Pool from the drop-down menu.
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Overlay from the
drop-down menu.
12. Continuing on the Configure NSX page, click + Add N-VDS.
• Edge Switch Name: Select PROD-VLAN-NVDS from the drop-down menu.
• Uplink Profile: Select nsx-edge-single-nic-uplink-profile from the drop-down menu.
• IP Assignment: [Disabled].
• DPDK Fastpath Interfaces: Select uplink-1 and select pg-SA-Edge-Uplinks from the
drop-down menus.
a. Click FINISH.

NOTE
The edge deployment might take a several minutes to complete. The deployment
status displays various values, for example, Node Not Ready, which is only
temporary.

NOTE
Please wait until the Configuration status displays Success and Status is Up. You
might click REFRESH occasionally.

130 Lab 13 Deploying Virtual Private Networks

Task 3: Enable SSH on the Edge Nodes
You enable the SSH service on each edge node that you created.
1. From the vSphere Web Client Home page, click Hosts and Clusters.
2. In the navigator pane, right-click sa-nsxedge-03 and select Open Console.
3. Enter admin as the user name and VMware1!VMware1! as the password.
4. Verify that the SSH service is stopped.
get service ssh

5. Start the SSH service.

start service ssh

6. Set the SSH service to autostart when the VM is powered on.

set service ssh start-on-boot

7. Verify that the SSH service is running and Start on boot is set to True.
get service ssh

8. Configure SSH on sa-nsxedge-04.

a. From the vSphere Web Client Home page, click Hosts and Clusters.
b. In the navigator pane, right-click sa-nsxedge-04 and select Open Console.
c. Enter admin as the user name and VMware1!VMware1! as the password.
d. Verify that the SSH service is stopped.
get service ssh

e. Start the SSH service.

start service ssh

f. Set the SSH service to autostart when the VM is powered on.

set service ssh start-on-boot

g. Verify that the SSH service is running and Start on boot is set to True.
get service ssh

Lab 13 Deploying Virtual Private Networks 131

Task 4: Configure a New Edge Cluster
You log in to the NSX Simplified UI and configure a VPN service to a remote network.
1. Create a new Edge Cluster that contains two previously deployed NSX Edge Nodes.
a. Navigate to System > Fabric > Nodes > Edge Clusters.
b. Click +ADD.
• Name: Enter Edge-Cluster-02.
• Transport Nodes: Select the checkbox next to Available (2) to select both sa-
nsxedge-03 and sa-nsxedge-04.
c. Click the right arrow icon to move the Edge Nodes to Selected.
d. Click ADD.

132 Lab 13 Deploying Virtual Private Networks

Task 5: Deploy and Configure a New Tier-0 Gateway and
Segments for VPN Support
1. You deploy and configure a new Tier-0 gateway for VPN support.
a. Navigate the NSX Simplified UI to Networking > Tier-0 Gateways.
b. Click ADD TIER-0 GATEWAY.
c. Enter the configuration information for the new Tier-0 gateway.
• Name: Enter T0-VPN-Gateway.
• HA Mode: Select Active Standby (use the drop-down menu and select).
• Fail Over: Select Preemptive.
• Edge Cluster: Select Edge-Cluster-2 (use the drop-down menu and select).

NOTE
The Edge Cluster might not initially populate. You might need to click on the field
multiple times to eventually have it available.

• Preferred Edge: Select sa-nsxedge-03 (use the drop-down menu and select).
d. Click Save.
2. When the message asking whether you want to continue Configuring this Tier-0 Gateway
appears, click YES.
3. Expand ROUTE RE-DISTRIBUTION by clicking the > icon next to it and click Set.
a. Click the check boxes for the configuration.
• Select Static Routes.
• Select IPSec Local IP.
• Select Connect Interfaces & Segments and all subobjects.
• Select Advertised Tier-1 Subnets: Leave Off.
b. Click APPLY.
c. Click SAVE.

Lab 13 Deploying Virtual Private Networks 133

4. Click CLOSE EDITING.

5. Navigate in the NSX Simplified UI to Networking > Segments.

a. Click ADD SEGMENT.
b. Enter the configuration information for the new segment.
• Name: Enter T0-VPN-GW-Uplink.
• Uplink & Type: Leave blank.
• Subnets: Leave blank.
• Transport Zone: select Global-VLAN-TZ | VLAN from the drop-down menu.
• VLAN: Enter 0 and click Add Item(s).
c. Click SAVE.
6. When prompted to continue editing the segment, click NO.

134 Lab 13 Deploying Virtual Private Networks

7. Click ADD SEGMENT again to create another segment.
a. Enter the configuration information for the new Segment.
• Name: Enter L2VPN-Segment.
• Uplink & Type: Leave blank.
• Subnets: Leave blank.
• Transport Zone: Select Global-Overlay-TZ from the drop-down menu.
b. Click SAVE.
c. When prompted to continue editing the segment, click NO.
8. Return to Networking > Tier-0 Gateways.
a. Click the three vertical ellipse icon next to T0-VPN-Gateway.
b. Expand INTERFACES by clicking the > icon next to it and click Set.
c. Click ADD INTERFACE.
d. Enter the configuration information for the new Interface.
• Name: Enter Uplink.
• Type: External (default).
• IP Address / Mask: Enter 192.168.201.2/24 and click Add item(s).
• Connected To(Segment): Select T0-VPN-GW-Uplink (use the drop-down menu
and select)
• Edge Node: Select sa-nsxedge-03 from the drop-down menu.
9. Click SAVE, CLOSE followed by CLOSE EDITING.
10. Wait until the new Tier-0 Gateway status displays UP.
You might click REFRESH periodically while waiting.

Lab 13 Deploying Virtual Private Networks 135

Task 6: Create an IPSec VPN Service
1. You create and configure a new IPSec VPN Service.
a. Navigate in the NSX Simplified UI to Networking > VPN.
b. Click ADD SERVICE > IPSec.

c. Enter the configuration information for the new VPN Service.

• Name: Enter IPSec-for-L2VPN.
• Tier-0 Gateway: Select T0-VPN-Gateway (use the drop-down menu to select).
d. Click SAVE.
2. When the message asking whether you want to continue Configuring this Tier-0 Gateway
appears, click NO.

136 Lab 13 Deploying Virtual Private Networks

Task 7: Create an L2 VPN Server and Session
1. You create an L2 VPN server for your VPN network.
a. While in the VPN SERVICES tab, click ADD SERVICE > L2 VPN Server.
b. Enter the configuration information for N-VDS.
• Name: Enter L2-VPN-Server.
• Tier-0 Gateway: Select T0-VPN-Gateway (use the drop-down menu to select).
c. Click SAVE.
d. When the message asking whether you want to continue Configuring this VPN
Service appears, click YES.

Lab 13 Deploying Virtual Private Networks 137

2. Expand SESSIONS by clicking the > icon next to it and click ADD Sessions followed by
ADD L2 VPN SESSION.
a. Enter the session configuration information.
• Segment: Enter L2-VPN-Session-01.
• Local Endpoint/IP: Click the three vertical ellipse icon and add an endpoint
• Name: Enter L2VPN-Endpoint.
• VPN Service: Select IPSec-for-L2VPN.
• IP Address: Enter 192.168.201.3.
• Local ID: Enter 192.168.201.3.
• Click SAVE.
• On the ADD L2 VPN SESSION screen, provide the configurations.
• Remote IP: Enter 192.168.201.4.
• Pre-shared Key: Enter VMware1!.
• Tunnel Interface: Enter 169.1.1.1/24.
• Remote ID: Enter 192.168.201.4.
b. Click SAVE.
c. When the message asking whether you want to continue Configuring this L2-VPN
Session appears, click NO.
3. Click CLOSE followed by CLOSE EDITING.
a. Click on the L2 VPN SESSIONS tab and confirm the sessions were created.

NOTE
The L2 VPN Session appears as either Down or In Progress until you have
deployed the L2 VPN Client and have an active session running.

138 Lab 13 Deploying Virtual Private Networks

4. Return to Networking > Segments and add the newly created VPN session information to
L2VPN-Segment.
a. Click the three vertical ellipse icon next to L2VPN-Segment and select Edit from the
menu.
b. Click the L2 VPN field and select L2-VPN-Session.
c. Enter the value 100 in the VPN Tunnel ID field.
d. Click SAVE followed by CLOSE EDITING.

Task 8: Deploy the L2 VPN Client

1. Before deploying the L2VPN-Client, you acquire Peer Code from the L2 VPN Session.
a. Navigate to Networking > VPN > L2 VPN Sessions.
b. From the L2 VPN SESSIONS tab click the > icon next to L2-VPN-Session-01.
c. Click on DOWNLOAD CONFIG.
The Download Config has PSK information in it warning appears.
d. Click YES.
e. Save the configuration file to your desktop.

Lab 13 Deploying Virtual Private Networks 139

2. You deploy the L2 VPN Client onto sa-esxi-01.vclass.local from the vSphere Web Client.
a. Switch to the vSphere Web Client and select sa-esxi-01.vclass.local.
You might need to log in again using user name [email protected] and
password VMware1!.
b. Right-click on the host and select Deploy OVF Template.
c. Enter the configurations for the deployment.
• Select Template: Click Local file and click Browse.
• Locate the nsx-l2vpn-client-ovf-11197779 folder and click to open the folder.
• Select all the files in the folder using Ctrl+A and click Open.
3. Click Next.
4. In the Select Name and location windows, delete -XLarge from the name and click Next.
5. In the Select a resource window, sa-esxi-01.vclass.local should be highlighted.
If it is not highlighted, select it and click Next.
6. In the Review details window, click Next.
7. In the Select storage window, select Thin provision from the Select virtual disk format:
drop-down menu, select SA-Shared-02-Remote from the storage list, and click Next.
8. In the Select networks window, select the following fields.
• Trunk: Select Trunk (use the drop-down menu to select).
• Public: Select pg-SA-Edge-Uplinks (use the drop-down menu to select)
• HA: Select HA (you might need to click Browse to locate the value).
9. Click Next.
10. On the Customize template window, enter the user passwords.
• For admin, enable, and root users: enter VMware1!VMware1! in Enter Password and
Confirm Password.
11. Expand Uplink Interface using the > icon next to it.
• IP Address: Enter 192.168.201.4.
• Prefix Length: Enter 24.
• Default Gateway: Enter 192.168.201.1.
• DNS IP Address: Enter 172.20.10.10.
12. Expand L2T using the > icon next to it.

140 Lab 13 Deploying Virtual Private Networks

a. Minimize all open windows and access your desktop.
b. Double-click the L2VPNSession_L2VPN-Session-01_config.txt file.
c. In the open Notepad screen, select Format > Word Wrap.
d. Beginning after the text peer_code, highlight the text between the quotes and copy
the content.

Enter the following information in the L2T configurations.

• Egress Optimized IP Address: Leave blank.

• Peer Address: Enter 192.168.201.3.
• Peer Code: Paste the content using Ctrl+V from you notepad screen.

13. Expand Sub Interface using the > icon next to it.
• Enter 10(100) in the Sub Interface VLAN (Tunnel ID)
14. Click Next and then Finish.
You might encounter the Failed to Deploy OVF package...missing
descriptor error.

NOTE
You might encounter the Failed to Deploy OVF package...missing
descriptor error. Unfortunately you will have to start the deploy over and try
again. You must power off the NSX-l2t-client and Delete from Disk option before
reattempting the deploy. If the second time does not work correctly, ask your
instructor for assistance.

15. Watch the progress of the deployment until complete.

NOTE
Even after Recent Tasks show is complete, you might have to wait for a few
minutes before the Power On option is accessible.

• Power on the NSX-l2t-client by right-clicking on the newly deployed VM in the

inventory and select Power > Power On.

Lab 13 Deploying Virtual Private Networks 141

NOTE
You might need to wait for about 3 minutes for the startup to complete.

16. To insure that the startup is complete, switch back to your vSphere Web Client, select
NSX-l2t-client in the inventory and click the gear icon in the console image and select
Launch Web Console.
a. Wait for the login prompt appears and login using the user name admin and password
VMware1!VMware1!.

b. Verify that the client Information is displayed.

c. Close the console by clicking the X in the browser tab.

Task 9: Verify the Operation of the VPN Setup

In this task you will verify the proper operation of the VPN tunnel deployed by opening
consoles into the two L2VPN VMs and using ping to reach across the VPN.
1. In the vSphere Web Client inventory, right-click T1-L2VPN-01 and select Edit Settings.
a. Change Network adapter 1 by clicking the drop-down menu and select L2VPN-
Segment (nsx LogicalSwitch).
b. Make sure Connected is selected and click OK.

NOTE
Ensure that both NSX-l2t-client and T1-L2VPN-02 reside on the same host by
selecting each of them and viewing the Summary tab for the Host: value.
Otherwise, use vMotion to migrate T1-L2VPN-02 to the same host as the NSX-l2t-
client. Both should reside on sa-esxi-01.vclass.local.

2. Verify that T1-L2VPN-02 is connected to Remote_Network.

a. In the vSphere Web Client inventory, right-click T1-L2VPN-02 and select Edit
Settings.

142 Lab 13 Deploying Virtual Private Networks

b. Verify the network connection by ensuring Network adapter 1 has the value
Remote_Network.
Alternately, click the drop-down menu and select Remote_Network to verify the network
connection.
3. In the vSphere Web Client, open a console to T1-L2VPN -01.
a. In the vCenter Hosts and Clusters inventory pane, select T1-L2VPN-01, click the
Summary tab and gear in the console image to select Launch Web Console.
4. Log in to the T1-L2VPN-01 VM using the username vmware and the password
VMware1!.

a. Verify connectivity with T1-L2VPN-02.

ping -c 3 172.16.50.12

5. Return to vCenter Hosts and Clusters inventory pane, select T1-L2VPN-02, click the
Summary tab and gear in the console image to select Launch Web Console.
6. Log in to T1-L2VPN-02 VM using the username vmware and the password VMware1!.
a. Verify bidirectional connectivity from T1-L2VPN-02 to T1-L2VPN-01.

Lab 13 Deploying Virtual Private Networks 143

ping -c 3 172.16.50.11
You have verified bidirectional communication between the two VMs at the end of the
VPN tunnel.
7. Close both the consoles by clicking the X on their respective web tabs.
8. Open MTpuTTY and connect to sa-nsxedge-03.
a. Log in with the user name admin and password VMware1!VMware1!.
b. Verify that the L2VPN session is active, identify the peers, and ensure that the tunnel
status is up.
get ipsecvpn session active

9. Verify that the sessions are up.

get ipsecvpn session status

10. Check whether the ipsecvpn session is up between the local and remote peers.

144 Lab 13 Deploying Virtual Private Networks

get ipsecvpn session summary

11. Get the l2vpn session, tunnel, and IPSEC session numbers, and check that the status is UP.
get l2vpn sessions

12. Get statistical information of the local and remote peers, whether the status is UP, count of
packets received, bytes received (RX), packets transmitted (TX), and packets dropped,
malformed, or loops.

Lab 13 Deploying Virtual Private Networks 145

get l2vpn session stats

13. Get the session configuration information.

get l2vpn session config

146 Lab 13 Deploying Virtual Private Networks

Lab 14 Configuring the NSX
Distributed Firewall

Objective: Create NSX distributed firewall rules to allow

or deny application traffic

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Test the IP Connectivity
3. Create IP Set Objects
4. Create Firewall Rules
5. Create an Intertier Firewall Rule to Allow SSH Traffic
6. Create an Intertier Firewall Rule to Allow MySQL Traffic
7. Prepare for the Next Lab

147
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

148 Lab 14 Configuring the NSX Distributed Firewall

Task 2: Test the IP Connectivity
You test various types of connections, including ICMP, SSH, SQL, HTTP and HTTPS. You
should have full accessibility because the default firewall rule is Allow.
1. From the vSphere Web Client Home page, click Hosts and Clusters and open a console to
T1-Web-01.
2. Log in to T1-Web-01 with root as the user name and VMware1! as the password.
3. Test the ICMP reachability.
ping -c 2 172.16.10.1 (default gateway)

ping -c 2 172.16.10.12 (T1-Web-02)

ping -c 2 172.16.10.13 (T1-Web-03)

ping -c 2 172.16.20.11 (T1-App-01)

ping -c 2 172.16.30.11 (T1-DB-01)

All pings should be successful.

Lab 14 Configuring the NSX Distributed Firewall 149

4. Test the SSH connections.
a. From the T1-Web-01 console, establish an SSH connection to T1-App-01.
• Establish an SSH connection.
ssh 172.16.20.11

• If the Are you sure you want to continue connecting? message appears,
enter yes.

• Enter VMware1! as the password when prompted.

You should be able to enter T1-App-01’s command prompt through SSH.

• Terminate the SSH connection.

exit

b. From the console of T1-Web-01, establish an SSH connection to T1-DB-01.

• Establish an SSH connection.
ssh 172.16.30.11

• If the Are you sure you want to continue connecting? message appears,
enter yes.
• Enter VMware1! as the password when prompted.
You should be able to enter T1-DB-01’s command prompt through SSH.

• Terminate the SSH connection.

exit

5. Test the HTTP access.

a. From the T1-Web-01 console, request an HTTP webpage from T1-Web-02.
curl http://172.16.10.12

b. Verify that a HTTP response is returned from the T1-Web-02 server.

150 Lab 14 Configuring the NSX Distributed Firewall

6. Test the SQL access.
a. From vSphere Web Client, open a console to T1-App-01 and enter root as the user
name and VMware1! as the password.
b. Connect to the SQL database and enter VMware1! when prompted for the password.
mysql -u root -h 172.16.30.11 -p

c. Verify that the mysql prompt is available to query the database.

d. Press Ctrl+C to exit.

Task 3: Create IP Set Objects

You create three IP Sets for Web-Tier, App-Tier, and DB-Tier for future definition of firewall
rules.
1. On the NSX Simplified UI Home page, click Inventory > Domains.
2. Click ADD DOMAIN.
3. Provide the configuration details in the ADD DOMAIN window.
• Name: Production
a. Click SAVE.
b. When the message Please continue configuring groups in this
Production is displayed, click YES.

Lab 14 Configuring the NSX Distributed Firewall 151

4. Click ADD GROUP.
• Group Name: Web-VMs.
• Compute Members: Click Set Members followed by +ADD CRITERIA.
a. Expand the Criteria 1 by clicking the expand > symbol and enter the following
configuration values.
• First entry: Virtual Machine
• Second entry: Name
• Third entry: contains
• Fourth entry: Web

b. Click APPLY and then click SAVE.

5. On the Add Groups - Production window, click View Members.

Verify that all the three web VMs are listed.

6. Click CLOSE followed by ADD GROUP.

152 Lab 14 Configuring the NSX Distributed Firewall

7. Repeat step 4 for App-VMs and DB-VMs.
• For the App-VMs group:
Expand the Criteria 1 by clicking the expand > symbol and enter the following
configuration values.

• First entry: Virtual Machine

• Second entry: Name
• Third entry: contains
• Fourth entry: app
• For the DB-VMs group:
Expand the Criteria 1 by clicking the expand > symbol and enter the following
configuration values.

• First entry: Virtual Machine

• Second entry: Name
• Third entry: contains
• Fourth entry: db
8. Click SAVE and CLOSE.

Lab 14 Configuring the NSX Distributed Firewall 153

Task 4: Create Firewall Rules
You create an infrastructure firewall rule to block all the external web traffic to the web tier and
allow intratier web to web traffic.
1. On the NSX Simplified UI Home page, click Security > East West Security >
Distributed Firewall > APPLICATION.
2. Click + ADD POLICY.

a. Click on the Name in the new section and enter Control-Intratier-Traffic.

b. Click default in Domain and select Production from the list and click SAVE.

154 Lab 14 Configuring the NSX Distributed Firewall

3. Click the three vertical ellipses icon and select Add Rule twice.

4. Enter the following rule configurations:

Top Rule
• Name: Allow-Web-to-Web.
• Source: Web-VMs and click APPLY.
• Destination: Web-VMs and click APPLY.
• Services: ICMP Echo Request, ICMP Echo Reply, HTTP, and HTTPS, and click
SAVE.
• Profiles: Any.
• Applied To: Select DFW.
• Action: Select Allow.
Second Rule
• Name : Block-to-Tiers-External.
• Source: Any.
• Destination: Web-VMs, App-VMs, and DB-VMs, and click APPLY.
• Services: Any.

Lab 14 Configuring the NSX Distributed Firewall 155

• Profiles: Any.
• Applied To: Select DFW.
• Action: Select Drop.

5. Click PUBLISH.
6. Verify the connectivity from your student desktop to the Web-Tier VMs.
a. From your student desktop, open a browser tab and enter http://172.16.10.11.
The HTTP request should timeout, as a result of the firewall rule.
b. From your student desktop, open a browser tab and and enter
http://172.16.10.12.

The HTTP request should timeout, as a result of the firewall rule.

c. In the vSphere Web Client open a console into T1-Web-01.
ping -c 3 172.16.10.12
ping -c 3 172.16.10.13
curl http://172.16.10.12
curl http://172.16.10.13

The ping and curl request should succeed.

156 Lab 14 Configuring the NSX Distributed Firewall

Task 5: Create an Intratier Firewall Rule to Allow SSH
Traffic
You create a firewall rule to allow SSH traffic from Web-Tier VMs to App-Tier VMs.
1. From the T1-Web-01 console, test the SSH access to T1-App-01.
ssh 172.16.20.11

You should not be able to connect.

2. Press Ctrl+C to exit.
If your connection already timed out, you do not need to press Ctrl+C.
3. On the NSX Simplified UI Home page, click East West Firewall > Distributed Firewall
> CATEGORY SPECIFIC RULES.
a. Click the three vertical ellipses icon next to Policy Control-Intratier-Traffic and select
Add Rule.
4. Enter the following rule configurations:
Top Rule
• Name: Enter Allow-SSH-Intratier.
• Source: Select Web-VMs and click APPLY.
• Destination: Select Web-VMs and App-VMs, and click APPLY.
• Service: Enter SSH in the lookup bar and select SSH from list of services, and click
SAVE.
• Profiles: Select Any.
• Applied To: Select DFW.
• Action: Select Allow.

Lab 14 Configuring the NSX Distributed Firewall 157

5. Click PUBLISH.
6. From the T1-Web-01 console, test the SSH access to T1-App-01.
ssh 172.16.20.11

7. Enter VMware1! when prompted for the password.

Your prompt should be changed to the App VM’s prompt, which verifies that your Web-
to-App (Allow) rule is working properly.

8. Close the SSH session.

exit

Task 6: Create an Intratier Firewall Rule to Allow MySQL

Traffic
You create a firewall rule to allow MySQL traffic from App-Tier VMs to DB-Tier VMs.
1. Test the SQL access.
a. From vSphere Web Client, open a console connection to T1-App-01.
b. Connect to T1-DB-01.
mysql -u root -h 172.16.30.11 -p

You should not be able to connect.

c. Press Ctrl+C to close the mysql connection attempt.
2. On the NSX Simplified UI Home page, go to Security > East West Security >
Distributed Firewall > CATEGORY SPECIFIC RULES.
.
3. Click the three vertical ellipses icon next to the Control-Intratier-Traffic section and
select Add Rule.

158 Lab 14 Configuring the NSX Distributed Firewall

4. Provide the configuration details in the for the new rule.
• Rule Name: Enter Allow-MySQL.
• Source: Select App-VMs.
• Destination: Select DB-VMs
• Service: Enter MySQL in the service list and select MySQL, and click SAVE.
• Profiles: Select Any.
• Applied To: Select DFW.
• Action: Select Allow.

5. Click PUBLISH.
6. Switch to the T1-App-01’s console prompt and test the SQL access again.
a. Test the SQL connectivity.
mysql -u root -h 172.16.30.11 -p

b. Enter VMware1! when prompted for the password.

c. Verify that the mysql prompt appears.

The mysql prompt verifies that the App-to-DB rule is working properly.

Lab 14 Configuring the NSX Distributed Firewall 159

d. Close the SQL connection.
exit

Task 7: Prepare for the Next Lab

You disable the user-created distributed firewall sections and reset the default section back to
its default settings.
1. On the NSX Simplified UI Home page, go to Security > East West Security >
Distributed Firewall > CATEGORY SPECIFIC RULES.
2. Disable the Control-Intratier-Traffic section.
a. Click the three vertical ellipses icon next to Control-Intratier-Traffic and select
Disable all rules.

160 Lab 14 Configuring the NSX Distributed Firewall

3. Click PUBLISH.

Lab 14 Configuring the NSX Distributed Firewall 161

162 Lab 14 Configuring the NSX Distributed Firewall
Lab 15 Configuring the NSX
Gateway Firewall

Objective: Configure and test the NSX gateway firewall

rules to control north-south traffic

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Test SSH Connectivity
3. Configure a Gateway Firewall Rule to Block External SSH Requests
4. Test the Effect of the Configured Gateway Firewall Rule
5. Prepare for the Next Lab

163
Task 1: Prepare for the Lab

You log in to the vSphere Web Client UI and the VMware NSX Manager UI.
1. From your student desktop, log in to the vSphere Web Client UI.
a. Open the Chrome web browser.
b. Click the vSphere Site-A > vSphere Web Client (SA-VCSA-01) bookmark.
c. On the login page, enter [email protected] as the user name and
VMware1! as the password.

164 Lab 15 Configuring the NSX Gateway Firewall

Task 2: Test SSH Connectivity

You verify that the SSH connections are successful.
1. From MTPuTTY on your student desktop, open the preconfigured SSH connections to T1-
App-01, T1-Web-01, T1-Web-02, and T1-Web-03.
2. From T1-Web-01’s MTPuTTY connection, SSH to T1-App-01.
a. Establish an SSH connection.
ssh 172.16.20.11

b. Log in with the password VMware1!.

c. Terminate the SSH connection.
Exit

Lab 15 Configuring the NSX Gateway Firewall 165

Task 3: Configure a Gateway Firewall Rule to Block
External SSH Requests
You configure a Gateway Firewall Rule to block SSH requests from external networks.
1. On the NSX Simplified UI Home page, click Security > North South Security >
Gateway Firewall.
2. From the Gateway drop-down menu, select T0-LR-01.

3. Click the + ADD POLICY to add a new category.

166 Lab 15 Configuring the NSX Gateway Firewall

4. Click default in the Domain field of the new policy and select Production.

a. Click SAVE.
5. Edit the New Policy name.
• Name: Enter Block-SSH-Policy.

Lab 15 Configuring the NSX Gateway Firewall 167

6. Click the three vertical ellipses icon next to the new category and select Add Rule.

7. Configure the rule with the following configuration values:

• Name: Enter Block-SSH-from-Outside.
• Source: Any (default).
• Destination: Select App-Tier-VMs, DB-VMs, and Web-Tier-VMs, and click
APPLY
• Services: Select SSH from the Set Service page and click SAVE.
• Applied to: Select Uplink-1-Intf and Uplink-2-Intf and click SAVE.
• Action: Select DROP.

8. Click PUBLISH.

168 Lab 15 Configuring the NSX Gateway Firewall

Task 4: Test the Effect of the Configured Gateway
Firewall Rule
You verify that the Gateway Firewall Rule successfully blocks the SSH traffic.
1. Open MTPuTTY from the student desktop and attempt to connect to T1-Web-01, T1-App-
01, and T1-DB-01.
You connections should fail.

a. Close the putty connection attempts by clicking OK and Close.

2. From T1-Web-01, open an SSH connection to T1-App-01.
a. From the vSphere Web Client UI, open a console to T1-Web-01.
b. Establish an SSH connection.
ssh 172.16.20.11

Lab 15 Configuring the NSX Gateway Firewall 169

c. Log in with the password VMware1!.
The connection should be successful, because the Gateway Firewall Rule that you
configured does not affect the internal traffic between tenant networks.
d. Terminate the SSH connection.
exit

Task 5: Prepare for the Next Lab

You disable the Gateway Firewall Rule.
1. On the NSX Simplified UI Home page, click Security > North South Firewall >
Gateway Firewall.
2. Click Enable/Disable to disable the rule.

3. Click PUBLISH.
4. Verify that SSH is allowed from external sources.
5. Open MTPuTTY from the desktop and connect to T1-Web-01, T1-App-01, and T1-DB-01.
Your connections should work.

170 Lab 15 Configuring the NSX Gateway Firewall

Lab 16 Managing Users and Roles
with VMware Identity Manager

Objective: Integrate NSX Manager with a predeployed

VMware Identity Manager appliance

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Add an Active Directory Domain to VMware Identity Manager
3. Create the OAuth Client for NSX Manager from VMware Identity Manager
4. Gather the VMware Identity Manager Appliance Thumbprint
5. Enable VMware Identity Manager Integration with NSX Manager
6. Assign NSX Roles to Domain Users and Test Permissions
7. Prepare for the Next Lab

171
Task 1: Prepare for the Lab

You log in to the NSX Manager UI and the Identity Manager Administration Console.
1. From your student desktop, log in to the NSX Simplified UI.
a. Open the Chrome web browser.
b. Click the NSX-T Data Center > NSX Manager bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

172 Lab 16 Managing Users and Roles with VMware Identity Manager
2. Log in to the VMware Identity Manager Administration Console.
a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > VMware Workspace ONE - VIDM bookmark.
c. If you see the Your connection is not private message, click ADVANCED
and click Proceed to sa-nsxvidm-01.vclass.local (unsafe).
d. Enter admin as the user name and VMware1! as the password.
e. On your first entry to the VMware Identity Manager, you are greeted by a message
that asks you to join the VMware Customer Experience Improvement Program
(CEIP). For lab purposes, deselect the check box and click OK.

Task 2: Add an Active Directory Domain to VMware

Identity Manager
You add a Windows Active Directory Domain to VMware Identity Manager.
1. From the VMware Identity Manager Administration Console, click Identity & Access
Management > Directories.
2. Click Add Directory and select Add Active Directory over LDAP/IWA from the drop-
down menu.

3. Provide the configuration details on the Add Directory page.

a. Directory Name:
• Directory Name: Enter vclass.local.
• Select the Active Directory (Integrated Windows Authentication) check box
and scroll down.

Lab 16 Managing Users and Roles with VMware Identity Manager 173
b. Directory Sync and Authentication:
• Sync Connector: Leave as sa-nsxvidm-01.vclass.local (default).
• Authentication: Click Yes (default).
• Directory Search Attribute: Select sAMAccountName (default) and scroll down.

c. Certificates:
• Leave the check box deselected (default) and scroll down.

174 Lab 16 Managing Users and Roles with VMware Identity Manager
d. Join Domain Details:
• Domain Name: Enter vclass.local.
• Domain Admin Username: Enter administrator.
• Domain Admin Password: Enter VMware1! and scroll down.

e. Bind User Details:

• Bind User Name: Enter [email protected]
• Bind User Password: Enter VMware1! and scroll down.

f. Click Save & Next.

The process of adding the domain takes a few minutes and displays various tasks that are
completed.

Lab 16 Managing Users and Roles with VMware Identity Manager 175
4. On the Select the Domains page, ensure that Domain and vclass.local (VCLASS) are
selected and click Next.

5. On the Map User Attributes page, leave the default settings, and click Next.

176 Lab 16 Managing Users and Roles with VMware Identity Manager
6. On the Select the groups that you want to sync page, provide the necessary
specifications.
a. Leave the Sync nested group members check box selected (default).
b. In the Specify the group DNs row, click the green plus sign.
• When the Specify the group DNs text box appears, specify the group DNs.
CN=NSX-Users,CN=Users,DC=vclass,DC=local

• Click Find Groups.

• Select the Select All check box.
The number of Groups to sync should be 1 of 1.

c. Click Next.

Lab 16 Managing Users and Roles with VMware Identity Manager 177
7. On the Select the Users you would like to sync page, provide the necessary
specifications.
a. In the Specify the user DNs row, click the green plus sign.
• When the Specify the user DNs text box appears, enter the values.
CN=John Doe,CN=Users,DC=vclass,DC=local

b. Click Next.
8. On the Review page, verify that there is one user and one group ready to synchronize, and
click Sync Directory.
The Import Status: Sync started message appears.

178 Lab 16 Managing Users and Roles with VMware Identity Manager
9. Click the Refresh Page link.

10. Once the synchonization process completes, verify that there is one user and one group
listed in the vclass.local directory.
The Green check mark indicates that the synchronization process is successful.

Lab 16 Managing Users and Roles with VMware Identity Manager 179
Task 3: Create the OAuth Client for NSX Manager in
VMware Identity Manager
You create the new OAuth Client for NSX Manager from VMware Identity Manager
Administration Console.
1. From VMware Identity Manager Administration Console, click the down arrow next to the
Catalog tab and select Settings from the drop-down menu.
2. In the left pane, select Remote App Access.

3. On the Clients tab, click Create Client.

180 Lab 16 Managing Users and Roles with VMware Identity Manager
4. Provide the configuration details in the Create Client window.
• Access Type: Select Service Client Token.
• Client ID: Enter sa-nsxmgr-01-OAuthClient.
• Click the triangle to expand the Advanced option.
• Click the Generate Shared Secret link to populate the Shared Secret text box.
Copy and paste the shared secret in a notepad.

• Leave all the other values as default.

5. Click Add.

Lab 16 Managing Users and Roles with VMware Identity Manager 181
6. Verify the OAuthClient addition.

Task 4: Gather the VMware Identity Manager Appliance

Fingerprint
You gather the SHA-256 fingerprint information for the VMware Identity Manager appliance.
1. On your student desktop, open the MTPuTTY application from the system tray and
double-click SA-NSX-vIDM-01 to open a console connection.
2. When the PuTTY Security Alert appears, click Yes to proceed.
3. Gain root access by entering sudo -s and VMware1! as the password.
4. Navigate to the VMware Identity Manager appliance configuration directory.
cd /usr/local/horizon/conf/

182 Lab 16 Managing Users and Roles with VMware Identity Manager
5. Collect the SHA-256 fingerprint of the VMware Identity Manager and record it in a
notepad.
openssl x509 -in sa-nsxvidm-01.vclass.local_cert.pem -noout -sha256
-fingerprint

6. Copy and paste the fingerprint to notepad.

Lab 16 Managing Users and Roles with VMware Identity Manager 183
Task 5: Enable VMware Identity Manager Integration with
NSX Manager
You integrate VMware Identity Manager with NSX Manager.
1. On the NSX Simplified UI Home page, click System > Users and click on the
Configuration tab.
2. Click the EDIT link.
3. Provide the configuration details in the Edit VMware Identity Manager Parameters
window.
• External Load Balancer Integration: Select Enabled.
• VMware Identity Manager Integration: Select Enabled.
• VMware Identity Manager Appliance: Enter sa-nsxvidm-01.vclass.local.
• OAuth Client ID: Enter sa-nsxmgr-01-OAuthClient, which is the Client ID that
you created in task 3.
• OAuth Client Secret: Enter Shared Secret that you collected in task 3.
• SSL Thumbprint: Cut and paste the SHA-256 Fingerprint you collected in task 4 with
MTPuTTY.
• NSX Appliance: Enter 172.20.10.48.

4. Click SAVE.

184 Lab 16 Managing Users and Roles with VMware Identity Manager
5. Verify that the VMware Identity Manager Connection status is Up and the VMware
Identity Manager Integration status is Enabled.

NOTE
You need to wait for 5 minutes approximately and click the browser refresh before
proceeding.

Task 6: Assign NSX Roles to Domain Users and Test

Permissions
You assign an NSX user role to an Active Directory domain user and verify the user's
permissions.
1. On the NSX Simplified UI home page, click System > Users and click on the Role
Assignments tab.
2. Click ADD > Role Assignment.
3. When the ADD ROLE windows appears, search for jdoe in the Search Users/Users
Groups section and select the user [email protected].
4. In the Roles pane, select the Security Engineer from the drop-down menu .
5. Click SAVE.
6. In the upper-right corner of the NSX Simplified UI, click the User icon and select Log out
to log out as admin.
7. Switch back to VMware Identity Manager Administration Console, click Local Admin >
Logout to log out as admin.

Lab 16 Managing Users and Roles with VMware Identity Manager 185
8. Log in to the NSX Simplified UI at the Virtual IP address (https://172.20.10.48) as the
new user jdoe.
The VMware Identity Manager login page appears.
a. Verify that the vclass.local domain is selected. Otherwise, click Change to a
different domain to select it.
b. Click Next.
c. Enter jdoe as the user name, VMware1! as the password, and click Sign in.

9. In the upper-right corner of the NSX Simplified UI, click User to verify that you are
logged in as [email protected].

186 Lab 16 Managing Users and Roles with VMware Identity Manager
10. Click Networking > Segments > and verify that the ADD SEGMENT option is grayed
out.
The grayed out option indicates that users with the Security Engineer role do not have
permissions to configure segments.
11. Click to System > Fabric > Nodes > Edge Transport Nodes and verify that the +ADD
Edge VM option is grayed out.
The grayed out option indicates that users with the Security Engineer role do not have
permission to configure routing.
12. In the upper-right corner of the NSX Simplified UI, click the User and select LOG out to
log out as [email protected].

Task 7: Prepare for the Next Lab

You disable the integration between VMware Identity Manager and NSX Manager.
1. Open a new tab in your browser and enter
https://172.20.10.48/login.jsp?local=true (NSX Manager Virtual IP address
and local login enabled to bypass VMware Identity Manager).
2. From the NSX Manager login page, enter admin as the user name and
VMware1!VMware1! as the password, and click LOG IN.

3. On the NSX Simplified UI Home page, click System > Users and click the
Configuration tab.
4. Click the EDIT link.
5. When the Edit VMware Identity Manager Parameters menu appears, change the VMware
Identity Manager Integration and External Load Balancer options to Disabled and
click SAVE.

Lab 16 Managing Users and Roles with VMware Identity Manager 187
6. Logout of NSX Simplified and log in again to https://172.20.10.48/login.jsp?local=true as
user admin and password VMware1!VMware1! to validate properly disabling VMware
Identity Manager.
Your login should be successful.
7. Log in to the NSX Simplified UI using the new URL.
Ensure that you perform this step.
a. To enable you to use the correct URL, right-click the NSX Data Center favorites tab
and select Add page.
b. In the Name field, enter NSX After vIDM.
c. In the URL field, enter https://172.20.10.48/login.jsp?local=true.

188 Lab 16 Managing Users and Roles with VMware Identity Manager
d. Click the link to test it and you should be able to log in as user admin and password
VMware1!VMware1!.

Lab 16 Managing Users and Roles with VMware Identity Manager 189
190 Lab 16 Managing Users and Roles with VMware Identity Manager
Lab 17 Configuring Syslog

Objective: Configure Syslog to collect log messages

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Configure Syslog on NSX Manager and Review the Collected Logs
3. Configure Syslog on an NSX Edge Node and Review the Collected Logs

191
Task 1: Prepare for the Lab

You log in to the NSX Manager UI.

1. From your student desktop, open the Chrome web browser.
2. Click the NSX-T Data Center > NSX After vIDM bookmark.
3. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

192 Lab 17 Configuring Syslog

Task 2: Configure Syslog on NSX Manager and Review
the Collected Logs
You configure a Syslog server address on NSX Manager and review the collected logs from the
remote Syslog collector.
1. From MTPuTTY, double-click sa-nsxmgr-01.
2. Configure NSX Manager to send TCP info level log messages to the Syslog server on
student-a-01.vclass.local.
set logging-server student-a-01.vclass.local:1468 proto tcp level
info

You can use the DNS name or the IP address of the Syslog server in your configuration.
3. Verify your logging configuration.
get logging-server

4. Start the Kiwi Syslog Server Console.

a. Expand the System Tray of your student desktop, right-click the Kiwi icon and select
Restore.

5. Verify that the log messages from NSX Manager with the IP address of 172.20.10.41
appear in Kiwi Syslog Server Console.

Lab 17 Configuring Syslog 193

6. Return to the sa-nsxmgr-01 MTPuTTY session and remove the Syslog server
configuration.
del logging-server student-a-01.vclass.local:1468 proto tcp level
info

a. Verify that the logging server is removed.

get logging-server

Only a blank system prompt must be returned.

Task 3: Configure Syslog on an NSX Edge Node and

Review the Collected Logs
You configure a Syslog server address on NSX Edge and review the collected logs from the
remote Syslog collector.
1. From MTPuTTY, double-click sa-nsxedge-01.
2. Configure the NSX Edge Node with a DNS server.
set name-servers 172.20.10.10

3. Configure NSX Edge Node to send TCP info level log messages to the Syslog server.
set logging-server student-a-01.vclass.local:1468 proto tcp level
info

4. Verify your logging configuration.

get logging-servers

5. Go back to Kiwi Syslog Server Console and verify that the log messages from NSX Edge
Node with the IP address of 172.20.10.61 appear.

6. Return to the sa-nsxedge-01 MTPuTTY session and remove the Syslog server
configuration.
del logging-server student-a-01.vclass.local:1468 proto tcp level
info

a. Verify the logging server removal.

get logging-server

There should only return a blank system prompt.

7. Close all MTPuTTY sessions and Kiwi Syslog Server Console.

194 Lab 17 Configuring Syslog

Lab 18 Generating Technical
Support Bundles

Objective: Generate and download a technical support

bundle for NSX Manager

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Generate a Technical Support Bundle for NSX Manager
3. Download the Technical Support Bundle

195
Task 1: Prepare for the Lab

You log in to the NSX Manager UI.

196 Lab 18 Generating Technical Support Bundles

Task 2: Generate a Technical Support Bundle for NSX
Manager
You generate a technical support bundle to gather log and configuration information for NSX
Manager.
1. On the NSX Simplified UI Home page, click System > Support Bundle.
2. At the Request Bundle step, verify that Management Nodes is selected from the Type
drop-down menu.

3. From the Available pane, select the sa-nsxmgr-01 check box and click the right arrow to
move it to the Selected pane.

Lab 18 Generating Technical Support Bundles 197

4. Set Log age (days) to 1 by clicking the down arrow.

5. Click Include core files and audit logs to change it to Yes.

6. Click START BUNDLE COLLECTION.

7. In the Status step, monitor the collection progress, which takes approximately 10 minutes
to complete.

198 Lab 18 Generating Technical Support Bundles

Task 3: Download the Technical Support Bundle
You download the NSX Manager technical support bundle to your student desktop.
1. In the Support Bundle Status window, click DOWNLOAD.
2. Select Desktop in the left pane and click Save to save the nsx_support_archive file
to your student desktop.

3. Verify that the nsx_support_archive_########-######.tar file exists on the

student desktop, where the # symbol is the date and file number.

Lab 18 Generating Technical Support Bundles 199

200 Lab 18 Generating Technical Support Bundles
Lab 19 Using Traceflow to Inspect
the Path of a Packet

Objective: Use Traceflow to inspect the path of a packet

as it travels from source to destination

In this lab, you perform the following tasks:

1. Prepare for the Lab
2. Configure a Traceflow Session
3. Examine the Traceflow Output

201
Task 1: Prepare for the Lab

2. Log in to the NSX Simplified UI.

a. Open another tab in the Chrome web browser.
b. Click the NSX-T Data Center > NSX After vIDM bookmark.
c. On the login page, enter admin as the user name and VMware1!VMware1! as the
password.

202 Lab 19 Using Traceflow to Inspect the Path of a Packet

Task 2: Configure a Traceflow Session
You specify the source VM and the destination VM of a Traceflow session.
1. On the vSphere Web Client UI Home page, click Hosts and Clusters.
2. Ensure that T1-Web-01 and T1-App-01 reside on different hosts.
Otherwise, use vSphere vMotion to migrate the VMs as needed.
3. On the NSX Manager Simplified UI Home page, click Advanced Networking & Security
>Tools > Traceflow.
4. On the Traceflow tab, configure the source and destination VM details.
• IP Address: Select IPv4.
• Traffic Type: Select Unicast (default).
• Source:
• Type: Select Virtual Machine (default).
• VM Name: Select T1-App-01.
• Virtual Interface: Select Network adapter 1 (default).
• Destination:
• Type: Select Virtual Machine (default).
• VM Name: Select T1-Web-01.
• Virtual Interface: Select Network adapter 1 (default).

5. Click TRACE.

Lab 19 Using Traceflow to Inspect the Path of a Packet 203

Task 3: Examine the Traceflow Output
You examine the Traceflow output, including how the packet is injected in the data path, which
components are involved, and how the packet is delivered.
1. If you see a trace observation warning message, ignore it and close the window because
your lab runs in a nested ESXi environment.

2. Verify that the Traceflow output appears, including a diagram on the left and the steps of
the packet are on the right.

3. In the first row of the packet walk, verify that a packet is injected through the Transport
Node.
4. In the second and third rows, verify that the distributed firewall receives the packet, applies
firewall rules, and forwards the packet to the App-LS logical switch.
5. From the fourth to the seventh rows, verify that App-LS is attached to the gateway T1-LR-
1, which receives the packet and forwards it to the attached logical segmentWeb-LS.
6. In the eighth and ninth rows, verify that the source VTEP and destination VTEP IP
addresses appear, because the source and the destination VMs reside on two different
hosts.
7. In the tenth and eleventh rows, verify that the distributed firewall receives the packet and
applies any firewall rules, if any, at the destination host.

204 Lab 19 Using Traceflow to Inspect the Path of a Packet

8. In the last row, verify that the packet is delivered to the destination.

Lab 19 Using Traceflow to Inspect the Path of a Packet 205

Vmware Micro Segmentation Day 2
No ratings yet
Vmware Micro Segmentation Day 2
200 pages
Advances in Spinal Fusion - Molecular Science, Biomechanics, and Clinical Management PDF
100% (3)
Advances in Spinal Fusion - Molecular Science, Biomechanics, and Clinical Management PDF
771 pages
Hamamatsu Piano Competition Repertoire 2024
100% (1)
Hamamatsu Piano Competition Repertoire 2024
11 pages
Marginal Costing
No ratings yet
Marginal Costing
25 pages
AKU BScN Paper 2023 (Recreated)
No ratings yet
AKU BScN Paper 2023 (Recreated)
8 pages
M01 NSX Design Networking
No ratings yet
M01 NSX Design Networking
127 pages
NSX Lab Description
No ratings yet
NSX Lab Description
344 pages
B Cisco UCS C-Series GUI Configuration Guide 201
No ratings yet
B Cisco UCS C-Series GUI Configuration Guide 201
398 pages
VMware NSX - Networking Fundamentals HOL-2540-01-VCF-L
No ratings yet
VMware NSX - Networking Fundamentals HOL-2540-01-VCF-L
255 pages
NSX-T Reference Design Guide v2
No ratings yet
NSX-T Reference Design Guide v2
247 pages
NSX Administration Guide NSX For Vsphere 6.2
No ratings yet
NSX Administration Guide NSX For Vsphere 6.2
370 pages
Aesthetic & Medical Clinics - Dubai
No ratings yet
Aesthetic & Medical Clinics - Dubai
20 pages
Magic, Witchcraft, & Religion
No ratings yet
Magic, Witchcraft, & Religion
20 pages
Sample
No ratings yet
Sample
145 pages
Make Your Vsphere 6.7 Upgrade Bulletproof
No ratings yet
Make Your Vsphere 6.7 Upgrade Bulletproof
39 pages
KMC - GEC Semester II - First List (For Teachers - ) : Bengali: Introduction To Bengali II
No ratings yet
KMC - GEC Semester II - First List (For Teachers - ) : Bengali: Introduction To Bengali II
120 pages
Stanbic Bank Uganda Limited v Odoro Susan 2024 UGH_250217_114109
No ratings yet
Stanbic Bank Uganda Limited v Odoro Susan 2024 UGH_250217_114109
20 pages
NSX-T ICM 2.2 Lab Topology
100% (1)
NSX-T ICM 2.2 Lab Topology
29 pages
NSX 63 Troubleshooting
No ratings yet
NSX 63 Troubleshooting
232 pages
NSX-T 2.4: Network Virtualization
No ratings yet
NSX-T 2.4: Network Virtualization
33 pages
The Official CompTIA A+ Core 1 and Core 2 Study Guide (Exams 220-1101 & 220-1102)
100% (3)
The Official CompTIA A+ Core 1 and Core 2 Study Guide (Exams 220-1101 & 220-1102)
1,495 pages
EDU-EN-NSXTIS31-LAB-SE
No ratings yet
EDU-EN-NSXTIS31-LAB-SE
110 pages
Professor Messer Comptia n10 009 Network Plus Course Notes v12
100% (14)
Professor Messer Comptia n10 009 Network Plus Course Notes v12
81 pages
Design Guide - NSX-T 3.1 Multi-Locations-v1.3
No ratings yet
Design Guide - NSX-T 3.1 Multi-Locations-v1.3
196 pages
NSX For Vsphere Advanced Training: Lab Exercises
100% (1)
NSX For Vsphere Advanced Training: Lab Exercises
113 pages
Hol-2081-01-Hbd - PDF - en - HCX - LAB
No ratings yet
Hol-2081-01-Hbd - PDF - en - HCX - LAB
105 pages
Danuta Mikra
No ratings yet
Danuta Mikra
28 pages
Windows Server 2019 Administration Lab Book
100% (6)
Windows Server 2019 Administration Lab Book
184 pages
NSX 64 Admin
No ratings yet
NSX 64 Admin
456 pages
Real-time automatic integrated monitoring and Feeding system for Dairy Cows
No ratings yet
Real-time automatic integrated monitoring and Feeding system for Dairy Cows
15 pages
Installing and Configuring VROPS
No ratings yet
Installing and Configuring VROPS
117 pages
Celebrity Latest News and Headlines107
No ratings yet
Celebrity Latest News and Headlines107
2 pages
CERC Dell Best
No ratings yet
CERC Dell Best
35 pages
Vmware NSX T Migration Guide
No ratings yet
Vmware NSX T Migration Guide
24 pages
Dell+NetWorker+19 6+Administration+Lab+-+Participant+Guide
No ratings yet
Dell+NetWorker+19 6+Administration+Lab+-+Participant+Guide
218 pages
AmazingEng 1 TestBook
100% (1)
AmazingEng 1 TestBook
32 pages
VMware VSphere Metrics - Jan 2024
No ratings yet
VMware VSphere Metrics - Jan 2024
398 pages
(FCSS NW) - Network Security Support Engineer FortiOS 7.4 - Study Guide
100% (1)
(FCSS NW) - Network Security Support Engineer FortiOS 7.4 - Study Guide
555 pages
NSX-T 3.1 Federation Presentation-V1.0
No ratings yet
NSX-T 3.1 Federation Presentation-V1.0
34 pages
Depression Brochure - Beck Model
No ratings yet
Depression Brochure - Beck Model
8 pages
Storage Implementation in VSphere 5
100% (1)
Storage Implementation in VSphere 5
1,606 pages
Lab Manual
No ratings yet
Lab Manual
129 pages
Edu en Vraaft8 Lab Ie
No ratings yet
Edu en Vraaft8 Lab Ie
415 pages
Vcf 52 Deploy
No ratings yet
Vcf 52 Deploy
45 pages
VCF 301 Administering
100% (1)
VCF 301 Administering
133 pages
Zerto Virtual Manager VSphere Administration Guide
No ratings yet
Zerto Virtual Manager VSphere Administration Guide
307 pages
Palo Alto Study Guide
100% (3)
Palo Alto Study Guide
290 pages
Book of Magicians - 01b - Register of Guild Colleges
No ratings yet
Book of Magicians - 01b - Register of Guild Colleges
5 pages
N.I. Act 1881 06-04-2025
No ratings yet
N.I. Act 1881 06-04-2025
42 pages
Vrealize Operations Manager 601 Cust Admin Guide
No ratings yet
Vrealize Operations Manager 601 Cust Admin Guide
276 pages
Professor Messer - Professor Messer's SY0-701 COMPTIA Security+ Course Notes - Libgen - Li
100% (24)
Professor Messer - Professor Messer's SY0-701 COMPTIA Security+ Course Notes - Libgen - Li
107 pages
NSXTO4 Lab Student Worksheet
No ratings yet
NSXTO4 Lab Student Worksheet
52 pages
Nutanix - Hardware Admin Ref AOS v511
No ratings yet
Nutanix - Hardware Admin Ref AOS v511
89 pages
De Guzman V Board of Canvassers
No ratings yet
De Guzman V Board of Canvassers
9 pages
Vmware Vsphere: Install, Configure, Manage: Lecture Manual Esxi 7 and Vcenter Server 7
No ratings yet
Vmware Vsphere: Install, Configure, Manage: Lecture Manual Esxi 7 and Vcenter Server 7
811 pages
Vmware-Sd-Wan-Partner-Guide 5.1
No ratings yet
Vmware-Sd-Wan-Partner-Guide 5.1
304 pages
VMware SD WAN Deploy and Manage
No ratings yet
VMware SD WAN Deploy and Manage
78 pages
Professional Practice - 201014
No ratings yet
Professional Practice - 201014
3 pages
Pcnse Study Guide
100% (2)
Pcnse Study Guide
226 pages
VCP-NV Study Guide
No ratings yet
VCP-NV Study Guide
132 pages
SAS®9 On Solaris 10: The Doctor Is "In" (And Makes House Calls)
No ratings yet
SAS®9 On Solaris 10: The Doctor Is "In" (And Makes House Calls)
16 pages
Edu en HDM8 Lab Ie
No ratings yet
Edu en HDM8 Lab Ie
133 pages
Edu en Nicm62 Lab Ie
No ratings yet
Edu en Nicm62 Lab Ie
208 pages
CompTIA Security+ (SY0-701)
83% (12)
CompTIA Security+ (SY0-701)
405 pages
Vsphere 703 Esxcli Concepts Examples Guide
No ratings yet
Vsphere 703 Esxcli Concepts Examples Guide
157 pages
VSICM7 M06 Config Manage Virtual Storage
No ratings yet
VSICM7 M06 Config Manage Virtual Storage
79 pages
CISSP 4 in 1 - Beginners Guide+ Guide To Learn CISSP Principles+ The Fundamentals of Information Security Systems For CISSP... (Jones, Daniel) (Z-Library)
100% (4)
CISSP 4 in 1 - Beginners Guide+ Guide To Learn CISSP Principles+ The Fundamentals of Information Security Systems For CISSP... (Jones, Daniel) (Z-Library)
621 pages
Vsan 801 Planning Deployment Guide
No ratings yet
Vsan 801 Planning Deployment Guide
92 pages
In Solarris 10 There Are 5 Phase
No ratings yet
In Solarris 10 There Are 5 Phase
6 pages
Doña Maria Rice
No ratings yet
Doña Maria Rice
5 pages
Vmware Horizon Deployment Guide
No ratings yet
Vmware Horizon Deployment Guide
47 pages
VM Realize Lab
No ratings yet
VM Realize Lab
170 pages
Grade 10 - present perfect passive (1)
No ratings yet
Grade 10 - present perfect passive (1)
2 pages
Cisco Ccna 200-301 Study Guide, 2024
80% (10)
Cisco Ccna 200-301 Study Guide, 2024
451 pages
HOME Lab Setup VSphere5
No ratings yet
HOME Lab Setup VSphere5
12 pages
Vsphere ICM 8 Lab 25
No ratings yet
Vsphere ICM 8 Lab 25
55 pages
VmWare NSX Student Guide PDF
50% (2)
VmWare NSX Student Guide PDF
480 pages
vcf-vxrail
No ratings yet
vcf-vxrail
439 pages
VCP DCV For Vsphere 7.x
100% (1)
VCP DCV For Vsphere 7.x
1,273 pages
20240217 om605 best gearbox and clutch
No ratings yet
20240217 om605 best gearbox and clutch
1 page
VMware.2V0-41.23 51q New
No ratings yet
VMware.2V0-41.23 51q New
26 pages
Orientation Cum Training
No ratings yet
Orientation Cum Training
2 pages
VSICM6 LabManual
No ratings yet
VSICM6 LabManual
170 pages
Learn How To Build A VMware Home Lab in A Complete Walkthrough
No ratings yet
Learn How To Build A VMware Home Lab in A Complete Walkthrough
47 pages
CISSP InstructorEdition
100% (13)
CISSP InstructorEdition
819 pages
Downloadable Official CompTIA Security+ Student Guide
100% (12)
Downloadable Official CompTIA Security+ Student Guide
708 pages
Practice Test
No ratings yet
Practice Test
3 pages
Network Security Strategies
100% (10)
Network Security Strategies
378 pages
Downloadable Official CompTIA A+ Core 1 and Core 2 Student Guide
99% (72)
Downloadable Official CompTIA A+ Core 1 and Core 2 Student Guide
1,260 pages
Simple Past PDF
No ratings yet
Simple Past PDF
3 pages
Vmware VCP DCV Basics
100% (1)
Vmware VCP DCV Basics
25 pages
Lengua IV-Project Titles 2017
No ratings yet
Lengua IV-Project Titles 2017
2 pages
VMware Horizon 7 Tech Deep Dive - PDF en
100% (2)
VMware Horizon 7 Tech Deep Dive - PDF en
73 pages
ES101CPX02007+ +VxRail+7.0.XXX+Concepts
No ratings yet
ES101CPX02007+ +VxRail+7.0.XXX+Concepts
63 pages
VMware Vsphere Troubleshooting Workshop 6.5 Lab Manual
No ratings yet
VMware Vsphere Troubleshooting Workshop 6.5 Lab Manual
64 pages
Jee Mains Level - QEE
100% (6)
Jee Mains Level - QEE
5 pages
Edu en Vsaa8 Lab Ie
No ratings yet
Edu en Vsaa8 Lab Ie
94 pages
English EVALUATION-III Online Test & Activity Format 2021-22
No ratings yet
English EVALUATION-III Online Test & Activity Format 2021-22
2 pages
Ciscopress CCNP Security Identity Management SISE 300 715 Official
100% (7)
Ciscopress CCNP Security Identity Management SISE 300 715 Official
1,827 pages
Edu en Vskdm7 Lab Ie
100% (1)
Edu en Vskdm7 Lab Ie
104 pages
CompTIA CASP+ CAS-004 Certification Guide
92% (12)
CompTIA CASP+ CAS-004 Certification Guide
654 pages
CCNA 200-301 Practice Exam Questions 2020
100% (7)
CCNA 200-301 Practice Exam Questions 2020
350 pages
Vasily Rozanov Philosopher: Heinrich A. Stammler
No ratings yet
Vasily Rozanov Philosopher: Heinrich A. Stammler
9 pages
VMware Vsphere With Tanzu
No ratings yet
VMware Vsphere With Tanzu
9 pages
Cisco CCNA 200-301 Exam Mock Tests 2022
100% (7)
Cisco CCNA 200-301 Exam Mock Tests 2022
330 pages
Exam Prep Guide 3V0-623 v1.2
No ratings yet
Exam Prep Guide 3V0-623 v1.2
18 pages
James Pengelly - Official CompTIA Network+ Student Guide (Exam N10-008) (2021)
92% (12)
James Pengelly - Official CompTIA Network+ Student Guide (Exam N10-008) (2021)
613 pages
Penetration Testing Step-By-Step Guide
92% (12)
Penetration Testing Step-By-Step Guide
417 pages
Cisco CCNA Lab Guide
90% (10)
Cisco CCNA Lab Guide
356 pages
CCNA 200-301 Study Notes v1.3
80% (10)
CCNA 200-301 Study Notes v1.3
152 pages
Ccie Wireless v3 Study Guide
100% (1)
Ccie Wireless v3 Study Guide
520 pages
Understanding VxRail Network Integration Requirements
No ratings yet
Understanding VxRail Network Integration Requirements
8 pages
Cisco Software Defined Access Networking PDF
100% (6)
Cisco Software Defined Access Networking PDF
687 pages
CCNP Enterprise Advanced Routing ENARSI 300-410
85% (27)
CCNP Enterprise Advanced Routing ENARSI 300-410
1,100 pages
Beverages MENU
No ratings yet
Beverages MENU
1 page
Review of The Green Ammonia Process
100% (3)
Review of The Green Ammonia Process
5 pages
Jones, Daniel CISSP 3 in 1 Beginner's Guide To Learn The Realms
80% (5)
Jones, Daniel CISSP 3 in 1 Beginner's Guide To Learn The Realms
468 pages
Downloadable Official CompTIA IT Fundamentals (ITF+) Student Guide (Exam FC0-U61)
100% (20)
Downloadable Official CompTIA IT Fundamentals (ITF+) Student Guide (Exam FC0-U61)
550 pages
Pcnse Study Guide
100% (3)
Pcnse Study Guide
308 pages
Network+ Student Guide
92% (13)
Network+ Student Guide
816 pages
Deployment Cisco SD-WAN LAB On EVE-NG PDF
67% (3)
Deployment Cisco SD-WAN LAB On EVE-NG PDF
56 pages
VMware vSphere Troubleshooting
From Everand
VMware vSphere Troubleshooting
Munir Muhammad Zeeshan
No ratings yet
VMware Virtual SAN Cookbook
From Everand
VMware Virtual SAN Cookbook
Jeffrey Taylor
5/5 (1)
VMware NSX Network Essentials
From Everand
VMware NSX Network Essentials
Sreejith.C
No ratings yet
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
From Everand
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
Marius Sandbu
No ratings yet
Implementing NetScaler VPX™ - Second Edition
From Everand
Implementing NetScaler VPX™ - Second Edition
Sandbu Marius
No ratings yet