Introduction
Thank you for always reading our articles!
I was personally curious as to whether it was possible to build a Cisco Catalyst 8000V for SD-WAN & Routing environment on AWS, so I did some research.
After trying out a few things on the Market Place(AWS), I found Cisco Catalyst 8000V for SD-WAN & Routing as something that looked like it could be built, so I would like to try that out.
from Japanese
There was also a license for the Free Plan of the Cisco Catalyst SD-WAN C8000v (virtual router), but it seems that users in Japan could not set it up due to a violation of the license terms.
Target audience
- Those who have unavoidable circumstances and want to test Cisco Catalyst SD-WAN
- A rare person who wants to try using a Cisco router on AWS
- Looking for people with extensive networking experience
Goals
- Deploying Cisco Catalyst 8000V in an AWS environment
- Verify that you can run basic commands
The following is not covered:
- Building the Manager, Controller, and Validator required for Cisco Catalyst SD-WAN
- Configuring physical devices such as cEdge
Cisco Documents
https://www.cisco.com/c/ja_jp/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
https://www.cisco.com/c/ja_jp/td/docs/routers/C8000V/AWS/deploying-c8000v-on-amazon-web-services/overview.html
Hands On
- Enter "Market Place" in the search box at the top of the AWS console screen
- The screen will change, so click Detect Product on the left pane.
- After clicking, enter Cisco Catalyst 8000V for SD-WAN & Routing in the center input box.
- Search results will be displayed, so click on the search result
- The Cisco Catalyst 8000V for SD-WAN & Routing Marketplace screen will be displayed, so click the View purchase options button.
Market Place URL:https://aws.amazon.com/marketplace/pp/prodview-rohvq2cjd4ccg
- The screen will change, so click the Continue to Configuration button.
- ※Clickable after a certain period of time
- After clicking, the Config setting screen will be displayed.
- Change the Region to Asia Pacific (Tokyo) and click the Continue to Launch button.
- The screen will change, so change the drop-down menu under Choose Action to Launch through EC2.
- After making the changes, click the Launch button.
- Enter an appropriate instance name to transition to the EC2 setting screen.
- Select the desired key pair and click the Launch Instance button.
- After a certain period of time has passed, the message "Instance startup has started successfully" will be displayed.
- Click the Show All Instances button
- After a certain amount of time has passed, when the instance status shows 3/3 checks were successful, construction is complete.
- Please connect to the instance using Teraterm.
Commands Check
Now that I've managed to build the C8000V, I'd like to try executing some commands.
Command Refenece:https://www.cisco.com/c/en/us/td/docs/routers/sd-routing/command/reference/sd-routing-cr-book/dapr-cr-book_chapter_01.html
show version
ip-172-31-34-128#show version
Cisco IOS XE Software, Version 17.15.02a
Cisco IOS Software [IOSXE], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.15.2a, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2025 by Cisco Systems, Inc.
Compiled Thu 06-Mar-25 19:10 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2025 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
ip-172-31-34-128 uptime is 13 minutes
Uptime for this control processor is 15 minutes
System returned to ROM by reload
System image file is "bootflash:packages.conf"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Technology Package License Information:
Controller-managed
The current throughput level is 20000 kbps
Smart Licensing Status: Smart Licensing Using Policy
cisco C8000V (VXE) processor (revision VXE) with 1892243K/3075K bytes of memory.
Processor board ID 9NRP91KBRS6
Router operating mode: Autonomous (SD-Routing)
1 Gigabit Ethernet interface
32768K bytes of non-volatile configuration memory.
5000596K bytes of physical memory.
11526144K bytes of virtual hard disk at bootflash:.
Configuration register is 0x2102
ip-172-31-34-128#
show running-config
ip-172-31-34-128#show running-config
Building configuration...
Current configuration : 6572 bytes
!
! Last configuration change at 14:13:07 UTC Mon Mar 31 2025 by ec2-user
!
version 17.15
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform sslvpn use-pd
platform console virtual
!
hostname ip-172-31-34-128
!
boot-start-marker
boot-end-marker
!
!
vrf definition GS
rd 100:100
!
address-family ipv4
exit-address-family
!
logging persistent size 1000000 filesize 8192 immediate
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local none
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
subscriber templating
ipv6 unicast-routing
!
!
!
crypto pki trustpoint TP-self-signed-3782309302
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3782309302
revocation-check none
rsakeypair TP-self-signed-3782309302
hash sha512
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
hash sha512
!
!
crypto pki certificate chain TP-self-signed-3782309302
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0D050030
31312F30 2D060355 04030C26 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373832 33303933 3032301E 170D3235 30333331 31343035
34375A17 0D333530 33333131 34303534 375A3031 312F302D 06035504 030C2649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37383233
30393330 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A2BD 2092EB3F 3A9C1C18 F3F04F95 847A5122 82DD97E0 55AC1145
AC91A238 620E6EF8 7994251E F609513A 83229BD3 205F856F 9A229B82 637893F6
7AA314BD D3679CA9 9C0769CF 7DB9FA9E C53D1C59 0EB7B6BE 2C392CEB B7742317
71537E61 75616E30 BC71A24D 67055E3E 69161F5D 285605B6 B21DFB4A 66373B21
A37F6E7E 8C69F1E0 AADD7E8D E5BEA8D3 E9B35588 463C9E4C 48D3C5A3 686AA4F9
C9BEF1A0 562C1EBA 8558F171 F951FEC5 44B18757 C97D86C1 244AE841 DADC83C8
72EA00FA 88B2627D B63D606F 3F11DD47 02F3659C F083873E 7D527288 107C4CD4
F0882E23 A4BADA2D 9519B11A D959CFC4 3C8678A5 D1F7FD46 AC68C88E 097B57DF
952D7F78 2B1F0203 010001A3 53305130 1D060355 1D0E0416 041478EA D363CC8B
89E1CA02 889FD43B EB77A28F 7302301F 0603551D 23041830 16801478 EAD363CC
8B89E1CA 02889FD4 3BEB77A2 8F730230 0F060355 1D130101 FF040530 030101FF
300D0609 2A864886 F70D0101 0D050003 82010100 77AB683C BF306342 7404BD3A
7F54A538 B94BC65C 6491D762 37152441 D4E81FCE 5E25057E E1CDA101 E2C22105
4EB1B56E 9C7B54DC D35D3F60 0C3EFE05 8493EE48 FD45C1F7 ECBBCC6E 0990BE72
6377A712 A80CEE5A 2AEC5738 45D37228 D8C63C7C C256B62B E338558D D942B9A2
15F5DA08 A2FEBEB6 5D097800 AFF524CB 482C4DF9 2CF00BD2 6404A05D E9FCEA15
04350893 91AF7797 D729D3C5 E217711F DB298708 A39658A0 CE12A603 48C9D292
58053BAB 4A0EBC58 874793F4 7E202ABD 28096BE6 43956BC5 CA691329 2BDEA9F6
CD0C2B0A E56BFC15 BEC863EC D7F6D522 F6E5DD03 70BCBB54 AEE7C2F5 1D7A7313
0DAE6D79 6DC7D626 4B60001B 9273BE1E 3AA1B4E1
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
!
license udi pid C8000V sn 9NRP91KBRS6
memory free low-watermark processor 189210
diagnostic bootup level minimal
!
!
!
!
username ec2-user privilege 15
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.35.101 255.255.255.0
ip nat inside
!
interface GigabitEthernet1
ip address dhcp
ip nat outside
negotiation auto
ipv6 address dhcp
ipv6 enable
ipv6 nd autoconfig default-route
!
iox
ip forward-protocol nd
ip tcp window-size 8192
!
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.32.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.32.1 global
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip ssh bulk-mode 131072
ip ssh rsa keypair-name ssh-key
ip ssh pubkey-chain
username ec2-user
key-hash ssh-rsa 20F55DF574092980C9981FCF4472EB7C
ip ssh server algorithm publickey ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 ssh-rsa x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 x509v3-ecdsa-sha2-nistp521
ip scp server enable
!
ip access-list standard GS_NAT_ACL
10 permit 192.168.35.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
transport input ssh
line vty 5 20
transport input ssh
!
!
!
!
!
!
!
!
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8
netconf-yang feature candidate-datastore
sd-routing
end
show vlan brief
ip-172-31-34-128#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
I was unable to execute commands related to show sd-router,
so I suspect that registration with vManage may be required.
Benefits of this article
You can touch the Cisco Catalyst C8000V without purchasing a license from Cisco
☞☞It lowers the hurdle for verification in personal environmentsExpand the scope of network design using AWS
☞☞Flexible operation is possible because Cisco routers can be built in a WS environment.
However, since this is not the currently released 17.16.X, you will need to take into account the differences with the actual environment.
(Personally, I think it would be better to create a CDK template since it would be nice to be able to test Cisco Catalyst SD-WAN-related items.)
Thank you for reading the article to the end.
Top comments (2)
Happy to share I passed the Cisco 700-750 Security Operations Analyst exam with CERTIONARY! This boosts my skills in cybersecurity, threat analysis, and incident response. Excited to apply this knowledge to improve security operations.
Good Job👍