06-05-2019 08:30 AM
Hello everyone,
Does anyone know why this is happening? or what could I be missing in the config?
I am trying to deploy an SD-WAN lab I have already loaded the certificates to each Controller (vManage, vSmart and vBond) and they are shown on the vManage NMS as installed. However, when I type the "show control connections" no information is shown.
vmanage# show control connections
vmanage#
vbond# show orchestraitor connections
vbond#
vsmart# show control connections
vsmart#
Even though the control connections are not shown, I can see the devices as valid:
vmanage# show control valid-vsmarts
SERIAL NUMBER ORG
--------------------------
922A20A4FB64B3E1 CIBERC
922A20A4FB64B3E3 CIBERC
vBond# show orchestrator valid-vsmarts
SERIAL NUMBER ORG
--------------------------
922A20A4FB64B3E1 CIBERC
922A20A4FB64B3E3 CIBERC
In the following show outputs are the local properties of each controller
vBond# show orchestrator local-properties
personality vbond
sp-organization-name CI
organization-name CI
system-ip 192.168.17.1
certificate-status Installed
root-ca-chain-status Installed
certificate-validity Valid
certificate-not-valid-before Jun 04 18:30:01 2019 GMT
certificate-not-valid-after Oct 16 18:30:01 2020 GMT
chassis-num/unique-id e8b674a3-8042-4253-9347-a0543f28fb7b
serial-num 922A20A4FB64B3E2
number-active-wan-interfaces 1
protocol dtls
INSTANCE INDEX PORT VSMARTS VMANAGES STATE
----------------------------------------------
0 0 12346 0 0 up
vsmart# show control local-properties
personality vsmart
sp-organization-name CI
organization-name CI
certificate-status Installed
root-ca-chain-status Installed
certificate-validity Valid
certificate-not-valid-before Jun 05 10:03:33 2019 GMT
certificate-not-valid-after Oct 17 10:03:33 2020 GMT
dns-name 192.168.15.176
site-id 0
domain-id 1
protocol dtls
tls-port 23456
system-ip 192.168.17.2
chassis-num/unique-id f15e59a0-b34c-405a-a2dc-79f4ea7b7da9
serial-num 922A20A4FB64B3E3
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 0
number-active-wan-interfaces 2
PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 192.168.15.177 12346 192.168.15.177 :: 12346 0/0 default down 6:19:56:00
1 eth0 192.168.15.177 12346 192.168.15.177 :: 12346 0/0 default down 6:19:56:01
vmanage# show control local-properties
personality vmanage
sp-organization-name CI
organization-name CI
certificate-status Installed
root-ca-chain-status Installed
certificate-validity Valid
certificate-not-valid-before Jun 04 18:14:56 2019 GMT
certificate-not-valid-after Oct 16 18:14:56 2020 GMT
dns-name 192.168.15.176
site-id 0
domain-id 0
protocol dtls
tls-port 23456
system-ip 192.168.17.3
chassis-num/unique-id 2327c5db-11c3-4d14-b9bb-74e4058c7c0d
serial-num 922A20A4FB64B3E1
cloud-hosted no
retry-interval 0:00:00:15
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 0
number-active-wan-interfaces 2
PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 192.168.15.178 12346 192.168.15.178 :: 12346 0/0 default down 0:17:38:28
1 eth0 192.168.15.178 12346 192.168.15.178 :: 12346 0/0 default down 0:17:38:31
06-09-2019 07:53 AM
Can you post here outputs of "show run" from your controllers?
06-09-2019 12:25 PM
Hello David,
Confirm clock is synchronized between all devices.
in addition to running config, please share show control-connection history for all controllers.
thanks
06-10-2019 07:18 AM
Hello HashamM,
Thank you for your comment. I configured the site id and synchronized the clocks in the controllers. After that, I have been able to see the controllers connected. However, the vBond is not showing up in the NMS´s Dashboard. Do you know why is it happening yet?
vManage
vmanage# show clock
Mon Jun 10 09:28:54 UTC 2019
vmanage# show control connections
PEER PEER PEER
PEER PEER PEER CONFIGURED SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vsmart dtls 192.168.17.2 192.168.17.2 1000 1 192.168.15.177 12346 192.168.15.177 12346 CIB default up 2:20:58:02
0 vbond dtls 192.168.17.1 192.168.17.1 0 0 192.168.15.176 12346 192.168.15.176 12346 CIB default up 2:20:59:32
1 vbond dtls 0.0.0.0 - 0 0 192.168.15.176 12346 192.168.15.176 12346 CIB default up 2:20:59:31
vmanage# show running-config
system
host-name vmanage
system-ip 192.168.17.3
site-id 1000
admin-tech-on-failure
sp-organization-name CIB
organization-name CIB
vbond 192.168.15.176
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$bszeNYTsASvb2L5/$WksUU8eSdm9gRzZ222F4CdF1sBt22ep7JyLI2pVvFHKsJWBcrhu7jFY.WdMfBQpk89dAmkNeVPe.2OPjn4Ogr.
!
!
logging
disk
enable
!
!
!
vpn 0
interface eth0
ip address 192.168.15.178/24
ipv6 dhcp-client
tunnel-interface
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth1
ip address 192.168.16.179/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!
vSmart
vsmart# show clock
Mon Jun 10 10:00:13 UTC 2019
vsmart# show control connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE UPTIME
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vbond dtls 0.0.0.0 0 0 192.168.15.176 12346 192.168.15.176 12346 default up 2:21:29:45
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12346 192.168.15.178 12346 default up 2:21:29:42
1 vbond dtls 0.0.0.0 0 0 192.168.15.176 12346 192.168.15.176 12346 default up 2:21:29:46
vsmart# show control connections-history
vsmart# show running-config
system
host-name vsmart
system-ip 192.168.17.2
site-id 1000
admin-tech-on-failure
sp-organization-name CIB
organization-name CIB
vbond 192.168.15.176
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$CyyXkBfoOgERt3/c$dn/aQF2Q0.8P.DUIP/LDTFccP84SWYWSwB3tGGWwKGuIkXADmEnCo.FehPja0.iJv22aP/H76QupAYO5.1EgN1
!
!
logging
disk
enable
!
!
!
omp
no shutdown
send-backup-paths
graceful-restart
!
vpn 0
interface eth0
ip address 192.168.15.177/24
tunnel-interface
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service stun
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth1
ip address 192.168.16.181/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!
vBond
vBond# show clock
Mon Jun 10 09:44:50 UTC 2019
vBond# show orchestrator connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC ORGANIZATION
INSTANCE TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE NAME UPTIME
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vsmart dtls 192.168.17.2 1000 1 192.168.15.177 12346 192.168.15.177 12346 default up CIB 2:21:14:02
0 vsmart dtls 192.168.17.2 1000 1 192.168.15.177 12446 192.168.15.177 12446 default up CIB 2:21:14:03
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12346 192.168.15.178 12346 default up CIB 2:21:15:29
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12446 192.168.15.178 12446 default up CIB 2:21:15:28
vBond# show orchestrator connections-history
vBond# show running-config
system
host-name vBond
system-ip 192.168.17.1
site-id 0
admin-tech-on-failure
no route-consistency-check
organization-name CIB
vbond 192.168.15.176 local vbond-only
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$LPrmWw.ZpUP8oh6x$YBTWa56gsrOTTaXGAW8gnM2Nlj0bcB.Tb0Bi40YVb.4xz1e2kDMhP2K8cRa2QzlP10MXzN2W9ZVybLvtiecT/0
!
!
logging
disk
enable
!
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
authentication-type ah-sha1-hmac sha1-hmac
!
!
vpn 0
interface ge0/0
ip address 192.168.15.176/24
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth0
ip address 192.168.16.180/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!
07-04-2020 04:12 PM
I am also facing the same issue now . But can u please try with allow service all on the tunel interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide