cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1038
Views
0
Helpful
4
Replies
Highlighted
Beginner

Can't bring up the SD-WAN controllers to the Control Plane

Hello everyone,

 

Does anyone know why this is happening? or what could I be missing in the config?

 

I am trying to deploy an SD-WAN lab I have already loaded the certificates to each Controller (vManage, vSmart and vBond) and they are shown on the vManage NMS as installed. However, when I type the "show control connections" no information is shown.

 

vmanage# show control connections

vmanage#

 

vbond# show orchestraitor connections

vbond#

 

vsmart# show control connections

vsmart#

 

Even though the control connections are not shown, I can see the devices as valid:

 

vmanage# show control valid-vsmarts

SERIAL NUMBER ORG
--------------------------
922A20A4FB64B3E1 CIBERC
922A20A4FB64B3E3 CIBERC

 

vBond# show orchestrator valid-vsmarts

SERIAL NUMBER ORG
--------------------------
922A20A4FB64B3E1 CIBERC
922A20A4FB64B3E3 CIBERC

 

In the following show outputs are the local properties of each controller

 

vBond# show orchestrator local-properties
personality vbond
sp-organization-name CI
organization-name CI
system-ip 192.168.17.1
certificate-status Installed
root-ca-chain-status Installed

certificate-validity Valid
certificate-not-valid-before Jun 04 18:30:01 2019 GMT
certificate-not-valid-after Oct 16 18:30:01 2020 GMT
chassis-num/unique-id e8b674a3-8042-4253-9347-a0543f28fb7b
serial-num 922A20A4FB64B3E2
number-active-wan-interfaces 1
protocol dtls
INSTANCE INDEX PORT VSMARTS VMANAGES STATE
----------------------------------------------
0 0 12346 0 0 up

 

vsmart# show control local-properties
personality vsmart
sp-organization-name CI
organization-name CI
certificate-status Installed
root-ca-chain-status Installed

certificate-validity Valid
certificate-not-valid-before Jun 05 10:03:33 2019 GMT
certificate-not-valid-after Oct 17 10:03:33 2020 GMT

dns-name 192.168.15.176
site-id 0
domain-id 1
protocol dtls
tls-port 23456
system-ip 192.168.17.2
chassis-num/unique-id f15e59a0-b34c-405a-a2dc-79f4ea7b7da9
serial-num 922A20A4FB64B3E3
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 0
number-active-wan-interfaces 2

PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 192.168.15.177 12346 192.168.15.177 :: 12346 0/0 default down 6:19:56:00
1 eth0 192.168.15.177 12346 192.168.15.177 :: 12346 0/0 default down 6:19:56:01

 

vmanage# show control local-properties
personality vmanage
sp-organization-name CI
organization-name CI
certificate-status Installed
root-ca-chain-status Installed

certificate-validity Valid
certificate-not-valid-before Jun 04 18:14:56 2019 GMT
certificate-not-valid-after Oct 16 18:14:56 2020 GMT

dns-name 192.168.15.176
site-id 0
domain-id 0
protocol dtls
tls-port 23456
system-ip 192.168.17.3
chassis-num/unique-id 2327c5db-11c3-4d14-b9bb-74e4058c7c0d
serial-num 922A20A4FB64B3E1
cloud-hosted no
retry-interval 0:00:00:15
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 0
number-active-wan-interfaces 2

PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 192.168.15.178 12346 192.168.15.178 :: 12346 0/0 default down 0:17:38:28
1 eth0 192.168.15.178 12346 192.168.15.178 :: 12346 0/0 default down 0:17:38:31

 

 

 

4 REPLIES 4
Highlighted
Cisco Employee

Can you post here outputs of "show run" from your controllers? 

Highlighted
Cisco Employee

Hello David,

 

Confirm clock is synchronized between all devices.

 

in addition to running config, please share show control-connection history for all controllers.

 

thanks

Highlighted

Hello HashamM,

 

Thank you for your comment. I configured the site id and synchronized the clocks in the controllers. After that, I have been able to see the controllers connected. However, the vBond is not showing up in the NMS´s Dashboard. Do you know why is it happening yet?

 

vManage

vmanage# show clock
Mon Jun 10 09:28:54 UTC 2019


vmanage# show control connections
PEER PEER PEER
PEER PEER PEER CONFIGURED SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vsmart dtls 192.168.17.2 192.168.17.2 1000 1 192.168.15.177 12346 192.168.15.177 12346 CIB default up 2:20:58:02
0 vbond dtls 192.168.17.1 192.168.17.1 0 0 192.168.15.176 12346 192.168.15.176 12346 CIB default up 2:20:59:32
1 vbond dtls 0.0.0.0 - 0 0 192.168.15.176 12346 192.168.15.176 12346 CIB default up 2:20:59:31



vmanage# show running-config
system
host-name vmanage
system-ip 192.168.17.3
site-id 1000
admin-tech-on-failure
sp-organization-name CIB
organization-name CIB
vbond 192.168.15.176
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$bszeNYTsASvb2L5/$WksUU8eSdm9gRzZ222F4CdF1sBt22ep7JyLI2pVvFHKsJWBcrhu7jFY.WdMfBQpk89dAmkNeVPe.2OPjn4Ogr.
!
!
logging
disk
enable
!
!
!
vpn 0
interface eth0
ip address 192.168.15.178/24
ipv6 dhcp-client
tunnel-interface
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth1
ip address 192.168.16.179/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!

 

vSmart

 

vsmart# show clock
Mon Jun 10 10:00:13 UTC 2019

vsmart# show control connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE UPTIME
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vbond dtls 0.0.0.0 0 0 192.168.15.176 12346 192.168.15.176 12346 default up 2:21:29:45
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12346 192.168.15.178 12346 default up 2:21:29:42
1 vbond dtls 0.0.0.0 0 0 192.168.15.176 12346 192.168.15.176 12346 default up 2:21:29:46

vsmart# show control connections-history

vsmart# show running-config
system
host-name vsmart
system-ip 192.168.17.2
site-id 1000
admin-tech-on-failure
sp-organization-name CIB
organization-name CIB
vbond 192.168.15.176
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$CyyXkBfoOgERt3/c$dn/aQF2Q0.8P.DUIP/LDTFccP84SWYWSwB3tGGWwKGuIkXADmEnCo.FehPja0.iJv22aP/H76QupAYO5.1EgN1
!
!
logging
disk
enable
!
!
!
omp
no shutdown
send-backup-paths
graceful-restart
!
vpn 0
interface eth0
ip address 192.168.15.177/24
tunnel-interface
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service stun
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth1
ip address 192.168.16.181/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!

 

 


vBond

 

vBond# show clock
Mon Jun 10 09:44:50 UTC 2019
vBond# show orchestrator connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC ORGANIZATION
INSTANCE TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE NAME UPTIME
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vsmart dtls 192.168.17.2 1000 1 192.168.15.177 12346 192.168.15.177 12346 default up CIB 2:21:14:02
0 vsmart dtls 192.168.17.2 1000 1 192.168.15.177 12446 192.168.15.177 12446 default up CIB 2:21:14:03
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12346 192.168.15.178 12346 default up CIB 2:21:15:29
0 vmanage dtls 192.168.17.3 1000 0 192.168.15.178 12446 192.168.15.178 12446 default up CIB 2:21:15:28


vBond# show orchestrator connections-history

 

vBond# show running-config
system
host-name vBond
system-ip 192.168.17.1
site-id 0
admin-tech-on-failure
no route-consistency-check
organization-name CIB
vbond 192.168.15.176 local vbond-only
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
usergroup tenantadmin
!
user admin
password $6$LPrmWw.ZpUP8oh6x$YBTWa56gsrOTTaXGAW8gnM2Nlj0bcB.Tb0Bi40YVb.4xz1e2kDMhP2K8cRa2QzlP10MXzN2W9ZVybLvtiecT/0
!
!
logging
disk
enable
!
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
authentication-type ah-sha1-hmac sha1-hmac
!
!
vpn 0
interface ge0/0
ip address 192.168.15.176/24
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 192.168.15.1
!
vpn 512
interface eth0
ip address 192.168.16.180/24
no shutdown
!
ip route 0.0.0.0/0 192.168.16.1
!

Highlighted

I am also facing the same issue now  . But can u please try with allow service all on the tunel interface

Content for Community-Ad