Re: Can't establish a connection with vSmart.

imortada · ‎04-10-2023

Hello,

can't establish a connection from my cEdge router to the vSmart. Any reason?
IR1101-sdwan-ib# sh sdwan control sum
control summary 0
vbond_counts 1
vmanage_counts 1
vsmart_counts 0

IR1101-sdwan-ib#sh sdwan control conn
IR1101-sdwan-ib#sh sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 Cisco-systems public-internet - up 0:03:38:27 0
vmanage dtls 1.1.1.1 100 0 172.27.167.69 12346 172.27.167.69 12346 Cisco-systems public-internet No up 0:03:38:22 0

IR1101-sdwan-ib#
IR1101-sdwan-ib#sh sdwan control connection-his
Legend for Errors
ACSRREJ - Challenge rejected by peer. NOVMCFG - No cfg in vmanage for device.
BDSGVERFL - Board ID Signature Verify Failure. NOZTPEN - No/Bad chassis-number entry in ZTP.
BIDNTPR - Board ID not Initialized. OPERDOWN - Interface went oper down.
BIDNTVRFD - Peer Board ID Cert not verified. ORPTMO - Server's peer timed out.
BIDSIG - Board ID signing failure. RMGSPR - Remove Global saved peer.
CERTEXPRD - Certificate Expired RXTRDWN - Received Teardown.
CRTREJSER - Challenge response rejected by peer. RDSIGFBD - Read Signature from Board ID failed.
CRTVERFL - Fail to verify Peer Certificate. SERNTPRES - Serial Number not present.
CTORGNMMIS - Certificate Org name mismatch. SSLNFAIL - Failure to create new SSL context.
DCONFAIL - DTLS connection failure. STNMODETD - Teardown extra vBond in STUN server mode.
DEVALC - Device memory Alloc failures. SYSIPCHNG - System-IP changed.
DHSTMO - DTLS HandShake Timeout. SYSPRCH - System property changed
DISCVBD - Disconnect vBond after register reply. TMRALC - Timer Object Memory Failure.
DISTLOC - TLOC Disabled. TUNALC - Tunnel Object Memory Failure.
DUPCLHELO - Recd a Dup Client Hello, Reset Gl Peer. TXCHTOBD - Failed to send challenge to BoardID.
DUPSER - Duplicate Serial Number. UNMSGBDRG - Unknown Message type or Bad Register msg.
DUPSYSIPDEL- Duplicate System IP. UNAUTHEL - Recd Hello from Unauthenticated peer.
HAFAIL - SSL Handshake failure. VBDEST - vDaemon process terminated.
IP_TOS - Socket Options failure. VECRTREV - vEdge Certification revoked.
LISFD - Listener Socket FD Error. VSCRTREV - vSmart Certificate revoked.
MGRTBLCKD - Migration blocked. Wait for local TMO. VB_TMO - Peer vBond Timed out.
MEMALCFL - Memory Allocation Failure. VM_TMO - Peer vManage Timed out.
NOACTVB - No Active vBond found to connect. VP_TMO - Peer vEdge Timed out.
NOERR - No Error. VS_TMO - Peer vSmart Timed out.
NOSLPRCRT - Unable to get peer's certificate. XTVMTRDN - Teardown extra vManage.
NEWVBNOVMNG- New vBond with no vMng connections. XTVSTRDN - Teardown extra vSmart.
NTPRVMINT - Not preferred interface to vManage. STENTRY - Delete same tloc stale entry.
HWCERTREN - Hardware vEdge Enterprise Cert Renewed HWCERTREV - Hardware vEdge Enterprise Cert Revoked.
EMBARGOFAIL - Embargo check failed REGIDMIS - Region ID set mismatch.
REGIDCHG - Region ID config update CRTVERCRLFL - Fail to verify Peer Certificate Due to CRL.
RESTRQFAIL - Rest request failed. PSEV6DISC - Pseudo v6 interface disconnect.

PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC LOCAL REMOTE REPEAT
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE ERROR ERROR COUNT ORGANIZATION DOWNTIME
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet tear_down SYSIPCHNG NOERR 0 2023-04-10T19:02:30+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet connect DCONFAIL NOERR 6 2023-04-10T19:02:24+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet tear_down DISTLOC NOERR 0 2023-04-10T19:00:18+0000
vmanage dtls 1.1.1.1 100 0 172.27.167.69 12346 172.27.167.69 12346 public-internet tear_down VM_TMO NOERR 0 2023-04-10T19:00:18+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet connect DCONFAIL NOERR 0 2023-04-10T18:59:37+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet tear_down VB_TMO NOERR 0 2023-04-10T18:59:06+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 public-internet tear_down SYSIPCHNG NOERR 0 2023-04-10T18:58:43+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 biz-internet tear_down DISTLOC NOERR 0 2023-04-10T18:58:43+0000
vmanage dtls 1.1.1.1 100 0 172.27.167.69 12346 172.27.167.69 12346 biz-internet tear_down DISTLOC NOERR 0 2023-04-10T18:58:43+0000
vbond dtls 0.0.0.0 0 0 172.27.167.86 12346 172.27.167.86 12346 biz-internet tear_down DISTLOC NOERR 0 2023-04-10T18:58:43+0000

IR1101-sdwan-ib#

Kanan Huseynli · ‎04-11-2023

Hi,

your router even does not try to connect to vsmart (show history confirms). Is vSmart up in overlay?

Share show control connections ; show control local-properties from vsmart.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

imortada · ‎04-11-2023

thanks, Kanan for getting back to me!!

here are the outputs you requested:

vsmart# show control local-properties
personality vsmart
sp-organization-name Cisco-systems
organization-name Cisco-systems
root-ca-chain-status Installed
root-ca-crl-status Not-Installed

certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Apr 04 05:30:00 2023 GMT
certificate-not-valid-after Apr 03 05:30:00 2024 GMT

dns-name 172.27.167.86
site-id 100
domain-id 1
protocol dtls
tls-port 23456
system-ip 1.1.1.2
chassis-num/unique-id abec9104-1f97-492d-8d43-8aa030256fe0
serial-num 21A432AE40E5508D
subject-serial-num N/A
token -NA-
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:00:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
cdb-locked false
region-id-set N/A
number-vbond-peers 1

INDEX IP PORT
-----------------------------------------------------
0 172.27.167.86 12346

number-active-wan-interfaces 2

PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 172.27.167.87 12346 172.27.167.87 :: 12346 0/1 default up 0:00:00:01
1 eth0 172.27.167.87 12446 172.27.167.87 :: 12446 0/0 default up 0:00:00:16

vsmart#
vsmart#
vsmart#
vsmart#
vsmart#
vsmart#
vsmart#
vsmart# show control connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vbond dtls 1.1.1.3 0 0 172.27.167.86 12346 172.27.167.86 12346 Cisco-systems default up 0:10:51:44
0 vmanage dtls 1.1.1.1 100 0 172.27.167.69 12346 172.27.167.69 12346 Cisco-systems default up 0:10:51:00
1 vbond dtls 1.1.1.3 0 0 172.27.167.86 12346 172.27.167.86 12346 Cisco-systems default up 0:10:51:41

vsmart#
vsmart#
vsmart#
vsmart#
vsmart#
*** IDLE TIMEOUT ***
Connection to 172.27.167.87 closed.
[imortada@sjc-ads-1428 ~]$ !!
ssh admin@172.27.167.87
viptela 20.10.1

Password:
Password:
Last login: Tue Apr 11 04:46:00 UTC 2023 from 171.70.59.120 on pts/0
Last failed login: Tue Apr 11 16:56:30 UTC 2023 from 171.70.59.120 on ssh:notty
There were 2 failed login attempts since the last successful login.
Welcome to Viptela CLI
User admin last logged in 2023-04-11T04:46:00.110555+00:00, to vsmart, from 171.70.59.120 using cli-ssh
admin connected from 171.70.59.120 using ssh on vsmart
vsmart# Share show control connections
--------^
syntax error: expecting
arping - layer 2 ping tool to check for active hosts in the same network
autowizard - Automatically query for mandatory elements
clear - Clear parameter
commit - Confirm a pending commit
complete-on-space - Enable/disable completion on space
config - Manipulate software configuration information
debug -
exit - Exit the management session
file - Perform file operations
help - Provide help information
history - Configure history size
idle-timeout - Configure idle timeout
job - Job operations
leaf-prompting - Automatically query for leaf values
logout - Logout a user
monitor - Monitor a file
nslookup - Look up a DNS name
paginate - Paginate output from CLI commands
ping - Ping a host
poweroff - Shut down the system
prompt1 - Set operational mode prompt
prompt2 - Set configure mode prompt
quit - Exit the management session
reboot - Reboot the system
request - Perform an action
screen-length - Configure screen length
screen-width - Set CLI screen width
show - Show information about the system
tcpdump - Perform tcpdump on a network interface
test - Perform test commands
timestamp - Enable/disable the display of timestamp
tools - Tools commands
traceroute - Trace connectivity to a host
vdiagnose - Viptela OS Diagnosis tool
vdig - Asynchronous FQDN resolution
vping - Send L2, L3, L7 probes to remote host
vshell - System shell
vsmart# show control connections
PEER PEER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB
INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 vbond dtls 1.1.1.3 0 0 172.27.167.86 12346 172.27.167.86 12346 Cisco-systems default up 0:22:51:53
0 vmanage dtls 1.1.1.1 100 0 172.27.167.69 12346 172.27.167.69 12346 Cisco-systems default up 0:22:51:08
1 vbond dtls 1.1.1.3 0 0 172.27.167.86 12346 172.27.167.86 12346 Cisco-systems default up 0:22:51:49

vsmart#
vsmart# show control local-properties
personality vsmart
sp-organization-name Cisco-systems
organization-name Cisco-systems
root-ca-chain-status Installed
root-ca-crl-status Not-Installed

certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Apr 04 05:30:00 2023 GMT
certificate-not-valid-after Apr 03 05:30:00 2024 GMT

dns-name 172.27.167.86
site-id 100
domain-id 1
protocol dtls
tls-port 23456
system-ip 1.1.1.2
chassis-num/unique-id abec9104-1f97-492d-8d43-8aa030256fe0
serial-num 21A432AE40E5508D
subject-serial-num N/A
token -NA-
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:00:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
cdb-locked false
region-id-set N/A
number-vbond-peers 1

INDEX IP PORT
-----------------------------------------------------
0 172.27.167.86 12346

number-active-wan-interfaces 2

PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE LAST
INSTANCE INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------------------------------
0 eth0 172.27.167.87 12346 172.27.167.87 :: 12346 0/1 default up 0:00:00:17
1 eth0 172.27.167.87 12446 172.27.167.87 :: 12446 0/0 default up 0:00:00:15

vsmart#

Kanan Huseynli · ‎04-12-2023

Hi,

what does "show sdwan control valid-vsmarts" show on router?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.