Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
2
Helpful
12
Replies

Cannot establish control connections between Vedge and Vsmart

sasanka1912
Level 1
Level 1

‎03-15-2025 03:41 PM - edited ‎03-15-2025 03:47 PM

Hi ,

I cannot get control connection established between Vedge and Vsmart and tshoot steps i took as below ..

vEdge2-1# show control local-properties
personality vedge
sp-organization-name SDWAN-LAB-01
organization-name SDWAN-LAB-01
root-ca-chain-status Installed

certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Mar 15 22:23:37 2025 GMT
certificate-not-valid-after Mar 13 22:23:37 2035 GMT

dns-name 192.168.0.200
site-id 2
domain-id 1
protocol dtls
tls-port 0
system-ip 1.1.2.2
chassis-num/unique-id 9044e61f-cf4e-484c-2c88-3feda0b89890
serial-num 5C881646
token Invalid                                                                  < Certificate says valid but token shows invalid >
keygen-interval 1:00:00:00
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped TRUE
time-since-last-port-hop 0:00:00:45
pairwise-keying Disabled
embargo-check success
number-vbond-peers 1

INDEX IP PORT
-----------------------------------------------------
0 192.168.0.200 12346

number-active-wan-interfaces 1

 

 

so i re-applied the token again and now wan edge shows up in the dashboard but  show control local-properties shows no certificate installed.

vEdge2-1# show control local-properties
personality vedge request vedge-cloud activatsp-organization-name SDWAN-LAB-010b89890 token 5C881646
organization-name SDWAN-LAB-01-number 9044e61f-cf4e-484c-2c88-3feda0b89890 token 5C881646
root-ca-chain-status Installed

certificate-status Not-Installed
certificate-validity Not Applicable
certificate-not-valid-before Not Applicable
certificate-not-valid-after Not Applicable

dns-name 192.168.0.200
site-id 2
domain-id 1
protocol dtls
tls-port 0
system-ip 1.1.2.2
chassis-num/unique-id 9044e61f-cf4e-484c-2c88-3feda0b89890
serial-num No certificate installed
token 5C881646
keygen-interval 1:00:00:00
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped TRUE
time-since-last-port-hop 0:00:02:44
pairwise-keying Disabled
embargo-check success
number-vbond-peers 1

INDEX IP PORT
-----------------------------------------------------
0 192.168.0.200 12346

 

sasanka1912_0-1742078309901.pngsasanka1912_1-1742078357273.png

This was emulated in my eve-ng built on esxi server and vmanage has 32 GB memory /vedge has 4GB/Vsmart has 4GB memory as well.

 

please advise 

 

 

 

 

Labels:
0 Helpful
12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2025 01:53 AM

Do you know if the issue is only with site two, vedge? How about other devices?

Check on the Vsmart console - do you see any errors?

For testing, wipe one of the nodes start from the beginning.

Follow deployment guide.

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/SD-WAN-End-to-End-Deployment-Guide.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sasanka1912
Level 1
Level 1
In response to balaji.bandi

‎03-16-2025 08:02 AM

@balaji.bandi will test again. It's happening for all the VEdge and CEdge devices.Will perform further tests and advise

0 Helpful

sasanka1912
Level 1
Level 1
In response to balaji.bandi

‎03-17-2025 01:18 PM

@balaji.bandi I tried wiping out one node and reconfiguring it, but now the node is not coming up, and I cannot see the CSR Certificate transition either. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sasanka1912

‎03-18-2025 04:54 AM

I have used in my Lab sometime back works as expected :  ( edge onboard Blog missing, i fix that URL soon when i get chance)

https://www.balajibandi.com/?p=2028

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jeongjun Park
VIP
VIP

‎03-16-2025 05:53 AM

Try to enter below command on the vEdge

- clear omp all

0 Helpful

sasanka1912
Level 1
Level 1
In response to Jeongjun Park

‎03-16-2025 08:00 AM

@Jeongjun Park control connections are down so there will be no use of clearing the OMP routes .

0 Helpful

mohamedyare
Level 1
Level 1

‎03-17-2025 05:17 AM

Can you confirm that you have configured vbond under system, secondly check is vsmart is connected to vbond

0 Helpful

sasanka1912
Level 1
Level 1
In response to mohamedyare

‎03-17-2025 01:20 PM

@mohamedyare yes vbond is under system and vmart ,vbond and vmanage are all reachable.

0 Helpful

Kanan Huseynli
VIP
VIP

‎03-20-2025 06:45 PM - edited ‎03-20-2025 06:45 PM

Hi,

share show control connections show control connection-history and show control local-properties both from vsmart and vedge router.

Note: better if in text file for easier checking

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

sasanka1912
Level 1
Level 1
In response to Kanan Huseynli

‎03-30-2025 10:35 AM

@Kanan Huseynli I have attached config files and screenshots as requested.

When i check the edge routers , it shows certificate is installed and the controller is up, but vmanage shows down. when i reapply the chassis number and token vmanage shows vedge is up but show control local-properties command shows no certificate installed and vmanage -->montitor shows not reachable (screenshot attached)

Preview file
20 KB
Preview file
16 KB
Preview file
66 KB
0 Helpful

mohamedyare
Level 1
Level 1

‎03-30-2025 01:57 PM

DCONFAIL is a network connectivity problem. Please check the network connectivity

0 Helpful

sasanka1912
Level 1
Level 1
In response to mohamedyare

‎03-31-2025 11:58 AM

@mohamedyare all devices are reachable ..Can't see any network issues.

0 Helpful
Customers Also Viewed These Support Documents