Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2808
Views
5
Helpful
5
Replies

cEdge stuck in Received Teardown

ahmad.rz
Level 1
Level 1

‎09-12-2020 08:38 AM - edited ‎09-12-2020 10:46 PM

Hi guys, my cedge stucks in teardown state. Here is some informations:


vedge# show certificate serial 
Chassis number: 7037c9f0-5692-d3fb-0bf1-beb6017b346a serial number: AC8D61C2
vedge# show control local-properties 
personality                       vedge
sp-organization-name              NDP
organization-name                 NDP
root-ca-chain-status              Installed

certificate-status                Installed
certificate-validity              Valid
certificate-not-valid-before      Sep 12 13:32:21 2020 GMT
certificate-not-valid-after       Sep 10 13:32:21 2030 GMT

dns-name                          10.100.0.39
site-id                           10
domain-id                         1
protocol                          dtls
tls-port                          0
system-ip                         10.10.5.8
chassis-num/unique-id             7037c9f0-5692-d3fb-0bf1-beb6017b346a
serial-num                        AC8D61C2
token                             Invalid
keygen-interval                   1:00:00:00
retry-interval                    0:00:00:19
no-activity-exp-interval          0:00:00:20
dns-cache-ttl                     0:00:02:00
port-hopped                       FALSE
time-since-last-port-hop          0:00:00:00
embargo-check                     success
number-vbond-peers                1

But here i have this problem :

PEER     PEER     PEER             SITE        DOMAIN PEER             PRIVATE  PEER             PUBLIC                                   LOCAL      REMOTE     REPEAT               
TYPE     PROTOCOL SYSTEM IP        ID          ID     PRIVATE IP       PORT     PUBLIC IP        PORT    LOCAL COLOR      STATE           ERROR      ERROR      COUNT DOWNTIME       
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond    dtls     0.0.0.0          0           0      10.100.0.39      12346    10.100.0.39      12346   default          challenge_resp  RXTRDWN    BIDNTVRFD  121   2020-09-12T15:25:21+0000

I also know in vbond orchestrate valid serial-list this vedge was validated.

What's the problem and how I can solve it ? Anybody knows?

Be quick and careful!
0 Helpful
5 Replies 5

Eng_Muqrin
Level 1
Level 1

‎09-17-2020 04:22 AM

check your timezone in cEdge and also make sure the vbond ip is pingable 

0 Helpful

ahmad.rz
Level 1
Level 1
In response to Eng_Muqrin

‎09-19-2020 03:01 AM

Thanks,

Yes timezone is same and also vbond is pingable via vpn0 in cedge.

Be quick and careful!
0 Helpful

ekhabaro
Cisco Employee
Cisco Employee
In response to ahmad.rz

‎09-21-2020 01:55 AM

Hi Ahmad,

 

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/214509-troubleshoot-control-connections.html

 

Serial Number(s) Not Present (CRTREJSER, BIDNTVRFD)

If the serial number is not present on the controllers for a given device, you will see that control connections fail.

It can be verified with show controllers [ valid-vsmarts | valid-vedges ] outputs and fixed most of the time. Navigate to Configuration > Certificates > Send to Controllers or Send to vBond buttons from vManage corresponding tabs. On vBond, check show orchestrator valid-vedges / show orchestrator valid-vsmarts.   

In the logs on vBond you might also observe these messages with reason ERR_BID_NOT_VERIFIED:

messages:local7.info: Dec 21 01:13:31 vBond-1 VBOND[1677]: %Viptela-vBond-1-vbond_0-6-INFO-1400002: Notification: 12/21/2018 1:13:31 vbond-reject-vedge-connection severit
y-level:major host-name:"vBond-1" system-ip:1.1.1.11 uuid:"11OG301234567" organization-name:"Example_Orgname" sp-organization-name:"Example_Orgname"" reason:"ERR_BID_NOT_VERIFIED"

 

When you troubleshoot such a problem, ensure that the correct serial number and device model was configured and provisioned on PnP portal (software.cisco.com) and vManage.

In order to check chassis number and certificate serial number, this command can be used on vEdge routers:

vEdge1# show control local-properties | include  "chassis-num|serial-num"
chassis-num/unique-id        11OG528180107
serial-num                   1001247E

On router that runs Cisco IOS®-XE SDWAN software, you can use:

cEdge1#show sdwan control local-properties | include chassis-num|serial-num
chassis-num/unique-id            C1111-4PLTEEA-FGL223911LK
serial-num                       016E9999
0 Helpful

ahmad.rz
Level 1
Level 1
In response to ekhabaro

‎09-22-2020 05:30 AM - edited ‎09-22-2020 05:40 AM

Hi @ekhabaro, Thanks for reply,

All of them are same, but I have tried another chassis num and here are outputs:

 

vEdge:

vEdge# show control local-properties | include  "chassis-num|serial-num"
chassis-num/unique-id             b8f6005b-7d46-a5c0-230a-50d6ea183ff7
serial-num                        5189707C

vEdge# show control valid-vsmarts                                      

SERIAL NUMBER                           ORG  
---------------------------------------------
330000000C58BCA48CAEAD26D900000000000C  NDP 
330000000D44508063E4C9EB3800000000000D  NDP

vEdge# show control valid-vmanage-id                                   

CHASSIS NUMBER                        
--------------------------------------
0b0c5c7e-8483-44db-b14b-a1bb46aac894

 

vEdge# show certificate serial
Chassis number: b8f6005b-7d46-a5c0-230a-50d6ea183ff7 serial number: 5189707C

 

vEdge# show control local-properties
personality vedge
sp-organization-name NDP
organization-name NDP
root-ca-chain-status Installed

certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Sep 22 11:50:45 2020 GMT
certificate-not-valid-after Sep 20 11:50:45 2030 GMT

dns-name 10.100.0.39
site-id 1
domain-id 1
protocol dtls
tls-port 0
system-ip 1.2.8.9
chassis-num/unique-id b8f6005b-7d46-a5c0-230a-50d6ea183ff7
serial-num 5189707C
token Invalid

 


and vBond:

vBond# show orchestrator valid-vedges | inc B8F6005B-7D46-A5C0-230A-50D6EA183FF7
B8F6005B-7D46-A5C0-230A-50D6EA183FF7  5189707C                          valid     NDP  N/A  

vBond# show orchestrator valid-vmanage-id                                       

CHASSIS NUMBER                        
--------------------------------------
0b0c5c7e-8483-44db-b14b-a1bb46aac894 


vBond# show orchestrator valid-vsmarts                                          

SERIAL NUMBER                           ORG  
---------------------------------------------
330000000C58BCA48CAEAD26D900000000000C  NDP  
330000000D44508063E4C9EB3800000000000D  NDP

 

Be quick and careful!

ahmad.rz
Level 1
Level 1

‎10-14-2020 11:51 PM

Still I don't know what was the problem and I had to downgrade set of controllers to 19.2. Although everything was done step by step like the previous version but it solved. Maybe it was like a bug!

Be quick and careful!
0 Helpful
Customers Also Viewed These Support Documents