09-12-2020 08:38 AM - edited 09-12-2020 10:46 PM
Hi guys, my cedge stucks in teardown state. Here is some informations:
vedge# show certificate serial Chassis number: 7037c9f0-5692-d3fb-0bf1-beb6017b346a serial number: AC8D61C2
vedge# show control local-properties personality vedge sp-organization-name NDP organization-name NDP root-ca-chain-status Installed certificate-status Installed certificate-validity Valid certificate-not-valid-before Sep 12 13:32:21 2020 GMT certificate-not-valid-after Sep 10 13:32:21 2030 GMT dns-name 10.100.0.39 site-id 10 domain-id 1 protocol dtls tls-port 0 system-ip 10.10.5.8 chassis-num/unique-id 7037c9f0-5692-d3fb-0bf1-beb6017b346a serial-num AC8D61C2 token Invalid keygen-interval 1:00:00:00 retry-interval 0:00:00:19 no-activity-exp-interval 0:00:00:20 dns-cache-ttl 0:00:02:00 port-hopped FALSE time-since-last-port-hop 0:00:00:00 embargo-check success number-vbond-peers 1
But here i have this problem :
PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC LOCAL REMOTE REPEAT TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE ERROR ERROR COUNT DOWNTIME ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ vbond dtls 0.0.0.0 0 0 10.100.0.39 12346 10.100.0.39 12346 default challenge_resp RXTRDWN BIDNTVRFD 121 2020-09-12T15:25:21+0000
I also know in vbond orchestrate valid serial-list this vedge was validated.
What's the problem and how I can solve it ? Anybody knows?
09-17-2020 04:22 AM
check your timezone in cEdge and also make sure the vbond ip is pingable
09-19-2020 03:01 AM
Thanks,
Yes timezone is same and also vbond is pingable via vpn0 in cedge.
09-21-2020 01:55 AM
Hi Ahmad,
If the serial number is not present on the controllers for a given device, you will see that control connections fail.
It can be verified with show controllers [ valid-vsmarts | valid-vedges ] outputs and fixed most of the time. Navigate to Configuration > Certificates > Send to Controllers or Send to vBond buttons from vManage corresponding tabs. On vBond, check show orchestrator valid-vedges / show orchestrator valid-vsmarts.
In the logs on vBond you might also observe these messages with reason ERR_BID_NOT_VERIFIED:
messages:local7.info: Dec 21 01:13:31 vBond-1 VBOND[1677]: %Viptela-vBond-1-vbond_0-6-INFO-1400002: Notification: 12/21/2018 1:13:31 vbond-reject-vedge-connection severit y-level:major host-name:"vBond-1" system-ip:1.1.1.11 uuid:"11OG301234567" organization-name:"Example_Orgname" sp-organization-name:"Example_Orgname"" reason:"ERR_BID_NOT_VERIFIED"
When you troubleshoot such a problem, ensure that the correct serial number and device model was configured and provisioned on PnP portal (software.cisco.com) and vManage.
In order to check chassis number and certificate serial number, this command can be used on vEdge routers:
vEdge1# show control local-properties | include "chassis-num|serial-num" chassis-num/unique-id 11OG528180107 serial-num 1001247E
On router that runs Cisco IOS®-XE SDWAN software, you can use:
cEdge1#show sdwan control local-properties | include chassis-num|serial-num chassis-num/unique-id C1111-4PLTEEA-FGL223911LK serial-num 016E9999
09-22-2020 05:30 AM - edited 09-22-2020 05:40 AM
Hi @ekhabaro, Thanks for reply,
All of them are same, but I have tried another chassis num and here are outputs:
vEdge:
vEdge# show control local-properties | include "chassis-num|serial-num" chassis-num/unique-id b8f6005b-7d46-a5c0-230a-50d6ea183ff7 serial-num 5189707C vEdge# show control valid-vsmarts SERIAL NUMBER ORG --------------------------------------------- 330000000C58BCA48CAEAD26D900000000000C NDP 330000000D44508063E4C9EB3800000000000D NDP vEdge# show control valid-vmanage-id CHASSIS NUMBER -------------------------------------- 0b0c5c7e-8483-44db-b14b-a1bb46aac894
vEdge# show certificate serial
Chassis number: b8f6005b-7d46-a5c0-230a-50d6ea183ff7 serial number: 5189707C
vEdge# show control local-properties
personality vedge
sp-organization-name NDP
organization-name NDP
root-ca-chain-status Installed
certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Sep 22 11:50:45 2020 GMT
certificate-not-valid-after Sep 20 11:50:45 2030 GMT
dns-name 10.100.0.39
site-id 1
domain-id 1
protocol dtls
tls-port 0
system-ip 1.2.8.9
chassis-num/unique-id b8f6005b-7d46-a5c0-230a-50d6ea183ff7
serial-num 5189707C
token Invalid
and vBond:
vBond# show orchestrator valid-vedges | inc B8F6005B-7D46-A5C0-230A-50D6EA183FF7 B8F6005B-7D46-A5C0-230A-50D6EA183FF7 5189707C valid NDP N/A vBond# show orchestrator valid-vmanage-id CHASSIS NUMBER -------------------------------------- 0b0c5c7e-8483-44db-b14b-a1bb46aac894 vBond# show orchestrator valid-vsmarts SERIAL NUMBER ORG --------------------------------------------- 330000000C58BCA48CAEAD26D900000000000C NDP 330000000D44508063E4C9EB3800000000000D NDP
10-14-2020 11:51 PM
Still I don't know what was the problem and I had to downgrade set of controllers to 19.2. Although everything was done step by step like the previous version but it solved. Maybe it was like a bug!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide