Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2261
Views
7
Helpful
2
Replies

Cisco SDWAN ZTP on-prem for CEdge

Amr.Younes
Level 1
Level 1

‎09-16-2021 06:49 AM

Hello All,

 

I've tried to on-board a cEdge using ZTP on-prem, as it should be working on cEdges  IOS  17.3.1a & vManage IOS 20.3.1

Exact steps are followed using below links 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/hardware-and-software-installation.html#Cisco_Concept.dita_a8f8f4d0-8765-4786-93c3-562e6e592ad2

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/cisco-sd-wan-overlay-network-bringup.html#c_Start_the_Enterprise_ZTP_Server_7841.xml

 

 

cEdge IOS: 17.03.4a

vmanage: 20.3.4

 

cEdge has already resolved devicehelper.cisco.com. but it is not able to connect to it, seems HTTPS is not supported for the vBond acting as ZTP 

 

*Sep 14 10:55:23.555: %PNP-6-PNP_CCO_SERVER_IP_RESOLVED: CCO server (devicehelper.cisco.com.) resolved to ip (1.1.0.156) by (pid=651, pname=PnP Agent Discovery, time=10:55:23 UTC Tue Sep 14 2021)
*Sep 14 10:55:23.555: %PNP-6-HTTP_CONNECTING: PnP Discovery trying to connect to PnP server (https://devicehelper.cisco.com.:443/pnp/HELLO)

*Sep 14 10:55:45.622: %PNP-3-PNP_HTTP_TIMED_OUT: PnP HTTP timed out (1/10) on connection to PnP server (https://devicehelper.cisco.com.:443/pnp/HELLO)

*Sep 14 10:56:15.687: %PNP-3-PNP_HTTP_TIMED_OUT: PnP HTTP timed out (2/10) on connection to PnP server (https://devicehelper.cisco.com.:443/pnp/HELLO)

 

 

Any suggestions ?

2 Replies 2

jonatan.cavaco
Level 1
Level 1

‎11-05-2021 11:15 AM

Hi, can you do ping from the cEdge to the vBond?

0 Helpful

omamenko
Cisco Employee
Cisco Employee

‎08-17-2022 07:53 AM

Hi

To run local ZTP server for cEdge you need to meet next requirements:
1) DHCP-server must provide a DNS domain name (option 15) to cEdge;
2) DHCP-server must not provide option 43 to cEdge (default configuration);
3) DHCP-server must provide IP-address of DNS-server (option 6) to cEdge;
4) DNS-server must resolve ztp.local.domain (where local.domain provided in #1) to IP-address of ZTP-server;
5) ZTP-server must have uploaded valid list of cEdges in JSON format;
6) Communication between cEdge and On-prem ZTP-server is based on UDP/12346 (not HTTP or HTTPS which are used in PnP scenarios).

To verify if your configuration meet requirements:
1) Check if cEdge is provided with DNS name via DHCP - run on cEdge
cEdge# show dhcp server
2) Check if cEdge is able to resolve ZTP-server and it is reachable
cEdge# ping ztp.local.domain
3) Check if ZTP-server has valid ZTP-entries 
vBond-ZTP# show ztp entries
Снимок экрана 2022-08-17 в 16.56.05.png
Make sure that vBond IP (or FQDN) is reachable (resolvable), NAME field is the same as ORG Name, ROOT CERT PATH field is not empty.
4) Run tcp-dump on ZTP-server. You should see UDP/12346 (not HTTP/S) traffic from cEdge
vBond-ZTP# tcpdump interface ge0/0 | include $IP-cEdge
 
Hope it helps

Customers Also Viewed These Support Documents