Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
1
Replies

CSRv acting cEdge has control issue with vbond

Ibrahim Jamil
Level 6
Level 6

‎01-17-2020 12:49 PM

Hi Guys

 

my CSRv acting cEdge its DTLS connection hangs as in the below state:

 

PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC LOCAL REMOTE REPEAT
TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE ERROR ERROR COUNT DOWNTIME
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls - 0 0 100.100.100.101 12346 100.100.100.101 12346 default challenge_resp RXTRDWN SERNTPRES 0 2020-01-17T22:31:04+0200

 

pls note  , the S/N  already exist in the vbond

 

 

also note the below:

 

BR2-cEdge#sh sdwan control local-properties
personality vedge
sp-organization-name vSD_WAN_Lab
organization-name vSD_WAN_Lab
root-ca-chain-status Installed

certificate-status Not-Installed
certificate-validity Not Applicable
certificate-not-valid-before Not Applicable
certificate-not-valid-after Not Applicable

dns-name 100.100.100.101
site-id 200
domain-id 1
protocol dtls
tls-port 0
system-ip 1.1.1.7
chassis-num/unique-id CSR-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ----->this number already exist in vbond as valid vedge
serial-num No certificate installed
keygen-interval 1:00:00:00
retry-interval 0:00:00:18
no-activity-exp-interval 0:00:00:12
dns-cache-ttl 0:00:02:00
port-hopped FALSE
time-since-last-port-hop 0:00:00:00
number-vbond-peers 1

INDEX IP PORT
-----------------------------------------------------
0 100.100.100.101 12346

number-active-wan-interfaces 1


NAT TYPE: E -- indicates End-point independent mapping
A -- indicates Address-port dependent mapping
N -- indicates Not learned
Note: Requires minimum two vbonds to learn the NAT type

PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE MAX RESTRICT/ LAST SPI TIME NAT VM
INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CNTRL CONTROL/ LR/LB CONNECTION REMAINING TYPE CON
STUN PRF
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GigabitEthernet1 100.100.100.106 12346 100.100.100.106 :: 12346 0/0 default up 2 no/yes/no No/No 0:00:00:21 0:11:08:36 N 5

 

 

 

even though the root-ca installed as below output

 

BR2-cEdge#$software sdwan root-cert-chain install bootflash:SD-WAN-CA.cer
Uploading root-ca-cert-chain via VPN 0
Copying ... /bootflash/SD-WAN-CA.cer via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain

 


BR2-cEdge#

Labels:
0 Helpful
1 Reply 1

hsood
Cisco Employee
Cisco Employee

‎01-27-2020 02:44 PM

Hi Ibrahim,

Can you post the output of the following from your Vbond:

 

# show orchestrator valid-vedges

 

Check , if the output from the above command and from the actual CSRv matches or not for the chassis number. It is case sensitive too.


Follow this post for more details:
https://community.cisco.com/t5/sd-wan/viptela-vedge-cloud-not-building-control-connections/td-p/3894311

 


Regards,
Hitesh Sood
Mark it resolved, in case this solves the issue.

0 Helpful
Customers Also Viewed These Support Documents