Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1344
Views
5
Helpful
3
Replies

Does On-Prem ZTP Server Support cEdge yet?

bhenriques
Level 1
Level 1

‎10-22-2021 01:27 PM

I read this post that back in 2019 that said ZTP server probably doesn't support cEdges, only vEdges. 

https://community.cisco.com/t5/sd-wan-and-cloud-networking/demonstrate-on-prem-ztp-server/td-p/3912768

 

When I turn on my ASR, it reaches out to devicehelper.cisco.com or pnpserver.domain (which my DNS server resolves to my ZTP server's IP), I see traffic hit it, but then the router just says "PnP HTTP (or HTTPS) timed out on connection to PnP server.

 

I've got it set up according to this guide, including my enterprise cert:

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-wan-edge-onboarding-deploy-guide-2020nov.pdf

 

Any ideas?

Labels:
0 Helpful
3 Replies 3

ekhabaro
Cisco Employee
Cisco Employee

‎10-25-2021 02:47 AM

Starting from 17.3 software you can use onprem ZTP for cEdge as well, see release notes:

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/release/notes/xe-17-3/sd-wan-rel-notes-xe-17-3.html

 

On Premises ZTP Server for Cisco SD-WAN

This feature extends the on-premise Plug and Play implementation support to Cisco IOS XE SD-WAN routers.

bhenriques
Level 1
Level 1
In response to ekhabaro

‎10-25-2021 05:20 AM - edited ‎10-25-2021 06:49 AM

So I configured my DNS according to that guide and added "ztp.domainname" and it looks like it used that and got further in the process. However, on the ZTP server, I see

 

"vbond_peer_delete[1768]: %VDAEMON_DBG_ERROR-1: Connection attempt to ztp FAILED with peer chassis_num: , public_ip: X.X.X.X:12346, error ERR_RX_TEAR_DOWN" where "X.X.X.X" is my ASR's public IP address.

 

Under "show orchestrator connections-history" it shows "CRTVERFL" which means it failed to verify peer certificate.

 

It just repeats that over and over.

0 Helpful

svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to bhenriques

‎10-26-2021 10:18 PM

It is not clear if you are using enterprise root-ca or symantec-root-ca for the on-prem ZTP ?
If this is enterprise-root-ca - is this added to the ZTP server ?
Also, the ZTP entry for the device added on the ZTP server ?

If you are still having issues, you can open a TA Case to get the assistance needed.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card