Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
0
Helpful
6
Replies

SD-WAN PNP vBOND controller profile

Kanan Huseynli
VIP
VIP

‎09-08-2020 06:37 AM

Hi team,

 

I need to understand when we need adding Root CA to vBOND controller in Cisco PNP. Suppose, I use on-premise controllers and enterprise CA for controller authorization. In addition, I want vedge authorization to be done automatically (vmanage signed). Do I need add Root CA for vbond controller in Cisco PNP ,in this case? Or it is needed if I use enterprise CA for vedges which is different case.

 

Thank in advance,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Labels:
0 Helpful
6 Replies 6

ekhabaro
Cisco Employee
Cisco Employee

‎09-21-2020 02:37 AM

enterprise certificate in vBond profile on PNP portal needed for ZTP. If you're not using ZTP, you may ignore this. vManage sign certificates for cloud devices only (if you selected this option for WAN edge cloud devices), and cloud devices does not use ZTP as such, for cloud device you have to supply bootstrap file with OTP token and enterprise certificate via bootstrap file. 

0 Helpful

Kanan Huseynli
VIP
VIP
In response to ekhabaro

‎09-21-2020 02:47 AM

Hi,

thank you very much! But if we are using ZTP and controller certificate is enterprise CA, then we definitely need to add local CA root cert to vbond profile, right? Could you describe in which phase of ZTP process this certificate is needed/used?

I think, when vEDGE or cEDGE connects to ZTP, ZTP server provides enterprise CA root certificate, so that routers can authenticate vbond, true?

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

ekhabaro
Cisco Employee
Cisco Employee
In response to Kanan Huseynli

‎09-21-2020 03:45 AM

Yes you got it right.

0 Helpful

stefanzuber
Level 1
Level 1
In response to Kanan Huseynli

‎03-06-2024 01:51 PM

Hi,

is the onboarding working with this setup? I‘m looking for the same. How will the root CA installed on the cEdge? Will it be doenloaded from PNP during first contact? Do you have some special settings in vManage?

best regsrds, Stefan

0 Helpful

Kanan Huseynli
VIP
VIP

‎09-21-2020 04:04 AM

Thank you! Just one more question:

I know that vedge-cloud does not support ZTP. But what about CSR1000v? Does it support ZTP (actually, PNP as it is cEDGE)? I haven't found any yes or no answer in docs, honestly. That's why I'm asking.

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

ekhabaro
Cisco Employee
Cisco Employee

‎09-21-2020 09:53 AM

No, CSR1kv is software based device (no SUDI chip here) hence you need same approach as for vEdge-Cloud with OTP token, and hence ZTP won't work. You should use ciscosdwan_cloud_init.cfg bootstrap file instead.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents