Re: SDWAN-LAB only mpls connections

vivarock12 · ‎04-19-2024

hello,

So in my lab i just have 3 CEDGE (CRSv) and i want to connect them to the controllers the only consideration is that the link are MPLS ONLY or in this case i put gi1 color private1 and gi2 color private2 on the SDWAN-DC device and i created router pointing to the .2 on the interface of the CORE-CTT.

in the CORE-CCT router so in there i have only a nat overload on the interface that is connected to the cloud(that were my vmware with the controllers are).

the red line is ip nat outside interface and the green ones are the inside part.

from the CEDGE part i can reach the ip address from the controlles via ping and i have already add the certificate on the device and the token too.

so the problem is that my CEDGE ROUTER cant connect to the controller so is ther any special consideration i should have or maybe concept error with the nat?

heres the configuration of the CEDGE. and the process i follow to register the device to the vbond.

system
system-ip 50.1.1.1
site-id 503001
admin-tech-on-failure
organization-name labgam
vbond 10.200.200.10
!
ip host vbond 10.200.200.10
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip route 0.0.0.0 0.0.0.0 172.17.1.2
!
interface GigabitEthernet1
no shutdown
ip address 172.16.1.3 255.255.255.248
no mop enabled
no mop sysid
negotiation auto
exit
interface GigabitEthernet2
no shutdown
ip address 172.17.1.3 255.255.255.248
no mop enabled
no mop sysid
negotiation auto
exit
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
interface Tunnel2
no shutdown
ip unnumbered GigabitEthernet2
tunnel source GigabitEthernet2
tunnel mode sdwan
!
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color private1
exit
exit
interface GigabitEthernet2
tunnel-interface
encapsulation ipsec
color private2
exit
exit

-----------------------------------------------------------------------------
Certificado:
-----------------------------------------------------------------------------
tclsh
puts [open "flash:ROOTCA.pem" w+] {
sdfgsdfsdf
-----END CERTIFICATE-----
}
!
!
!cargar el certificado
!
!
request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem
!
!
!registrar el equipo
request platform software sdwan vedge_cloud activate chassis-number CSR-xx-xx-xx-xx-xx Token XXXXXXXXXXXXXXXXXX

thanks for the help by the way.

Kanan Huseynli · ‎04-20-2024

Hi,

share show sdwan control local-properties

show sdwan control connections
show sdwan control connection-history

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

balaji.bandi · ‎04-21-2024

Couple of questions :

1. On SD-WAN vmanage do you have Licenses for the devices you trying to join ?

2. organization-name labgam (on the diagram you show as gamlab, did you configure same on vManage - this is very key configuration.

3. request platform software sdwan vedge_cloud activate chassis-number CSR-xx-xx-xx-xx-xx Token XXXXXXXXXXXXXXXXXX - is this works ?

4. if you are using only static routing, make sure they are reachable end to end (both the side).

apart from that @Kanan Huseynli also asked some output that helps.

I have similar SD-WAN Lab works as expected as below :

https://www.balajibandi.com/?p=2028

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vivarock12 · ‎06-27-2024

just for you guy to knopw apparently yhe trouble was that the CRS were not compatible with the SDWAN controllers version so i went and install some 8000v and that was the solution.