Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4435
Views
5
Helpful
6
Replies

Setting up viptela lab, issues with vbond

Go to solution
Seth Beauchamp
Level 1
Level 1

‎04-26-2019 11:02 AM

Ive been working at this for a while now, and I can not get the vbond device to work. I've been following this guide: https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Viptela_Overlay_Network_Bringup/04Deploy_the_vBond_Orchestrator/04Add_Additional_vBond_Orchestrators

I go to devices>controllers and add the vBond. That part seems to work, its obviously able to contact it since it can pull the UUID. I also see via cli on the vBond that it has configured an organization name. So I go on to attaching a template to it, i get to the end of that process and just get "scheduled, device is offline". vManage and vBond can ping each other, but I can't figure out why vManage thinks vBond is offline.
The guide ive been following seems a bit out of date so Ive gotta be missing something. Any ideas? Using the latest version of the devices downloaded from cisco. All deployed on a single ESXI server.

1 person had this problem
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
stefan.radovanovici
Level 1
Level 1
In response to Seth Beauchamp

‎05-06-2019 01:51 PM

Yep, that's most likely the problem. The certificate must be approved by Cisco, you can typically ask for that via a TAC case. The vmanage will periodically attempt to retrieve the cert and once approved, it should succeed. Of course, the vmanage needs internet access but I assume that's already the case. 

 

View solution in original post

0 Helpful

Go to solution
ekhabaro
Cisco Employee
Cisco Employee
In response to stefan.radovanovici

‎05-07-2019 04:19 AM

Hi All, 

 

Actually you can have your own enterprise CA for controllers signing, see below:

 

https://sdwan-docs.cisco.com/Product_Documentation/vManage_How-Tos/Configuration/Configure_Certificate_Authorization_Settings_for_Controller_Devices#Use_Enterprise_Root_Certificates

 

You just need to generate CA cert and key, and then use it to sign CSRs for controllers, e.g. with openssl:

 

openssl x509 -req -sha256 -days 4096 -in ./your_controller.csr  -CA Lab_CA.crt -CAkey Lab_CA.key -set_serial <serial number, e.g. 0x01, some random value here> -out ./your_controller.crt

If you use Windows, you can use something like XCA to generate and sign your own certificates:

 

https://sourceforge.net/projects/xca/

 

Please note that you still need  your Smart Account and Virtual Account created on software.cisco.com with some devices populated in it (so you can download provisioning file). In general, you should get in touch with your cisco representative to get Smart Account approved.

View solution in original post

6 Replies 6

Go to solution
stefan.radovanovici
Level 1
Level 1

‎05-06-2019 12:18 PM

What do you have under Configuration/Certificates ? Does the vbond have a successfully installed certificate ? Is this an on-prems or cisco-cloud installation ?

0 Helpful

Go to solution
Seth Beauchamp
Level 1
Level 1
In response to stefan.radovanovici

‎05-06-2019 12:57 PM

Everything is on prem, just on a single esxi host. The certificates will not install properly with the automatic method. After about a week of pending it finally says "signing failed". I am assuming this is the problem.
0 Helpful

Go to solution
stefan.radovanovici
Level 1
Level 1
In response to Seth Beauchamp

‎05-06-2019 01:51 PM

Yep, that's most likely the problem. The certificate must be approved by Cisco, you can typically ask for that via a TAC case. The vmanage will periodically attempt to retrieve the cert and once approved, it should succeed. Of course, the vmanage needs internet access but I assume that's already the case. 

 

0 Helpful

Go to solution
ekhabaro
Cisco Employee
Cisco Employee
In response to stefan.radovanovici

‎05-07-2019 04:19 AM

Hi All, 

 

Actually you can have your own enterprise CA for controllers signing, see below:

 

https://sdwan-docs.cisco.com/Product_Documentation/vManage_How-Tos/Configuration/Configure_Certificate_Authorization_Settings_for_Controller_Devices#Use_Enterprise_Root_Certificates

 

You just need to generate CA cert and key, and then use it to sign CSRs for controllers, e.g. with openssl:

 

openssl x509 -req -sha256 -days 4096 -in ./your_controller.csr  -CA Lab_CA.crt -CAkey Lab_CA.key -set_serial <serial number, e.g. 0x01, some random value here> -out ./your_controller.crt

If you use Windows, you can use something like XCA to generate and sign your own certificates:

 

https://sourceforge.net/projects/xca/

 

Please note that you still need  your Smart Account and Virtual Account created on software.cisco.com with some devices populated in it (so you can download provisioning file). In general, you should get in touch with your cisco representative to get Smart Account approved.

Go to solution
Seth Beauchamp
Level 1
Level 1
In response to ekhabaro

‎05-07-2019 06:52 AM

Thanks, that definitely worked for the vbond and vsmart. I think I'm stuck at the vedge part though. I'm not sure if i can get a smart account authorized through my employer yet to get the provisioning file. Is this the only way to get a vedge to associate with the controller? This is only used in a lab, so I don't have any kind of licensed purchased yet, just exploring.

0 Helpful

Go to solution
ekhabaro
Cisco Employee
Cisco Employee
In response to Seth Beauchamp

‎05-07-2019 12:48 PM

I believe this is the only option, but I'll try to clarify. If you want to play with SD-WAN actually and explore, you may consider dCloud labs as well.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card