12-22-2023 06:54 PM
Assumption: to receive a device certificate, the (virtual) vEdge generates a CSR to a vManage of a fabric.
Doesn't the vEdge find the vManage through the vBond? Are unverified vEdges able to find the vManage of a fabric before the vBond of the fabric verifies the vEdge?
How does a vEdge find a vManage for the vEdge to receive the device certificate, and for that vEdge certificate to be verified by the vBond?
Solved! Go to Solution.
12-22-2023 10:05 PM - edited 12-22-2023 10:36 PM
HI,
good question.
Since it is virtual device it normally does not have information that can be verified by controllers.
But we add virtual vEdge devices (also cEdge like CSR1K, Cat8Kv) with this command: request vedge-cloud activate chassis-number [] token [] (for IOS XE: request platform software vedge-cloud activate).
Chassis-number and token we get from vManage authorized device list.
Below list from my-lab:
As you see there is column called "Serial No./Token" which means that till device gets certificate we have Token for device (temporary values till final authorization). And we manually select Chassis-number/ Token and add to router with above mentioned CLI command.
This list exists on all controllers (pushed from vManage).
Note: to have such list, you need to manually add routes in Cisco Smart Account PNP portal. There is option to select vedge-cloud, CSR1K, CAT8Kv)
Deploy / Option 2 / Procedure 2 describes that step (with request command) on cloud devices:
12-22-2023 10:05 PM - edited 12-22-2023 10:36 PM
HI,
good question.
Since it is virtual device it normally does not have information that can be verified by controllers.
But we add virtual vEdge devices (also cEdge like CSR1K, Cat8Kv) with this command: request vedge-cloud activate chassis-number [] token [] (for IOS XE: request platform software vedge-cloud activate).
Chassis-number and token we get from vManage authorized device list.
Below list from my-lab:
As you see there is column called "Serial No./Token" which means that till device gets certificate we have Token for device (temporary values till final authorization). And we manually select Chassis-number/ Token and add to router with above mentioned CLI command.
This list exists on all controllers (pushed from vManage).
Note: to have such list, you need to manually add routes in Cisco Smart Account PNP portal. There is option to select vedge-cloud, CSR1K, CAT8Kv)
Deploy / Option 2 / Procedure 2 describes that step (with request command) on cloud devices:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide