Accepted Solutions
HI,
good question.
Since it is virtual device it normally does not have information that can be verified by controllers.
But we add virtual vEdge devices (also cEdge like CSR1K, Cat8Kv) with this command: request vedge-cloud activate chassis-number [] token [] (for IOS XE: request platform software vedge-cloud activate).
Chassis-number and token we get from vManage authorized device list.
Below list from my-lab:
As you see there is column called "Serial No./Token" which means that till device gets certificate we have Token for device (temporary values till final authorization). And we manually select Chassis-number/ Token and add to router with above mentioned CLI command.
This list exists on all controllers (pushed from vManage).
- vBond at the initial stage authorizes cloud routers with chassis-number and token.
- Then vBond sends other controllers' info (including vManage) to router (normal,SD-WAN behavior).
- vManage understands that new router is added and based on cloud router certification option (which is vManage-CA-based by default, can be enterprise CA-based as well, FYI) it generates CSR for router and signs certificate for router.
- Then in "Serial No./Token" we see Serial of the certificate file.
- This new info is also pushed to all controllers and router is forced to be re-authorized by vBond.
- vBond knows new authorization info (Serail No instead of Token) and authorizes router again.
Note: to have such list, you need to manually add routes in Cisco Smart Account PNP portal. There is option to select vedge-cloud, CSR1K, CAT8Kv)
Deploy / Option 2 / Procedure 2 describes that step (with request command) on cloud devices:
HI,
good question.
Since it is virtual device it normally does not have information that can be verified by controllers.
But we add virtual vEdge devices (also cEdge like CSR1K, Cat8Kv) with this command: request vedge-cloud activate chassis-number [] token [] (for IOS XE: request platform software vedge-cloud activate).
Chassis-number and token we get from vManage authorized device list.
Below list from my-lab:
As you see there is column called "Serial No./Token" which means that till device gets certificate we have Token for device (temporary values till final authorization). And we manually select Chassis-number/ Token and add to router with above mentioned CLI command.
This list exists on all controllers (pushed from vManage).
- vBond at the initial stage authorizes cloud routers with chassis-number and token.
- Then vBond sends other controllers' info (including vManage) to router (normal,SD-WAN behavior).
- vManage understands that new router is added and based on cloud router certification option (which is vManage-CA-based by default, can be enterprise CA-based as well, FYI) it generates CSR for router and signs certificate for router.
- Then in "Serial No./Token" we see Serial of the certificate file.
- This new info is also pushed to all controllers and router is forced to be re-authorized by vBond.
- vBond knows new authorization info (Serail No instead of Token) and authorizes router again.
Note: to have such list, you need to manually add routes in Cisco Smart Account PNP portal. There is option to select vedge-cloud, CSR1K, CAT8Kv)
Deploy / Option 2 / Procedure 2 describes that step (with request command) on cloud devices:
