cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40348
Views
85
Helpful
50
Replies

Viptela Vmanage

xshant
Level 1
Level 1

I installed Vmanage on a virtual machine. On Vmanage i selected manual root certificate and generated certificate with "Generate CSR", it generated a .csr file, now i wanted to install this certificate for vManage and when uploading the certificate it gives me error saying "cannot decrypt serial number from the certificate".? Where do i get the serial number, its a VM? Is this the right way to do it, do i need to install this certificate for vManage?

50 Replies 50

Hi David,

thank you so much for your help. I tried to access "software.cisco.com" but unfortunately I dont have access for this portal. 

 

I am testing it in SD-WAN in lab at the moment so do I have to follow same procedure to get Demo licenses for vEdgecloud routers or any other way to download .viptela file for WAN edges in lab testing for partners?

 

Thanks

Imran

Hi David,

 

I am trying to build my own lab on vmware esxi. I have already deployed the vmanage, vbond and vsmart using Enterprise root CA. The valida vedge cloud list is also uploaded. But when I want to apply the bootstrap config for the vedge, I couldn't find where to apply it. When I use the request vedge-cloud activate command with the chassis and token genereated from vmanage, I get a certificate installation failure message on vmanage and the vbond reject the connection with the error "ERR_SER_NUM_NT_PRESENT". Is there a step or setting I am missing here?

@cisabucho you need provisioning file uploaded to vManage for this. You can generate it on software.cisco.com under your Smart Account - Controller profile if you have software subscription license for vEdge Clouds. 

Hi David, 

I have interesting problem with trying to spin-up vEdge-cloud:

Everything went well until the registration attempt. Then in some cases the command "request vedge-cloud activate" didn't register vEdge in vManage. In vManage GUI the red badge with message Certificate Installation Error appears when you mouse over the badge. However, if you went to affected vEdge CLI and just repeat the command (arrow up then enter) the vEdge get registered.

Problem is repeatable for some VM instances and not appear on other. the VM hypervisors are the same, the network are the same, the only differences is hosting PC CPU performance. I stuck with guesses why it sporadically happened. 

 

Hello @scjmosclts 
I am encountering more or less the same problem. Were you able to solve it? If yes can you please tell me how?

Thanks

Hi @mamamou and @scjmosclts,

 

I had recently seen the same. The issue was the clock on the vEdge Cloud. Please either synchronize it with NTP or set it manually. Also make sure to setup the timezone. Needless to say, all your controllers should have accurate clock. With vEdge Cloud, vManage issues the certificate post-OTP authentication. This process fails when the time drift between vEdge Cloud and vManage is too significant.

 

Hope this helps.

David

@DavidKlebanov

 

Twitter: @DavidKlebanov

@David Klebanov 
Thanks a lot for your quick answer. Your advise have been really helpful. 
However now I am facing another problem. 
I can see that vsmart, vedge and vbond are up and synchronized on vManage graphical interface. However on the dashboard I still get that the control plane connectivity is down. And when I run the command "show control connectivity" I see that the vedge have not established a dtls tunnel with vSmart.
Any clue for what can be the probllem?

Thanks,

Mouna

Please go to vEdge CLI and execute “show control connections-history” command. Paste the output here. There are various error codes that typically very clearly indicate why control connections are failing.
Twitter: @DavidKlebanov

so this is what  get after running the show command.
and I suppose the errors I am getting are "DISTLOC - TLOC Disabled. " and "DCONFAIL - DTLS connection failure."

 

Thanks,

Mouna

 

It is me again, 
thanks for suggesting the show command. 
It helped me figure out that some how I changed the certificate of  the vedge while trying to reach the control plane, so it ened up connecting to vmanage and vbond but not to vsmart. 

Thanks a lot for your help,

 

Best regards, Mouna

I am glad it helped ☺
Twitter: @DavidKlebanov

Hi, David.

I am trying to build my own lab on vmware esxi. I have already deployed the vmanage, vbond and vsmart using Enterprise root CA.
The valida vedge cloud list (.viptela) is also uploaded.
According to the second scenario:
1. I have made configuration on the vEdge.
2. Installed root CA to the vEdge.
3. On vManage made Configuration > Devices. Select unused vEdgeCloud entry, click on the right sight on the more options button and select Generate bootstrap configuration.
4. On vEdge made configration: request vedge-cloud activate chassis <UUID> token <token>
5. I check on vManage: Configuration -> Certificates -> WAN Edge List and see status for the current vEdge:
State - "red icon" (certificate installation failed)
Hostname - correct
IP address - correct
Validate - valid.

The same status: Configuration -> DEVICES -> WAN Edge List.
State - "red icon" (certificate installation failed)

Could help me. How I can solve problem with invalid cert for vEdge router.

Thank you.

@David Klebanov I have been using sd-wan in production environment. Now, my certificates are expired and the auto-generation process is failed. How do i get new certificates.

 

 

 

REgards,

 

AA

Do not enable a tunnel interface under the vpn0 interface or the vManage will not be able to connect to the vBond to add it.
I hope this is helpful :D

I deleted everything under VPN0 but still can't add the vbond device from the vmanage. I can ping the vmanage via vpn 512 from vbond. I just get the 'failed to add device Network is unreachable'.

Any other ideas?

vpn 0
!
vpn 512
interface eth0
description Mgmt
ip address 192.168.x.142/25
no shutdown
!
ip route 0.0.0.0/0 192.168.x.129
!

Review Cisco Networking for a $25 gift card