Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1286
Views
0
Helpful
6
Replies
daniellsaccount
Beginner
Beginner
‎08-30-2019 10:18 AM
‎08-30-2019 10:18 AM

vSmart does not get enterprise root certificate from vManage

Hello,

 

I'm setting up a lab and encountered the following issue: after adding vbond and successfully applying a certificate and template to it I tried to do the same with vSmart. But vSmart does not accept the cert because it does not have a correct enterp. root certificate ("show cert root" confirmed).  For some reason vManage does not push root cert to vSmart the same way it did with vBond.

 

-vManage vBond and vSmart are all on public IPs and able to reach each other

- I updated vSmart to 18.4.3 and configured from a scratch with the same result

 

vSmart ver 18.4.3

vManage ver 18.4.1

vBond ver 18.3.7

 

Does anyone have any suggestions?

 

Regards,

 

Dan

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
daniellsaccount
Beginner
Beginner
‎09-04-2019 05:53 AM
‎09-04-2019 05:53 AM

Found a solution.

 

Although vManage was able to communicate to vSmart something was off and it was not able to put enterprise root certificate.

 

It went well the moment I did:

conf t

omp

shutdown

vpn 0

int eth0

no tunnel-interface

commit and-quit

(not sure which one, omp or tunnel-int, was the cause of the issue)

 

The problem was that i followed closely Viptela documentation and for some reason the initial configuration they ask to configure did not allow enterp. root cert to be installed

https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Viptela_Overlay_Network_Bringup/06Deploy_the_vSmart_Controller/03Configure_the_vSmart_Controller

 

Regards,

 

Dan

 

 

View solution in original post

0 Helpful
6 REPLIES 6
TusharGaba0848
Beginner
Beginner
‎08-30-2019 10:53 PM
‎08-30-2019 10:53 PM

I faced a similar issue back in the days once, but worked for me second time I tried, just readded the vSmart on vManage, I am running Platform Version: 19.1.0 for vManage in my Lab and works like a charm for me. Upgrade may be?

 

Thanks

0 Helpful
Srikanth Reddy Navuluri
Beginner
Beginner
‎08-31-2019 06:47 AM
‎08-31-2019 06:47 AM

Your vManage version is lower than the the vSmart. Just upgrade and check.

 

Thanks,

Srikanth

0 Helpful
daniellsaccount
Beginner
Beginner
‎09-03-2019 11:41 AM
‎09-03-2019 11:41 AM

I updated vManage,vBond and vSmart to 19.2.0  - still no ent. root on vSmart

Re-added vSmart a few times - still no ent. root on vSmart

 

-tried to use "request root-cert-chain install tftp://x.x.x.x/rootCA.pem" command  but it does not work ("must match pattern" syntax error - I don't know whats wrong with that)

-tried to use request download command - no luck

-tried to copy rootca.pem using vshell -   wget and tftp commands - no luck - vshell does not download properly ( tftp server is reachable and confirmed, connectivity confirmed)

Not sure what to do at this point, I'm not going to type in rootca.pem manually using VIM but I can't put the file to the vSmart at this time.

 

0 Helpful
Srikanth Reddy Navuluri
Beginner
Beginner
In response to daniellsaccount
‎09-03-2019 09:47 PM
‎09-03-2019 09:47 PM

vManage can directly push the enterprise root CA to other controllers once added in the vManage.

What is your controllers certificate setting on the vManage?

 

Thanks,

Srikath

0 Helpful
Srikanth Reddy Navuluri
Beginner
Beginner
In response to daniellsaccount
‎09-03-2019 09:51 PM
‎09-03-2019 09:51 PM

I would suggest you to have a look at below section of the free training.

Cisco SD-WAN Controllers Bring up
-vManage Install
-vManage Transport Config
-Root-CA installation
-vManage install signed certificate
-vManage Sync Root Certificate
-vManage System Config
-vBond Initial Config
-vSmart Initial Config
-Add vBond and vSmart to vManage
-Certificate Install and Control Plane
-Review of Cisco SD-WAN Controller Bring up

https://learnedze.com/free-cisco-sd-wan-training/

 

Thanks,

Srikanth

0 Helpful
daniellsaccount
Beginner
Beginner
‎09-04-2019 05:53 AM
‎09-04-2019 05:53 AM

Found a solution.

 

Although vManage was able to communicate to vSmart something was off and it was not able to put enterprise root certificate.

 

It went well the moment I did:

conf t

omp

shutdown

vpn 0

int eth0

no tunnel-interface

commit and-quit

(not sure which one, omp or tunnel-int, was the cause of the issue)

 

The problem was that i followed closely Viptela documentation and for some reason the initial configuration they ask to configure did not allow enterp. root cert to be installed

https://sdwan-docs.cisco.com/Product_Documentation/Getting_Started/Viptela_Overlay_Network_Bringup/06Deploy_the_vSmart_Controller/03Configure_the_vSmart_Controller

 

Regards,

 

Dan

 

 

View solution in original post

0 Helpful
Latest Contents
SD-WAN Advanced Deployment | Part.1
Created by Mohamed Alhenawy on 04-16-2021 12:13 AM
0
15
0
15
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN.  What is SD-WAN?   SD-WAN is Software define wide area network and SD-WAN is key part of the technology o... view more
Cisco Meraki IoT specialist will introduce you to new and in...
Created by sullskog on 04-15-2021 01:09 AM
0
0
0
0
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.         Meraki Vision Session MV smart camera range is getting big... view more
Dynamic Routing Protocols with IPv6: Configuration, Verifica...
Created by ciscomoderator on 04-13-2021 02:39 PM
0
5
0
5
To participate in this event, please use the  button to ask your questions Dynamic Routing Protocols & IPv6 Have any questions on dynamic routing protocols with IPv6? In this event we will answer all your questions related to dynamic routing pro... view more
SD-WAN Advanced Deployment | Part.1
Created by Mohamed Alhenawy on 04-13-2021 09:24 AM
0
15
0
15
Today I'm going to talk about SD-wan including SD-WAN advanced , first thing let's take a small brief about the SD_WAN.What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology of software-definednetworking ... view more
Living on the Edge with the Secure Cats
Created by almuench on 04-07-2021 01:34 PM
0
0
0
0
The cat's out of the bag! In October 2020, Cisco announced the Next Generation of Enterprising Routing Platforms: the Catalyst 8000 Edge Platforms Family including the Catalyst 8200, Catalyst 8300, Catalyst 8500, and Catalyst 8000V. The new family of Cats... view more
Content for Community-Ad

This widget could not be displayed.