Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
159
Views
1
Helpful
2
Replies

SDWAN-LAB only mpls connections

vivarock12
Level 1
Level 1

‎04-19-2024 04:31 PM

hello,

So in my lab i just have 3 CEDGE (CRSv) and i want to connect them to the controllers the only consideration is that the link are MPLS ONLY or in this case i put gi1 color private1  and gi2 color private2 on the SDWAN-DC device and i created router pointing to the .2 on the interface of the CORE-CTT.

vivarock12_2-1713568494079.png

in the CORE-CCT router so in there i have only a nat overload on the interface that is connected to the cloud(that were my vmware with the controllers are).

vivarock12_3-1713568651130.png

the red line is ip nat outside interface and the green ones are the inside part.

from the CEDGE part i can reach the ip address from the controlles via ping and i have already add the certificate on the device and the token too.

vivarock12_4-1713568817495.png

so the problem is that my CEDGE ROUTER  cant connect to the controller so is ther any special consideration i should have or maybe concept error with the nat?

heres the configuration of the CEDGE. and the process i follow to register the device to the vbond.

system
system-ip 50.1.1.1
site-id 503001
admin-tech-on-failure
organization-name labgam
vbond 10.200.200.10
!
ip host vbond 10.200.200.10
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip route 0.0.0.0 0.0.0.0 172.17.1.2
!
interface GigabitEthernet1
no shutdown
ip address 172.16.1.3 255.255.255.248
no mop enabled
no mop sysid
negotiation auto
exit
interface GigabitEthernet2
no shutdown
ip address 172.17.1.3 255.255.255.248
no mop enabled
no mop sysid
negotiation auto
exit
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
interface Tunnel2
no shutdown
ip unnumbered GigabitEthernet2
tunnel source GigabitEthernet2
tunnel mode sdwan
!
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec
color private1
exit
exit
interface GigabitEthernet2
tunnel-interface
encapsulation ipsec
color private2
exit
exit

-----------------------------------------------------------------------------
Certificado:
-----------------------------------------------------------------------------
tclsh
puts [open "flash:ROOTCA.pem" w+] {
sdfgsdfsdf
-----END CERTIFICATE-----
}
!
!
!cargar el certificado
!
!
request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem
!
!
!registrar el equipo
request platform software sdwan vedge_cloud activate chassis-number CSR-xx-xx-xx-xx-xx Token XXXXXXXXXXXXXXXXXX

 

thanks for the help by the way.

 

 

 

Labels:
2 Replies 2

Kanan Huseynli
VIP
VIP

‎04-20-2024 10:29 PM

Hi,

share show sdwan control local-properties

show sdwan control connections
show sdwan control connection-history

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎04-21-2024 12:02 AM

Couple of questions :

1. On SD-WAN vmanage do you have Licenses for the devices you trying to join ?

2. organization-name labgam  (on the diagram you show as gamlab, did you configure same on vManage - this is very key configuration.

3. request platform software sdwan vedge_cloud activate chassis-number CSR-xx-xx-xx-xx-xx Token XXXXXXXXXXXXXXXXXX  - is this works ?

4. if you are using only static routing, make sure they are reachable end to end (both the side).

apart from that @Kanan Huseynli  also asked some output that helps.

I have similar SD-WAN Lab works as expected as below :

https://www.balajibandi.com/?p=2028

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents