Guest

Preview Tool

Cisco Bug: CSCvv91481 - No SSH connectivity between cAPIC and CSRs + Incomplete CSR (Intf) Config

Last Modified

Oct 06, 2020

Products (1)

  • Cisco Cloud Application Policy Infrastructure Controller

Known Affected Releases

5.0(2e)

Description (partial)

Symptom:
### Issue is that the cAPIC cannot SSH to the CSRs on their OOB intfs (Gi1) public IPs
###### This seems to be a requirement for Netconf which fails
###### Repeated connection attempts are seen in the cAPIC csrdriver logs (/var/sysmgr/tmp_logs/csrdriver.log)
###### cAPIC->CSR SSH/tcp22 connections are stuck in SYN_SENT as per netstat
###### Also confirmed in tcpdump. No return traffic observed from CSR

### SSH from cAPIC OOB intf private IP to the CSR OOB intf (Gi1) PRIVATE IP works

### Relevant hcloudSecurityGroupOper MOs are present for cAPIC and CSRs
### The cAPIC OOB intf public IP is missing its hcloudRouteTableEntry object
### The CSR OOB (Gi1) hcloudRouteTableEntry MO is present though

### CSRs are thus missing most of their config. I.e. missing crypto, OSPF and BGP config

### Checking the CSR CVAC (Cisco Virtual Appliance Configuration subsystem in IOS XE) logs (bootflash:/cvac.log) there are almost no errors aside from ...
######  An attempt (w/ incorrect syntax) to delete default route
###### Errors which are cosmetic and match existing known IOS XE defects

Conditions:
### New deployment of cAPIC and CSR onto Azure using ACI fw rel 5.0(2h), MSO 3.0(2j) and CSR IOS XE 17.1.1

### Followed the Cisco cAPIC for Asure Install Guide Rel 5.0(x) and are stuck after finishing the cAPIC Setup Wizard (router section)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.