This topic is to discuss the following lesson:
Is there an alternative for the tclsh command?
On my C8000v - 17.09.04 I get the output:
Site1-R-1#tclsh
This command is not supported in Controller mode.
Hello Sycor
I have been unable to find any definitive information about this particular error in specific Cisco documentation. However, my understanding is that the tclsh command is only available in non-controller devices. Controller devices are the vManage, vBond, and the vSmart devices. The “controller mode” here I assume referrs to the fact that the device detects that it is in one of these three other modes, which don’t support the TCL shell. Make sure that the rest of your configurations are set up as in the lesson to ensure that the device is not running as a vBond or vSmart controller. Take a look and let us know how you get along. If this doesn’t resolve it let us know so we can help you further…
I hope this has been helpful!
Laz
Hello all. When I compared the config to onboard vEdge devices, vs cEdge devices I see some configurations differences in the VPN setup forVPN 0 and 512.
In a vEdge I see different VPN are configured with the following config
vpn x
interface x
ip route x/x next hop
But in a cEdge, I don’t see the vpn command? Is it using vrf commands?
Hello Jason
cEdge and vEdge devices are inherently different. cEdge devices are Cisco-based ISRs or ASRs while vEdge devices are purpose-built SD-WAN devices developed by Viptela (the company Cisco acquired that had SD-WAN solutions). So unavoidably, the method of implementation, syntax, and commands, will be somewhat different. For a more comprehensive outline of the differences between these two devices, take a look at this NetworkLessons note on the topic of vEdge vs cEdge.
Since the syntax is different the way that the VPN0 (underlay network) is configured is also different. On a vEdge we do indeed use the vpn command, and under that command, we reference the interface that will be used as well as the route to the next hop.
On a cEdge device, we actually do this by first configuring the interfaces, and then, under the sdwan configuration mode, we reference the interfaces and then create tunnel interfaces. This conforms more to the configuration you would expect on a Cisco device with the creation of tunnel interfaces.
So it’s all about the creation of the tunnels. In one case you use the vpn command and configuration mode, in the other you use the sdwan configuration mode. In both cases, tunnels are created which correspond to the VPN 0 underlay network.
I hope this has been helpful!
Laz
1 Like
Hello Daniel, one way to do this will be to use guestshell and create the pem file manually in gueshare folder and install the certificate as shown in the main topic.
the path would be bootflash:/guestshare
Helped me out
Hello Srinivasan
Using Guestshell on a Cisco IOS XE-based cEdge device can be a useful workaround for handling certificates during SD-WAN onboarding. If the automated process is not feasible or the cEdge cannot directly reach the CA, Guestshell allows you to generate certificate signing requests (CSRs), store certificates locally, and transfer them manually. However, since Guestshell does not act as a CA, certificates still need to be signed externally before installation. This approach provides flexibility in certificate management when direct CA access is unavailable.
Thanks for sharing your experience and your suggestions, it’s always helpful to the community!
Laz
Hello, I’ve followed the lesson but I’m unable to see my cEdge in vManage. I have connecitivity (I ping from cEdge to all controllers and vice versa) but they’re still not showing in vManage. I’m running Version 16.12.02r on the edges.
Can you please assist me?
