Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

show control local-properties

show control local-properties—Display the basic configuration parameters and local properties related to the control plane (on vEdge routers, vManage NMSs, and vSmart controllers only).

Command Syntax

show control local-properties [parameter]

Options

None
Display the basic configuration parameters and local properties related to the control plane.
Information about a Specific Parameter
parameter
Display configuration information about a specific parameter. parameter can be one of the following​: board-serial, certificate-not-valid-after, certificate-not-valid-before, certificate-status, certificate-validity, device-type, dns-cache-flush-interval, dns-name​, domain-id, ip-address-list​, keygen-interval​, max-controllers, no-activity, number-active-wan-interfaces, number-vbond-peers​, organization-name, port-hopped, protocol, register-interval, retry-interval, root-ca-chain-status, site-id, system-ip, time-since-port-hop, tls-port, uuid​, vbond-address-list​, vedge-list-version, vsmart-list-version, and wan-interface-list.

Output Fields

The following fields are shown in a list format in the command output:

Field

Explanation

certificate-not-valid-before
certificate-not-valid-after

Time range when the certificate is valid.

certificate-status

Whether a signed certificate is installed on the device. For more information, see Configure Certificate Settings, Add a vSmart Controller, and Add the vEdge Routers.

certificate-validity

Status of the device's certificate.

chassis-num/unique-id

Chassis number or unique device identifier (uuid) of the device.To display only the uuid, specify the uuid parameter in the show control local-properties command.

dns-cache-ttl When to time out the cache of vBond orchestrator addresses that have been cached by the local device. The default is 30 minutes. You configure this time with the dns-cache-timeout command. To display only the DNS cache timeout value, specify the dns-cache-flush-interval parameter in the show control local-properties command.

dns-name

​Name or IP address of the DNS server in the VPN. You configure this with the dns command.

domain-id

Identifier of the domain that the device is a member of. You configure this with the domain-id command.

keygen-interval

(On vEdge routers only.) How often the vEdge router generates a new AES key for its data path. The default is 86,400 seconds (24 hours). You configure this value with the rekey command.

no-activity-exp-interval

When to time out a DTLS or TLS connection if the local device stops receiving keepalive messages from the remote end of the session. The default timeout interval is 12 seconds. You cannot configure this interval. To display only this interface, specify the no-activity parameter in the show control local-properties command.

number-active-wan-interfaces

Number of WAN interfaces that are currently active on the local device. WAN interfaces are in VPN 0, which is the WAN transport VPN.

number-vbond-peers

​Number of active vBond peering sessions active on this device. vSmart controllers have one permanent peering session to each vBond orchestrator in the network. vEdge routers have a transient peering session with one of the vBond orchestrators as the router is joining the overlay network. This session is closed after the vEdge router establishes a control session to a vSmart controller. For more information, see Bringup Sequence of Events.

organization-name

Name of your organization, as specified in the device's certificate.

personality Type of Viptela device. To display only the personality, specify the device-type parameter in the show control local-properties command.
port-hopped Whether port hopping has occurred. For more information, see the port-hop command.

protocol

Control connection protocol. It can be dtls (the default) or tls. You configure this with the control protocol command.

retry-interval

How long the device waits when retrying to establish a control connection. The time is generally starts in the range of 15 to 20 seconds, and longer intervals are tried after an attempt to establish a connection fails. You cannot configure this interval.

root-ca-chain-status

Whether a chain of trust is installed. For more information, see Bringup Sequence of Events.

serial-num

Serial number of the device. To display only the serial number, specify the board-serial parameter in the show control local-properties command.

site-id

Identifier of the site where the device is located. You configure this with the site-id command.

system-ip

System IP address of the local device. You configure this with the system-ip command.

time-since-last-port-hop How long since port hopping was last performed on a control connection.

tls-port

For TLS control connections, the port being used for the control connections. The default port is 23456. You configure the port with the tls-port command.

vedge-list-version (On vSmart controllers only.) Version number of the vEdge router list that the device received from the vManage NMS.
vsmart-list-version Version number of the vSmart controller list that the device received from the vManage NMS.

The following fields are shown in tabular format in the command output. To display only this information, specify the wan-interface-list parameter in the show control local-properties command.

Field

Explanation

Carrier Carrier or private network identifier associated with the tunnel interface for the control connection. You configure this with the carrier command.

Color

Color that identifies a data traffic flow in a VPN. The default color is default. You configure this value with the color command.

Instance (On vManage NMSs and vSmart controllers only.) Number that identifies the Viptela process (vdaemon) instance.
Interface Name of interface used for the control session.

LR/LB

(On vEdge routers only, generally for cellular interfaces.)
LR—Whether the interface is a last-resort interface. You configure this with the last-resort-circuit command.
LB—Whether the interface is a low-bandwidth link. For routers with LTE modems, this property is enabled by default; for other routers, it is disabled. You configure this with the low-bandwidth-link command.
Max Cntrl (On vEdge routers only.) Maximum number of vSmart controllers that the vEdge router is allowed to connect to. The default is 2. To change this value, use the max-control-connections command.
NAT Type

(On vEdge routers only.) Type of NAT device that the interface is operating as:
A—Address-port–dependent NAT
E—End-point–independent NAT
N—NAT not configured or NAT type not learned

Private IPv4,
Private IPv6

Private IPv4 or IPv6 address of the connected Viptela device. This is the device's system IP address.

Private Port

Port number associated with the private IP address.

Public IPv4

Public IPv4 address of the connected Viptela device.

Public Port

Port number associated with the public IP address.

Restrict/Control/STUN

(On vEdge routers only.) Whether the TLOCs that the local device can establish tunnel connections to are limited (restricted), and whether the tunnel connection attempts to establish a DTLS or TLS control connection for a TLOC.

SPI Time Remaining (On vEdge routers only.) How many seconds remain before the IPsec SPI key is regenerated. The default is 86400 seconds (24 hours). To change, this value, use the rekey command.
State

State of the control interface:
down—Interface has not been configured.
up—Interface has been configured.

VM Con Prf Preference for using the tunnel on this interface to exchange control traffic with the vManage NMS. The default is 5. To change this value, use the vmanage-connection-preference command.
VS/VM Number of control connections to vSmart controllers and vManage NMSs.

Example Output

vEdge# show control local-properties
personality                  vedge
organization-name            Viptela, Inc.
certificate-status           Installed
root-ca-chain-status         Installed

certificate-validity         Valid
certificate-not-valid-before Dec 15 18:06:59 2016 GMT
certificate-not-valid-after  Dec 15 18:06:59 2017 GMT

dns-name                     10.0.12.26
site-id                      100
domain-id                    1
protocol                     dtls
tls-port                     0
system-ip                    172.16.255.11
chassis-num/unique-id        b5887dd3-3d70-4987-a3a4-6e06c1d64a8c
serial-num                   12345714
vsmart-list-version          0
keygen-interval              1:00:00:00
retry-interval               0:00:00:19
no-activity-exp-interval     0:00:00:12
dns-cache-ttl                0:00:02:00
port-hopped                  TRUE
time-since-last-port-hop     0:00:43:16
number-vbond-peers           0
number-active-wan-interfaces 1

NAT TYPE: E -- indicates End-point independent mapping
          A -- indicates Address-port dependent mapping
          N -- indicates Not learned
          Note: Requires minimum two vbonds to learn the NAT type
                                                                                                                                                                                       VM
           PUBLIC          PUBLIC PRIVATE         PRIVATE                                 PRIVATE                             MAX     CONTROL/            LAST         SPI TIME   NAT  CON
INTERFACE  IPv4            PORT   IPv4            IPv6                                    PORT    VS/VM COLOR           STATE CNTRL   STUN         LR/LB  CONNECTION   REMAINING  TYPE PRF
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ge0/0      10.1.15.15      12426  10.1.15.15      ::                                      12426    0/0  lte              up    2      no/yes/no   No/No  0:00:00:16   0:11:26:41  E    5
ge0/3      10.0.20.15      12406  10.0.20.15      ::                                      12406    0/0  3g               up    2      no/yes/no   No/No  0:00:00:13   0:11:26:45  N    5

Some information, including the vBond as a STUN server and low-bandwidth link settings, is displayed only in the XML version of the command output:

vEdge# show control local-properties wan-interface-list 
                                                                                                                                      RESTRICT/
           PUBLIC          PUBLIC PRIVATE         PRIVATE                                 PRIVATE                              MAX    CONTROL/           LAST         SPI TIME
INTERFACE  IPv4            PORT   IPv4            IPv6                                    PORT    VS/VM COLOR            STATE CNTL   STUN        LR/LB  CONNECTION   REMAINING                                                                           STUN
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ge0/2      10.0.5.11       12366  10.0.5.11       ::                                      12366    2/0  lte              up    2      no/yes/no   No/No  0:00:16:22   0:11:42:46  

vEdge# show control local-properties wan-interface-list | display xml
<config xmlns="http://tail-f.com/ns/config/1.0">
  <control xmlns="http://viptela.com/security">
  <local-properties>
  <wan-interface-list>
    <instance>0</instance>
    <index>0</index>
    <interface>ge0/2</interface>
    <public-ip>10.0.5.11</public-ip>
    <public-port>12366</public-port>
    <private-ip>10.0.5.11</private-ip>
    <private-port>12366</private-port>
    <num-vsmarts>2</num-vsmarts>
    <num-vmanages>0</num-vmanages>
    <weight>1</weight>
    <color>lte</color>
    <carrier>default</carrier>
    <preference>0</preference>
    <admin-state>up</admin-state>
    <operation-state>up</operation-state>
    <last-conn-time>0:00:16:27</last-conn-time>
    <restrict-str>no</restrict-str>
    <control-str>yes</control-str>
    <per-wan-max-controllers>2</per-wan-max-controllers>
    <private-ipv6>::</private-ipv6>
    <spi-change>0:11:42:41</spi-change>
    <last-resort>No</last-resort>
    <wan-port-hopped>TRUE</wan-port-hopped>
    <wan-time-since-port-hop>0:00:19:11</wan-time-since-port-hop>
    <vbond-as-stun-server>no</vbond-as-stun-server>
    <vmanage-connection-preference>5</vmanage-connection-preference>
    <low-bandwidth-link>No</low-bandwidth-link>
  </wan-interface-list>
  </local-properties>
  </control>
</config>
vSmart# show control local-properties
personality                  vsmart
organization-name            Viptela, Inc.
certificate-status           Installed
root-ca-chain-status         Installed

certificate-validity         Valid
certificate-not-valid-before Dec 15 18:07:15 2016 GMT
certificate-not-valid-after  Dec 15 18:07:15 2017 GMT

dns-name                     10.0.12.26
site-id                      100
domain-id                    1
protocol                     dtls
tls-port                     23456
system-ip                    172.16.255.19
chassis-num/unique-id        4fc2a9b0-1dc3-4a1e-b1a4-9c565e6ab12b
serial-num                   12345707
vedge-list-version           0
vsmart-list-version          0
retry-interval               0:00:00:18
no-activity-exp-interval     0:00:00:12
dns-cache-ttl                0:00:02:00
port-hopped                  FALSE
time-since-last-port-hop     0:00:00:00
number-vbond-peers           1

INDEX   IP                                      PORT
-----------------------------------------------------
0       10.0.12.26                              12346  

number-active-wan-interfaces 2

                    PUBLIC          PUBLIC PRIVATE         PRIVATE                                 PRIVATE                               LAST
INSTANCE INTERFACE  IPv4            PORT   IPv4            IPv6                                    PORT    VS/VM  COLOR            STATE CONNECTION
----------------------------------------------------------------------------------------------------------------------------------------------------
0        eth1       10.0.5.19       12346  10.0.5.19       ::                                      12346     1/0   default          up    0:00:00:17
1        eth1       10.0.5.19       12446  10.0.5.19       ::                                      12446     0/0   default          up    0:00:00:17
vManage# show control local-properties 
personality                  vmanage
organization-name            Viptela, Inc.
certificate-status           Installed
root-ca-chain-status         Installed

certificate-validity         Valid
certificate-not-valid-before Mar 01 00:07:31 2016 GMT
certificate-not-valid-after  Mar 01 00:07:31 2017 GMT

dns-name                     10.1.14.14
site-id                      200
domain-id                    0
protocol                     dtls
tls-port                     23456
system-ip                    172.16.101.20
chassis-num/unique-id        9f9e3ca9-b909-43c5-be0e-acb819a45dc0
serial-num                   1234560A
vedge-list-version           1
vsmart-list-version          0
retry-interval               0:00:00:19
no-activity-exp-interval     0:00:00:12
dns-cache-ttl                0:00:02:00
port-hopped                  FALSE
time-since-last-port-hop     0:00:00:00
number-vbond-peers           1

INDEX   IP                 PORT
-------------------------------
0       10.1.14.14         12346  

number-active-wan-interfaces 2

                    PUBLIC           PUBLIC  PRIVATE          PRIVATE                                                      LAST           
INSTANCE INTERFACE  IP               PORT    IP               PORT     VS/VM  COLOR            CARRIER             STATE   CONNECTION
---------------------------------------------------------------------------------------------------------------------------------------
0        eth1       10.0.12.22       12346   10.0.12.22       12346    2/0    default          default             up       0:00:00:07   
1        eth1       10.0.12.22       12446   10.0.12.22       12446    0/0    default          default             up       0:00:00:08

Release Information

Command introduced in Viptela Software Release 14.1.
In Release 16.1, add instance field to output for vSmart controllers and vManage NMSs.
In Release 16.2, add SPI Time Remaining and Last-Resort Interface fields to output for vEdge routers.
In Release 16.3, add display information about IPv6 WAN interfaces, NAT type, low-bandwidth interface, and vManage connection preference.

  • Was this article helpful?