Authentication between vEdge Router & vManage NMS

Authentication between vEdge Router & vManage NMS

Authentication between vEdge Router & vManage NMS

Once the vEdge router and vBond authorized each other, vEdge router receives its full configuration over DTLS connection with vManage NMS

Following are the steps:

  • vEdge router establish a DTLS connection with vManage
  • vManage will send the configuration file to vEdge Router
  • After the Configuration file receive from vManage, vEdge will activate its full configuration
  • vEdge router starts advertising prefixes to vSmart Controller

Below is the step by step described, how automatic authentication happens between vEdge and vManage

First vEdge router initiates an encrypted DTLS connection to the IP address of the vManage NMS. Over this encrypted Tunnel, vEdge and vManage will authenticate to each other.

Now let’s see how vEdge Router will authenticate the vManage NMS.

  1. vManage will send its trusted root CA signed certificate to vEdge Router
  2. vEdge Router uses it chain of trust to extract the organization name from certificate and match it with its own, if they don’t match it will tear down the DTLS connection.
  3. If the name matches , vEdge router uses its root CA chain to verify that vManage certificate is signed by root CA , if it is not so then vEdge router will tear down the connection
  4. And if the Root certificate is validated vEdge router now knows that vManage is valid and after this process authentication of vManage NMS is complete


    You are will be the first.


Please login here to comment.