Back to All Scenarios
PASSEDvendor / cisco_catalyst_sdwan_vedge_offline
Cisco Catalyst SD-WAN vEdge Offline
A Cisco Catalyst SD-WAN vEdge router at a critical branch office goes offline after a control connection failure to all vSmart controllers, isolating the branch from the SD-WAN fabric and dropping all overlay paths.
Pattern
CISCO_EVENT
Severity
CRITICAL
Confidence
85%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CISCO_EVENT | CISCO_EVENT | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 30 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Cisco Catalyst SD-WAN (Viptela). vEdge 2000 at branch with 200 users. Control connections to all 3 vSmart controllers lost. OMP peering down. All IPsec overlay paths torn down. Branch isolated from corporate WAN.
Injected Error Messages (3)
cisco vManage reporting vEdge offline — branch-office-ATL vEdge 2000 (system-ip: 10.255.0.50) lost control connections to all 3 vSmart controllers, cisco sd-wan OMP peering down, device last seen: 35 minutes ago, cisco vManage showing vEdge status: unreachable, all overlay paths from branch-ATL: down, cisco sd-wan control plane connectivity: lost
cisco vEdge 2000 at branch-ATL control plane failure — DTLS control connections to vSmart controllers at 10.50.11.101/102/103 all not responding, cisco sd-wan OMP routes withdrawn, all IPsec data plane paths torn down (was connected to 8 remote sites), cisco vEdge falling back to direct internet routing only, no access to corporate applications via sd-wan overlay
branch office Atlanta completely isolated from corporate sd-wan — cisco vEdge 2000 lost all overlay connectivity, 200 branch users cannot access HQ applications, file shares, or phone services, cisco sd-wan policy-based routing non-functional, only direct internet access available via local breakout, branch-to-branch communication through sd-wan fabric: completely down
Neural Engine Root Cause Analysis
The branch-office-ATL vEdge 2000 device has lost control plane connectivity to all three vSmart controllers in the Cisco SD-WAN fabric, resulting in complete isolation from the overlay network. This is evidenced by the device being unreachable for 35 minutes, all overlay tunnels being down, and OMP peering failures. The presence of 12 correlated incidents within the same time window suggests either a broader network infrastructure failure affecting multiple sites, a central control plane issue with the vSmart controllers, or a cascading failure propagating through the SD-WAN fabric.
Remediation Plan
1. Verify physical connectivity and power status of the branch-ATL vEdge 2000 device. 2. Check underlay network connectivity from the branch site to vSmart controller IPs. 3. Validate vSmart controller health and capacity - check if all three controllers are operational. 4. Review vEdge device logs for DTLS tunnel establishment failures or authentication issues. 5. Verify control plane policies and certificates haven't expired. 6. If underlay is healthy, restart control connections on vEdge or perform device reboot. 7. Investigate the 12 correlated incidents to determine if this is part of a broader infrastructure failure requiring escalation to network operations center.
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmnck9iih07reobqerllqu6bb