Friday 23 September 2016

false "changes in XXX routers" reports Rancid

when control_rancid runs, it actually uses temporary files which are
renamed to routers.{up,down}.  so, the directory must also be writable.


# cd ~rancid
# chown -R rancid .

Thursday 22 September 2016

Install and Configure RSYSLOG


[root@server ~]# yum -y install rsyslog

Configure RSYSLOG

Edit /etc/rsyslog.conf

[root@server ~]# vi /etc/rsyslog.conf

Uncomment below lines

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Restart the syslog service

[root@server ~]# systemctl restart rsyslog.service

Verify the syslog server listening

[root@server ~]# netstat -antup | grep 514
tcp        0      0   *               LISTEN      759/rsyslogd        
tcp6       0      0 :::514                  :::*                    LISTEN      759/rsyslogd        
udp        0      0   *                           759/rsyslogd        
udp6       0      0 :::514                  :::*                                759/rsyslogd        

Client setup:

  1. Log into syslog server
  2. Use an editor to get into the rsyslog config file :  vi /etc/rsyslog.conf (use i to edit) toward the end of the file add the required devices:
:fromhost-ip,isequal,""                      /var/log/devicehostname.log
& ~

  1. Exit from the file (press Esc and say :wq to save/:q! to quit without saving)
  2. Now restart the rsyslog Daemon : service rsyslog restart

Friday 16 September 2016

Site-to-Site VPN in multiple context mode

Site-to-Site VPN in multiple context mode (ASA 9.x)

Before configuring a Site-to-Site VPN in a multiple context mode ASA, you must assign VPN resources to the context. By default, no VPN site-to-site tunnels are allowed and you must manually configure a resource class to allow any VPN sessions, otherwise you will see the message "Tunnel Rejected: The maximum tunnel count allowed has been reached" in IKE debug outputs.

ASA 5550 with base license supports 5000 VPN sessions.
You have two contexts and want to share VPN resources assigning 2000 sessions to each context:
asa/admin(config)# changeto system
asa(config)# class vpn-2000
asa(config-class)# limit-resource vpn other 2000
asa(config-class)# limit-resource vpn burst other 1000
asa(config-class)# exit
asa(config)# context context-a
asa(config-ctx)# member vpn-2000
asa(config)# context context-b
asa(config-ctx)# member vpn-2000

vpn burst other is the number of VPN sessions allowed beyond the amount assigned to a context with vpn other. Unlike vpn other, which guarantees the sessions to the context, vpn burst other can be oversubscribed; the burst pool is available to all contexts on a first-come, first-served basis.

Saturday 3 September 2016

Publisher vs Subscriber

These terms are used when discussing Call manager.  Call manager handles call processing in Cisco's implementation of IP Telephony.  So it is this particular area of VoIP that we would hear the terms publisher and subscriber.  The terms are actually from the Microsoft SQL database that earlier version of call manager utilized.  The publisher is the authoritative database for configuration.  So when changes are made in configuration, they are made on the publisher and replicated to the subscribers.  There is only one publisher and can be multiple subscribers.  If the publisher is unavailable, the phones can re-home themselves to a subscriber in order to continue to be functional. This is an illustration as to how they function, but not necessarily best practice.In best practices, the phones should be actually use subscribers as their primary.It's more like the publisher contains the master database in which changes to configuration is made and replicated to the subscribers.  For scalability, it is normal to point phones to subscribers, since there is only one publisher and can be many subscribers.