NETWORKING - VIRTUALIZATION

Cisco IOS-XE Top N Talkers config

In case you need TopN talkers usefull output on Cisco IOS-XE you can try customized config like this one:

flow record TOP-N

match ipv4 source address

match ipv4 destination address

collect interface input

collect interface output

collect counter bytes long

collect counter packets long

 

Then create appropriate monitor:

flow monitor TOP-N

record TOP-N

 

On WAN side implement new flow record:

ip flow monitor TOP-N input

 

For showing appropriate results you need quite a long show command:

show flow monitor TOP-N cache sort highest counter packets...

 

HTH,

Dragan

SIP over NAT configuration in Cisco IOS/IOS-XE

As you maybe know SIP doesn't like NAT :)... especially for IOS/IOS-XE Cisco based devices (ASA for example handle that much, much better). For that reason you need straight config to make it work - for control and audio part of communication. These are required steps in UC CME environment with public SIP account for trunk PSTN access:

- define 1 ACL for udp SIP traffic (port 5060) and RTP audio port match - very probably high value ports:

ip access-list extended UDP_RTP permit udp any any range 8000 65000 permit udp any any eq 5060

- define 1 route-map (for NAT) that uses previosly created ACL:

route-map SIP_NAT permit 10 match ip address UDP_RTP

- define STATIC NAT translation for your inside SIP voice interface (this example uses 192.168.12.x for that purpose):

ip nat inside source static 192.168.12.x [YOUR-PUBLIC-IP] route-map SIP_NAT

Adequate ACL for WAN access and SIP secure communication should be in place if you're using public SIP trunk account of course.

CME voice register global (or telephony service) configuration should be as always - and your SIP trunk should work just fine ;)

 

 

Cisco ASDM unable to launch device...

In case you have problem accessing ASA through ASDM manager which gives you error like "Unable to launch device..." and you already configured everything by the book for ASDM access, then you should check JAVA policies - especially with Java 1.8 - and you can upgrade them so they allow you to use more strict FIPS standard or high ciphers inside your ASA device.

You can download required files from HERE (for Java 1.8) and upload them, instead of existing one, in your Java install folder --> lib --> security.

After that ASDM with enabled strong SSL ciphers should work fine...

Cisco UCS performance manager stops responding!

Occasionally Cisco UCS performance manager (based on Zenoss 5) may stop responding with main serviced daemon inactive - which leads to unresponsive web access and all features...version on which I founded this was 2.0 (but 2.0.1 and 2.0.2 are also the same) of UCS performance manager. Because of that I created small script to check status of service and do an restart - until something better and official came out:

#!/bin/bash

service=serviced

if (( $(ps aux | grep -v grep| grep -v "$0" | grep serviced| wc -l) > 0 ))

then

echo "$service is running!!!"

else

service $service restart

fi

Give it executable rights - chmod +x [name of script] - and schedule it through standard cron job.

Until something better this should do it...

Zimbra mail server check for spammer account

Useful cmd for quick checking compromised account in case of internal spam:

cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

Accont with much difference in sent mails is the one to inspect...

Zimbra open source collaboration mail server installation requirements

These are install requirements that I personally use when I'm playing with lab/production Zimbra open source mail servers:

- CentOS OS (minimal ISO) - base OS for Zimbra installation from https://www.centos.org/download/

- 8GB+ RAM, 10GB+ HDD, 2+ vCPU

Zimbra installation:

DISABLE POSTFIX FROM BASE CENTOS INSTALL WHICH COMES BY DEFAULT - systemctl stop postfix / systemctl remove postfix

disable iptables firewall - assumes you have some other firewall at public side for your mail server

set selinux adequately at /etc/sysconfig/selinux

setup local DNS adequately at /etc/hosts - you must resolve domain names which you are going to use in mail server so that system successfully works - even installer checks for resolvable hostname via DNS

tar xzvf [zcsfilename.tgz] - unpack previosly downloaded file from https://www.zimbra.com/try/zimbra-collaboration-open-source/

cd [zcsfilename]

./install.sh - begin installation process and follow required steps

type X to see complete main menu and additionaly configure items with asterisks (****) - ie admin password!

Admin URL - https://[hostname.example.com]:7071

setup adequate DNS checks in Global settins --> MTA tab!

setup volumes for storing mails in Configure-->Servers-->Volumes - you don't want to use default /opt/zimbra folder!

Useful settings:

- zmcontrol status - all zimbra services display (su - zimbra - so that you execute this cmd as zimbra user)

- zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes

- zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes

- zmprov ms [mtaserver.com] zimbraMtaLmtpHostLookup native - check for attribute inside zimbra ldap

- zmprov mcf zimbraMtaLmtpHostLookup native - in case of single server change in global config also required

- zmmtactl restart

- zmconfigdctl restart

- install webmin, htop tools for quick system support...

Create user accounts and publish A/MX records of your new mail system - it's gonna work...

 

Vicibox contact center installation requirements

These are recommended installation requirements if you need to play with Vicibox open source scalable contact center solution:

- DB server (for up to 150 agents) - 8GB RAM, 240GB+ SSD - ALWAYS INSTALL FIRST IN CLUSTER SETUP FOLLOWING WITH ARCHIVE, WEB AND LAST TELEPHONY SERVER!

- Archive server - 2GB+ RAM, 1TB HDD

- Web server - 4GB+ RAM, 160GB HDD

- Telephony server - 4GB+ RAM, 160GB HDD

OS installation notes (assumes you already downloaded ISO from http://download.vicidial.com/iso/vicibox/server/):

root / vicidial - default login

os-install - Suse OS installation

yast lan - setup properly network and DNS properties

yast firewall - setup properly firewall inside OS

zypper up -y - install updates and reboot after that

yast timezone - setup properly timezone

Vicibox express installation:

vicibox-express - complete express setup

Vicibox cluster installation:

vicibox-install - install required component and reboot after that

Default username / password for accessing vicibox configuration - 6666 / 1234 - CHANGE AFTER INITIAL LOGIN!

Vicibox upgrade procedure:

vicibox-upgrade - start with DB following Web and Telephony server - ALWAY MAKE BACKUP FIRST!

Handy tools after complete setup for OS control:

install webmin - http://www.webmin.com/rpm.html

install htop - zypper in htop

 

vDP 6.1 vcenter web client connection problem

If you have problem connecting newest vDP 6.1.2 appliance with vsphere web client in following circumstances:

- you are using vDS (Nexus 1kV also)

- you migrate everything to standard vswitch and it works like it shoud - THEN

please follow procedure from link below:

http://www.virtuallypeculiar.com/2016/05/unable-to-connect-vdp-61-to-web-client.html

Unable to connect to vCenter appliance with winSCP - please change SFTP environment protocol options in advanced settings to "shell /usr/lib64/ssh/sftp-server" and enable SSH, Shell access in web Admin settings.

It should work like charm...

VMware vSwitch - Cisco port-channeling configuration

Useful type of configurations in case of port-channel needs in VMware environments - these are 3 options for this:

Option I:

- Select “Route based on IP hash” on the vSwitch

- Configure Port channel on the Catalyst switches to bundle the links to the physical adapters.

 

Option II:

- Select “Route based on source MAC hash” as the load balancing method on the vSwitch

- Do not configure port channel on the Cisco Catalyst switches.

 

Option III:

- If “Route based on the originating virtual switch port ID” is used on the vSwitch, do not team the Virtual Ethernet Adapters as Active/Active on the virtual servers - you may use as Active/Standby on the Virtual servers

- Do not configure port channel on the Cisco Catalyst switches.

VMware disk consolidation alarm configuration

If you are using VDP in your environment you will probably from time to time see a need for disk consolidation on some of your VM's. It's not an problem but here is a quick setup how to define an alarm action on this type of problem with Email notification:

- create new alarm in your datacenter with this settings:

>>> Alarm name: something logical

>>> Alarm type: Monitor for specific events occuring on this object...

>>> Enable this alarm - checked

>>> Triggers tab - Add --> com.vmware.vc.VmDiskFailedToConsolidateEvent, status Warning

>>> Actions tab - Send a notification email with settings for "From normal to warning".

Next time you will be notified on provided mails about disk consolidation needs...