CLI Steps to Set Up VPNs With Client Profiles

This example builds on the one provided in Example: Configuring Client Username Accounts.

Using the two previously created client username accounts pascal blue and pascal red assigned to client profile Sales_Access, this example:

  • designates Message VPN blue as the Management Message VPN
  • enables the publishing of syslog events to the message bus on both Message VPNs
  • configures a custom log identification tag as a prefix for syslog events generated against Message VPN red
  • activates the Message VPNs blue, red, and default for service
  1. Designate Message VPN blue as the Management Message VPN through the management-message-vpn CONFIG command, then enable the publishing of some syslog events to the message bus:
    solace> enable
    solace# configure
    solace(configure)# management-message-vpn blue
    solace(configure)# message-vpn blue
    solace(configure/message-vpn)# event
    solace(configure/message-vpn/event)# publish-client
    solace(configure/message-vpn/event)# publish-message-vpn
    solace(configure/message-vpn/event)# publish-subscription
    WARNING: Enabling subscription event message publishing can significantly impact subscription add/remove rates.
    Do you want to continue (y/n)? y
    solace(configure/message-vpn/event)# exit
    solace(configure/message-vpn)# exit
  2. Configure and enable syslog event messages on Message VPN red:
    solace(configure)# message-vpn red
    solace(configure/message-vpn)# event
    solace(configure/message-vpn/event)# subscriptions thresholds set-value 25000 clear-value 15000
    solace(configure/message-vpn/event)# publish-message-vpn
  3. Configure the custom log identification tag “red_apps1” as a prefix for syslog events generated against Message VPN red:
    solace(configure/message-vpn/event)# log-tag red_apps1
    solace(configure/message-vpn/event)# exit
    solace(configure/message-vpn)# exit
    solace(configure)#
  4. Enter the show commands for the Message VPNs blue and red to confirm their creation and configuration:
    solace(configure)# show message-vpn blue

    Message VPN: blue [Management Message VPN]
    Local Status: Down
    Distributed Cache Management: Enabled
    Total Local Unique Subscriptions: 0
    Total Remote Unique Subscriptions: 0
    Total Unique Subscriptions: 0
    Maximum Subscriptions: 5000000
    Local Connections: 0
    Max Connections: 9000
    Service SMF: 9000
    Service Web-Transport: 9000

    Basic Authentication: Enabled
    Auth Type: no authentication
    Auth Profile:
    Radius Domain:
    Client Certificate Authentication: Disabled
    Maximum Chain Depth: 3
    Validate Certificate Dates: Enabled
    Allow API Provided Username: Disabled
    Kerberos Authentication : Disabled
    Allow API Provided Username: Disabled

    SEMP over Message Bus: Enabled
    Admin commands: Enabled
    Client commands: Disabled
    Distributed Cache commands: Disabled
    Show commands: Enabled
    Legacy Show Clear commands: Enabled

    Large Message Threshold: 1024 (KB)
    Event Log Tag:
    Publish Client Event Messages: Enabled
    Publish Message VPN Event Messages: Enabled
    Publish Subscription Event Messages: Enabled
    No unsubscribes on disconnect: Disabled
    Event topic format: v1

    Event Threshold Set Value Clear Value
    ---------------------------------- ---------------- ----------------
    Connections (#conn) 80%(7200) 60%(5400)
    Service SMF 80%(7200) 60%(5400)
    Service Web-Transport 80%(7200) 60%(5400)
    Ingress Message Rate (msg/sec) 4000000 3000000
    Egress Message Rate (msg/sec) 4000000 3000000
    Subscriptions (#subs) 80%(4000000) 60%(3000000)

    solace(configure)# show message-vpn red

    Message VPN: red
    Local Status: Down
    Distributed Cache Management: Enabled
    Total Local Unique Subscriptions: 0
    Total Remote Unique Subscriptions: 0
    Total Unique Subscriptions: 0
    Maximum Subscriptions: 5000000
    Local Connections: 0
    Max Connections: 9000
    Service SMF: 9000
    Service Web-Transport: 9000
    Export Subscriptions: Yes (100% complete)

    Basic Authentication: Enabled
    Auth Type: no authentication
    Auth Profile:
    Radius Domain:
    Client Certificate Authentication: Disabled
    Maximum Chain Depth: 3
    Validate Certificate Dates: Enabled
    Allow API Provided Username: Disabled
    Kerberos Authentication : Disabled
    Allow API Provided Username: Disabled

    Large Message Threshold: 1024 (KB)
    Event Log Tag: red_apps1
    Publish Client Event Messages: Disabled
    Publish Message VPN Event Messages: Enabled
    Publish Subscription Event Messages: Disabled
    No unsubscribes on disconnect: Disabled
    Event topic format: N/A

    Event Threshold Set Value Clear Value
    ---------------------------------- ---------------- ----------------
    Connections (#conn) 80%(7200) 60%(5400)
    Service SMF 80%(7200) 60%(5400)
    Service Web-Transport 80%(7200) 60%(5400)

    Ingress Message Rate (msg/sec) 4000000 3000000
    Egress Message Rate (msg/sec) 4000000 3000000
    Subscriptions (#subs) 25000 15000
  5. Activate the Message VPNs blue, red, and default for service, then use a show command to confirm their activation:
    solace(configure)# message-vpn blue
    solace(configure/message-vpn)# no shutdown
    solace(configure/message-vpn)# exit
    solace(configure)# message-vpn red
    solace(configure/message-vpn)# no shutdown
    solace(configure/message-vpn)# exit
    solace(configure)# message-vpn default
    solace(configure/message-vpn)# no shutdown
    solace(configure/message-vpn)# exit
    solace(configure)# exit
    solace# exit
    solace> show message-vpn *

    Management Message VPN: blue
    Message-VPN Local # Unique Subscriptions # Local
    Status Local Remote Total Conns
    -------------------------------- -------- -------- -------- -------- ------
    blue Up 2 0 2 1
    default Up 2 0 2 1
    red Up 2 0 2 1
  6. Use a show command for client usernames pascal blue and pascal red to confirm the Message VPNs they belong to are enabled:
    solace> show client-username pascal message-vpn *

    Username Message VPN Enabled # Clients
    ------------------------------- ------------------------- ------- ---------
    pascal blue Yes 0
    pascal red Yes 0