* update /A

console-terminal/terminal-specs.mm

@@ -1,31 +0,0 @@
-# 2022 03 19  + published on https://github.com/InstallAndUse/Daily /A
-
-
-<map version="1.0.1">
-<!-- To view this file, download free mind mapping software FreeMind from http://freemind.sourceforge.net -->
-<node CREATED="1555253935586" ID="ID_1537057611" MODIFIED="1555394512297" TEXT="terminal specs">
-<node CREATED="1555253949884" ID="ID_1555219066" MODIFIED="1555253962649" POSITION="right" TEXT="group entry"/>
-<node CREATED="1555253964404" ID="ID_1633704055" MODIFIED="1555253982209" POSITION="left" TEXT="shortcuts">
-<node CREATED="1555253983793" ID="ID_325884402" MODIFIED="1555253988425" TEXT="new terminal"/>
-</node>
-<node CREATED="1555253997035" ID="ID_842572250" MODIFIED="1555254003140" POSITION="right" TEXT="highlight command line"/>
-<node CREATED="1555394513279" ID="ID_136193309" MODIFIED="1555394518539" POSITION="left" TEXT="check">
-<node CREATED="1555394524949" ID="ID_1174041355" MODIFIED="1555394526867" TEXT="cmder">
-<node CREATED="1555395019265" ID="ID_1731522207" MODIFIED="1555395025571" TEXT="did not understood"/>
-</node>
-<node CREATED="1555394536623" ID="ID_1371683289" MODIFIED="1555394539741" TEXT="ConEmu">
-<node CREATED="1555396131075" ID="ID_1087491866" MODIFIED="1555396136380" TEXT="far?"/>
-</node>
-<node CREATED="1555394544475" ID="ID_727270782" MODIFIED="1555394550996" TEXT="MobaXterm"/>
-<node CREATED="1555394556402" ID="ID_300181055" MODIFIED="1555394558090" TEXT="Terminus"/>
-<node CREATED="1555394562224" ID="ID_1706447443" MODIFIED="1555394564648" TEXT="ZOC terminal"/>
-<node CREATED="1555394569981" ID="ID_1721958140" MODIFIED="1555394571225" TEXT="mintty"/>
-<node CREATED="1555394576722" ID="ID_1528812261" MODIFIED="1555394580176" TEXT="putty"/>
-<node CREATED="1555394583918" ID="ID_1458564361" MODIFIED="1555394585507" TEXT="Kitty"/>
-<node CREATED="1555394589841" ID="ID_1005974409" MODIFIED="1555394591997" TEXT="Xshell"/>
-<node CREATED="1555394603168" ID="ID_25209965" MODIFIED="1555394604476" TEXT="babun"/>
-<node CREATED="1555394610599" ID="ID_1082091079" MODIFIED="1555394615240" TEXT="Console2"/>
-<node CREATED="1555394621758" ID="ID_523298542" MODIFIED="1555394623171" TEXT="hyper"/>
-</node>
-</node>
-</map>

initial/hostname.md

@@ -0,0 +1,8 @@
+= openSuSE =
+
+sudo su
+hostnamectl set-hostname [name]
+# takes a while here. to check: 
+hostname
+# to reboot
+shutdown -r now

initial/ssh-server.md

@@ -0,0 +1,9 @@
+= openSuSE =
+
+sudo su
+zypper install openssh
+systemctl start sshd
+systemctl status sshd
+systemctl enable sshd
+firewall-cmd --permanent --add-service=ssh
+firewall-cmd --reload

mail/alpine.md

@@ -1,5 +1,9 @@
 # 2022 03 19  + published on https://github.com/InstallAndUse/Daily /A
 
 
+; - select - T - F . [pattern] - A - D
+$ - sort
+
+
 Books:
 - [Anton's bookshelf](https://og2k.com/books/)

mail/install-fetchmail-ssl-notsigned.md

@@ -1,10 +1,11 @@
 # 2022 03 19  + published on https://github.com/InstallAndUse/Daily /A
 
-(you)@lab2:~$ c_rehash .fetchmail_certs/
-(you)@lab2:~$ mkdir -p .fetchmail/ssl
-(you)@lab2:~$ echo | openssl s_client -connect (server):993 -showcerts 2>/dev/null | sed -ne '/BEGIN CERT/,/END CERT/p' > .fetchmail/ssl/avaruus.pem
-(you)@lab2:~$ openssl x509 -in .fetchmail/ssl/avaruus.pem -noout -md5 -fingerprint
-
+```
+c_rehash .fetchmail_certs/
+mkdir -p .fetchmail/ssl
+echo | openssl s_client -connect (server):993 -showcerts 2>/dev/null | sed -ne '/BEGIN CERT/,/END CERT/p' > .fetchmail/ssl/avaruus.pem
+openssl x509 -in .fetchmail/ssl/avaruus.pem -noout -md5 -fingerprint
+```
 
 
 Books:

networking/cisco/cisco-asa-5505.md

@@ -3,31 +3,143 @@ ciscoasa# show version
 
 # factory defaults
 ? configure factory-default
-confreg 0x2040
-relo
+? confreg 0x2040
+? relo
 
-# reset password
+# factory defaults
 # on console, during boot, hit ESC, enter ROMMON mode
-confreg 0x41
+ciscoasa> confreg 0x41
 boot
 
+# enter config mode, password is empty
+ciscoasa> enable
+ciscoasa> configure terminal
+
 # disable rebooting to normal state again
 ciscoasa(config)# config-register 0x1
 
 # after reboot, password is empty, set enable's password
 # (very strong password, use different admin user to process changes)
-enable password (password)
+# password in plain text
+ciscoasa(config)# enable password (password)
 
-# set hostname, print label, attach to device
-hostname (hostname)
+# save config and reboot
+ciscoasa(config)# write memory
+ciscoasa(config)# reload
 
 # enter config mode
-enable
-configure terminal
+ciscoasa> enable
+ciscoasa> configure terminal
+
+# set hostname, print label, attach to device
+ciscoasa(config) hostname (hostname)
 
+# disable call-home function
 # no callhome, please
-(config)# clear configure call-home
-(config)# no service call-home
+ciscoasa(config)# clear configure call-home
+ciscoasa(config)# no service call-home
+
+# show interfaces
+show interface ip brief
+show switch vlan
+
+# set up interfaces for VLAN interfaces (example: outside-inside)
+
+# if external VLAN is static and known
+ciscoasa(config)# interface vlan 10
+ciscoasa(config-if)# nameif outside
+# change level, if needed
+ciscoasa(config-if)# security-level 0
+ciscoasa(config-if)# ip address 192.168.1.2 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# if external VLAN is dynaminc, unknown and uses DHCP
+ciscoasa(config)# interface vlan 10
+ciscoasa(config-if)# nameif outside
+# change level, if needed
+ciscoasa(config-if)# security-level 0
+# configure interface to use DHCP client and !set default route provided
+ciscoasa(config-if)# ip address dhcp setroute
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# let's set up internal VLAN then (replace your subnet)
+ciscoasa(config)# interface vlan 20
+ciscoasa(config-if)# nameif inside
+ciscoasa(config-if)# ip address 192.168.2.1 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# now let's configure physical ports
+# first one is our uplink (outside)
+ciscoasa(config)# interface ethernet 0/0
+ciscoasa(config-if)# no nameif
+ciscoasa(config-if)# no security-level
+ciscoasa(config-if)# no ip address
+ciscoasa(config-if)# switchport access vlan 10
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# at this point, when cable will be connected to another device (router) with DHCP server:
+# ASA's DHCP client should obtain IP and show it, in my case:
+ciscoasa(config)# show interface vlan 10
+[...]
+         IP address 192.168.1.157, subnet mask 255.255.255.0
+[...]
+
+# let's configure internal physical interfaces (repeat for amount needed)
+ciscoasa(config)# interface ethernet 0/(1...7)
+ciscoasa(config-if)# switchport access vlan 20
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# before internal connected devices begin to get IP addresses, ASA's DHCP server need to be configured
+# DHCP (Assign IP addresses to computers from the ASA device)
+# [Create a DHCP address pool to assign to clients. This address pool must be on the same subnet as the ASA interface]
+ciscoasa(config)# dhcpd address 192.168.1.100-192.168.1.199 inside
+ciscoasa(config)# dhcpd address 192.168.1.100-192.168.1.131 inside
+
+# if DNS client in use, get DNS info from it (from 'outside' VLAN)
+ciscoasa(config)# dhcpd auto_config outside
+
+# optionaly, specific DNS servers can be configured
+ciscoasa(config)# dhcpd dns 8.8.8.8 1.1.1.1
+
+# Enable the DHCP server on the inside interface
+ciscoasa(config)# dhcpd enable inside
+
+# now connected devices should get IP addresses
+# for windows: ipconfig /release, ipconfig /renew
+
+# at this point, good idea to save config and reboot
+# save config and reboot
+ciscoasa(config)# wr m
+ciscoasa(config)# relo
+
+# final check
+ciscoasa(config)# ping outside 8.8.8.8
+
+
+# configuring routing from VLAN 20 to VLAN 10 using NAT
+# Step 5: Configure PAT on the outside interface
+ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
+ciscoasa(config)# global (outside) 1 interface
+
+# for ASA 8.3 and later:
+ciscoasa(config)# object network obj_any
+ciscoasa(config)# subnet 0.0.0.0 0.0.0.0
+ciscoasa(config)# nat (inside,outside) dynamic interface
+
+
+# configuring routing without NAT
+ciscoasa(config)# no nat-control
+ciscoasa(config)# access-list INSIDE_IN extended permit ip any any
+ciscoasa(config)# access-group INSIDE_IN in interface inside
+
+
+
+
 
 # set clock
 ciscoasa# show clock
@@ -42,6 +154,9 @@ hostname(config)# ntp server 10.1.1.1 key 1 prefer
 sh ntp associations
 sh ntp status
 
+
+
+
 # configure DNS
 #  Enables the ASA to send DNS requests to a DNS server to perform a name lookup for supported commands.
 # dns domain-lookup interface_name
@@ -56,9 +171,8 @@ hostname(config)# dns server-group DefaultDNS
 hostname(config-dns-server-group)# name-server 10.1.1.5 192.168.1.67 209.165.201.6
 
 
-# disable call-home function
 
-# Enable Management Access with ASDM
+# if needed, Enable Management Access with ASDM
 # [Location of ASDM image on the ASA]
 ASA(config)# asdm image disk0:/asdm-647.bin
 # [Enable the http server on the device ]
@@ -69,13 +183,8 @@ ASA(config)# http 10.10.10.0 255.255.255.0 inside
 ASA(config)# username admin password adminpass
 
 
-# DHCP (Assign IP addresses to computers from the ASA device)
-# [Create a DHCP address pool to assign to clients. This address pool must be on the same subnet as the ASA interface]
-ciscoasa(config)# dhcpd address 192.168.1.101-192.168.1.110 inside
-# [The DNS servers to assign to clients via DHCP]
-ciscoasa(config)# dhcpd dns 8.8.8.8 8.8.8.8
-# [Enable the DHCP server on the inside interface]
-ciscoasa(config)# dhcpd enable inside
+
+
 
 
 # Permit Traffic Between Same Security Levels
@@ -93,10 +202,13 @@ access-list OUTSIDE-IN line 1 extended permit tcp 100.100.100.0 255.255.255.0 10
 
 # [The show conn command displays the number of active TCP and UDP connections, and provides information about connections of various types.]
 ciscoasa# show conn
+
 # [Shows all the connections through the appliance]
 ciscoasa# show conn all
+
 # [Shows HTTP GET, H323, and SIP connections that are in the “up” state]
 ciscoasa# show conn state up,http_get,h323,sip
+
 # [Shows overall connection counts]
 ciscoasa# show conn count
 54 in use, 123 most used
@@ -140,16 +252,19 @@ Source filename [running-config] ?
 # or (will not ask source)
 ciscoasa# write memory
 
+
 # enable logging
 ASA(config)# logging enable
 ASA(config)# logging timestamp
 ASA(config)# logging buffer-size 65536
 ASA(config)# logging buffered warnings
 ASA(config)# logging asdm errors
+
 # send to syslog, if needed
 ASA(config)# logging host inside 192.168.1.30
 ASA(config)# logging trap errors
 
+
 # permit local aaa
 hostname(config)# aaa authorization exec authentication-server
 
@@ -162,6 +277,7 @@ username (username) nopassword
 username (username) password (password)
 
 # delete user
+? no username
 
 # give user privileges
 username (username) password (password) privilege 15
@@ -175,18 +291,18 @@ ciscoasa(config-username)# exit
 # add ssh access
 ASA#configure terminal
 ASA(config)#domain-name local.local
-     ASA(config)#aaa authentication ssh console LOCAL
 ciscoasa(config)#aaa authentication ssh console LOCAL
-                 aaa authentication ssh console LOCAL
 ciscoasa(config)#crypto key generate rsa modulus 2048
      ASA(config)#crypto key generate rsa general-keys modulus 1024
 ASA(config)#ssh 192.168.1.10 255.255.255.255 inside
 ASA(config)#ssh 0.0.0.0 0.0.0.0 OUTSIDE
 # verify which encryptions are enabled
-
 # connect via ssh (some routers use SSH1)
 show ssh
 
+
+
+
 # Image Software Management
 # [Copy image file from TFTP to Flash of ASA]
 ciscoasa# copy tftp flash
@@ -202,52 +318,18 @@ ciscoasa# copy tftp flash
 # [At next reboot, the firewall will use the software image “asa911-k8.bin” from flash]
 ciscoasa(config)# boot system flash:/asa911-k8.bin
 
-# show interfaces
-show interface ip brief
-show switch vlan
-
-# set up interfaces for VLAN interfaces (example: outside-inside)
-ciscoasa(config)# interface Vlan 10
-ciscoasa(config-if)# nameif outside
-ciscoasa(config-if)# security-level 80
-ciscoasa(config-if)# ip address 192.168.100.77 255.225.255.0
-ciscoasa(config-if)# no shutdown
-ciscoasa(config-if)# exit
-
-ciscoasa(config)# interface Vlan 20
-ciscoasa(config-if)# nameif lab5
-ciscoasa(config-if)# security-level 90
-ciscoasa(config-if)# ip address 192.168.2.1 255.225.255.0
-ciscoasa(config-if)# no shutdown
-ciscoasa(config-if)# exit
 
-ciscoasa(config)# interface Ethernet 0/0
-ciscoasa(config-if)# no nameif
-ciscoasa(config-if)# no security-level
-ciscoasa(config-if)# no ip address
-ciscoasa(config-if)# switchport access vlan 10
-ciscoasa(config-if)# no shutdown
-ciscoasa(config-if)# exit
 
+# Power over Ethernet
 # (same for 0/6 PoE, deskphone)
 ciscoasa(config)# interface Ethernet 0/6
 
-# Step 5: Configure PAT on the outside interface
-ASA5505(config)# global (outside) 1 interface
-ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0
-
-# for ASA 8.3 and later:
-object network obj_any
-subnet 0.0.0.0 0.0.0.0
-nat (inside,outside) dynamic interface
-
 # to check PoE status
 show power inline
 
-# configure interface to use DHCP client and set default route provided
-ciscoasa(config-if)# ip address dhcp setroute
 
-show nameif
+
+
 
 # trunk port
 show interfaces trunk
@@ -293,35 +375,29 @@ hostname(config)# same-security-traffic permit inter-interface
 
 
 
-# The absolutely necessary Interface Sub-commands that you need to configure in order for the interface to pass traffic are the following:
-# Assigns a name to an interface
-nameif “interface name”
-# Assigns an IP address to the interface
-ip address “ip_address” “subnet_mask”
-# Assigns a security level to the interface
-security-level “number 0 to 100”
-# By default all interfaces are shut down, so enable them.
-no shutdown
 
 
 
-# Network Address Translation (NAT)
+
+
+# ? Network Address Translation (NAT)
 [Configure PAT for internal LAN (192.168.1.0/24) to access the Internet using the outside interface]
 ciscoasa(config)# object network internal_lan
 ciscoasa(config-network-object)# subnet 192.168.1.0 255.255.255.0
 ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
 
-# [Configure PAT for all (“any”) networks to access the Internet using the outside interface]
+
+# ? [Configure PAT for all (“any”) networks to access the Internet using the outside interface]
 ciscoasa(config)# object network obj_any
 ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
 ciscoasa(config-network-object)# nat  (any,outside) dynamic interface
 
-# [Configure static NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone]
+# ? [Configure static NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone]
 ciscoasa(config)# object network web_server_static
 ciscoasa(config-network-object)# host 192.168.1.1
 ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1
 
-# [Configure static Port NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone only for port 80]
+# ? [Configure static Port NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone only for port 80]
 ciscoasa(config)# object network web_server_static
 ciscoasa(config-network-object)# host 192.168.1.1
 ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1 service tcp 80 80
@@ -430,16 +506,17 @@ show capture capin
 # general commands
 show run | include route
 
-# enable unsupported tranceiver
+# enable unsupported (SFP) tranceiver
 service unsupported-transceiver
 no errdisable detect cause gbic-invalid
 
-
-
 # save (commit)
 write mem
 
 
+
+
+
 # set up VPN
 # [show details about IPSEC VPNs like packets encrypted/decrypted, tunnel peers etc]
 ciscoasa# show crypto ipsec sa

networking/cisco/cisco-asa.md

@@ -0,0 +1,413 @@
+## CISCO ASA 5505
+ciscoasa# show version
+
+# factory defaults
+? configure factory-default
+confreg 0x2040
+relo
+
+# disable call-home function
+
+Enable Management Access with ASDM
+ASA(config)# asdm image disk0:/asdm-647.bin
+[Location of ASDM image on the ASA]
+ASA(config)# http server enable
+[Enable the http server on the device ]
+ASA(config)# http 10.10.10.0 255.255.255.0 inside
+[Tell the device which IP addresses are allowed to connect with HTTP (ASDM)]
+ASA(config)#username admin password adminpass
+[Configure user/pass to login with ASDM]
+
+# DHCP
+DHCP (Assign IP addresses to computers from the ASA device)
+ciscoasa(config)# dhcpd address 192.168.1.101-192.168.1.110 inside
+[Create a DHCP address pool to assign to clients. This address pool must be on the same subnet as the ASA interface]
+ciscoasa(config)# dhcpd dns 209.165.201.2 209.165.202.129
+[The DNS servers to assign to clients via DHCP]
+ciscoasa(config)# dhcpd enable inside
+[Enable the DHCP server on the inside interface]
+
+
+Permit Traffic Between Same Security Levels
+ciscoasa(config)# same-security-traffic permit inter-interface
+[Permits communication between different interfaces that have the same security level.]
+ciscoasa(config)# same-security-traffic permit intra-interface
+[Permits traffic to enter and exit the same interface.]
+
+
+Useful Verification and Troubleshooting Commands
+ciscoasa# show access-list OUTSIDE-IN
+[Shows hit-counts on ACL with name “OUTSIDE-IN”. It shows how many hits each entry has on the ACL]
+    Sample output:
+    access-list OUTSIDE-IN line 1 extended permit tcp 100.100.100.0 255.255.255.0 10.10.10.0 255.255.255.0 eq telnet (hitcnt=15) 0xca10ca21
+
+
+ciscoasa# show conn
+[The show conn command displays the number of active TCP and UDP connections, and provides information about connections of various types.]
+ciscoasa# show conn all
+[Shows all the connections through the appliance]
+ciscoasa# show conn state up,http_get,h323,sip
+[Shows HTTP GET, H323, and SIP connections that are in the “up” state]
+ciscoasa# show conn count
+54 in use, 123 most used
+[Shows overall connection counts]
+
+ciscoasa# show cpu usage
+[show CPU utilization]
+ciscoasa# show disk
+[List the contents of the internal flash disk of the ASA]
+ciscoasa# show environment
+[Displays operating information about hardware system components such as CPU, fans, power supply, temperature etc]
+ciscoasa# show memory
+[Displays maximum physical memory and current free memory]
+
+ciscoasa# show failover
+[Displays information about Active/Standby failover status]
+ciscoasa# show interface
+[Shows information about Interfaces, such as line status, packets received/sent, IP address etc]
+ciscoasa# show local-host
+[Displays the network states of local hosts. A local-host is created for any host that forwards traffic to, or through, the ASA.]
+
+
+ciscoasa# show route
+[Displays the routing table]
+
+
+ciscoasa# show xlate
+[Displays information about NAT sessions]
+
+
+
+
+# reset password
+# on console, during boot, hit ESC, enter ROMMON mode
+confreg 0x41
+boot
+# after reboot, password is empty, set enable's password
+# (very strong password, use different admin user to process changes)
+enable password (password)
+
+# enter config mode
+enable
+configure terminal
+
+# show configs
+ciscoasa# show startup-config
+ciscoasa# show running-config
+
+# set hostname, print label, attach to device
+hostname (hostname)
+
+# set clock
+ciscoasa# show clock
+ciscoasa# clock set 07:29:00 May 06 2019
+ciscoasa(config)# clock timezone UTC +3
+# if DST presents
+ciscoasa(config)# clock summer-time MST recurring 1 Sunday April 2:00 last Sunday October 2:00
+
+# enable logging
+ASA(config)# logging enable
+ASA(config)# logging timestamp
+ASA(config)# logging buffer-size 65536
+ASA(config)# logging buffered warnings
+ASA(config)# logging asdm errors
+# send to syslog, if needed
+ASA(config)# logging host inside 192.168.1.30
+ASA(config)# logging trap errors
+
+# save configs to memory
+ciscoasa# copy run start
+Source filename [running-config] ?
+# [enter] to confirm
+# or (will not ask source)
+ciscoasa# write memory
+
+# add user
+username (username) nopassword
+username (username) password (password)
+
+# permit local aaa
+hostname(config)# aaa authorization exec authentication-server
+
+# list users
+
+# change password of user
+
+# delete user
+
+# give user privileges
+username (username) password (password) privilege 15
+username (username) attributes
+ciscoasa(config-username)# service-type admin
+ciscoasa(config-username)# service-type nas-prompt
+ciscoasa(config-username)# service-type remote-access
+ciscoasa(config-username)# exit
+
+
+# add SSH access
+ASA#configure terminal
+ASA(config)#domain-name local.local
+     ASA(config)#aaa authentication ssh console LOCAL
+ciscoasa(config)#aaa authentication ssh console LOCAL
+                 aaa authentication ssh console LOCAL
+crypto key generate rsa modulus 2048
+      ASA(config)#crypto key generate rsa general-keys modulus 1024
+                  crypto key generate rsa modulus modulus_size
+ciscoasa(config)# crypto key generate rsa modulus 2048
+ASA(config)#ssh 192.168.1.10 255.255.255.255 inside
+ASA(config)#ssh 0.0.0.0 0.0.0.0 OUTSIDE
+# verify which encryptions are enabled
+show ssh
+# connect via ssh (some routers use (old) SSH1)
+
+
+# download file (firmware, config) from device
+Image Software Management
+ciscoasa# copy tftp flash
+[Copy image file from TFTP to Flash of ASA]
+ciscoasa#config term
+ciscoasa(config)# boot system flash:/asa911-k8.bin
+[At next reboot, the firewall will use the software image “asa911-k8.bin” from flash]
+
+# upload file
+
+# copy file to USB
+
+# copy file from USB
+
+# upgrade firmware
+
+
+# show interfaces
+show interface ip brief
+show switch vlan
+
+# set up interfaces (example: outside-inside)
+ciscoasa(config)# interface Vlan 10
+ciscoasa(config-if)# nameif outside
+ciscoasa(config-if)# security-level 80
+ciscoasa(config-if)# ip address 192.168.100.77 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+ciscoasa(config)# interface Vlan 20
+ciscoasa(config-if)# nameif lab5
+ciscoasa(config-if)# security-level 90
+ciscoasa(config-if)# ip address 192.168.2.1 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+ciscoasa(config)# interface Ethernet 0/0
+ciscoasa(config-if)# no nameif
+ciscoasa(config-if)# no security-level
+ciscoasa(config-if)# no ip address
+ciscoasa(config-if)# switchport access 10
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# (same for 0/6 PoE, deskphone)
+ciscoasa(config)# interface Ethernet 0/6
+# to check PoE status
+show power inline
+
+ciscoasa(config)# interface Ethernet 0/1
+ciscoasa(config-if)# no nameif
+ciscoasa(config-if)# no security-level
+ciscoasa(config-if)# no ip address
+ciscoasa(config-if)# switchport access 20
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# routing (traffic to modem of ISP)
+ciscoasa(config-if)# route outside 0.0.0.0 0.0.0.0 192.168.100.1 1
+
+# same level security traffic
+hostname(config)# same-security-traffic permit inter-interface
+
+# set up VPN
+ciscoasa# show crypto ipsec sa
+[show details about IPSEC VPNs like packets encrypted/decrypted, tunnel peers etc]
+ciscoasa# show crypto isakmp sa
+[show details if an IPSEC VPN tunnel is up or not. MM_ACTIVE means the tunnel is up]
+
+
+
+
+
+The absolutely necessary Interface Sub-commands that you need to configure in order for the interface to pass traffic are the following:
+    nameif “interface name”: Assigns a name to an interface
+    ip address “ip_address” “subnet_mask” : Assigns an IP address to the interface
+    security-level “number 0 to 100” : Assigns a security level to the interface
+    no shutdown : By default all interfaces are shut down, so enable them.
+
+Static and Default Routes
+ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 100.1.1.1
+MORE READING:  Cisco ASA Firewall in Transparent Layer2 Mode
+[Configure a default route via the “outside” interface with gateway IP of 100.1.1.1 ]
+
+ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 192.168.1.1
+[Configure a static route via the “inside” interface. To reach network 192.168.2.0/24 go via gateway IP 192.168.1.1 ]
+
+Network Address Translation (NAT)
+ciscoasa(config)# object network internal_lan
+ciscoasa(config-network-object)# subnet 192.168.1.0 255.255.255.0
+ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
+[Configure PAT for internal LAN (192.168.1.0/24) to access the Internet using the outside interface]
+
+ciscoasa(config)# object network obj_any
+ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
+ciscoasa(config-network-object)# nat  (any,outside) dynamic interface
+[Configure PAT for all (“any”) networks to access the Internet using the outside interface]
+
+ciscoasa(config)# object network web_server_static
+ciscoasa(config-network-object)# host 192.168.1.1
+ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1
+[Configure static NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone]
+
+ciscoasa(config)# object network web_server_static
+ciscoasa(config-network-object)# host 192.168.1.1
+ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1 service tcp 80 80
+[Configure static Port NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone only for port 80]
+
+
+FIREWALL
+Access Control Lists (ACL)
+
+# show
+show run access-list (host)
+show access-list (host)
+
+[Apply the ACL above at the “outside” interface for traffic coming “in” the interface]
+ciscoasa(config)# access-group OUTSIDE_IN in interface outside
+ciscoasa(config)# access-group INSIDE_IN in interface inside
+
+[Create an ACL to allow TCP access from “any” source IP to host 192.168.1.1 port 80]
+ciscoasa(config)# access-list OUTSIDE_IN extended permit tcp any host 192.168.1.1 eq 80
+
+[Create an ACL to deny all traffic from host 192.168.1.1 to any destination and allow everything else. This ACL is then applied at the “inside” interface for traffic coming “in” the interface]
+ciscoasa(config)# access-list INSIDE_IN extended deny ip host 192.168.1.1 any
+ciscoasa(config)# access-list INSIDE_IN extended permit ip any any
+
+
+Object Groups
+
+ciscoasa(config)# object-group network WEB_SRV
+ciscoasa(config-network)# network-object host 192.168.1.1
+ciscoasa(config-network)# network-object host 192.168.1.2
+[Create a network group having two hosts (192.168.1.1 and 192.168.1.2). This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# object-group network DMZ_SUBNETS
+ciscoasa(config-network)# network-object 10.1.1.0 255.255.255.0
+ciscoasa(config-network)# network-object 10.2.2.0 255.255.255.0
+[Create a network group having two subnets (10.1.1.0/24 and 10.2.2.0/24). This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# object-group service DMZ_SERVICES tcp
+ciscoasa(config-service)# port-object eq http
+ciscoasa(config-service)# port-object eq https
+ciscoasa(config-service)# port-object range 21 23
+[Create a service group having several ports. This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# access-list OUTSIDE-IN extended  permit tcp any object-group DMZ_SUBNETS object-group DMZ_SERVICES
+[Example of using object groups in ACLs]
+
+
+```
+# create group
+(config)# object-group network (hostgroup)
+
+# add object into group
+(config-network-object-group)# network-object object (newhost)
+
+# show objects
+show object-group network
+exit
+
+# edit objects
+object network (newhost)
+host (ip)
+```
+
+
+# CISCO FIREWALL:
+
+# enable SSH
+https://www.opentechguides.com/how-to/article/cisco/39/Cisco-configure-ssh.html
+
+
+# LOGIN
+enable
+pass again
+
+# CONFIGURE MODE
+configure terminal
+
+# CHECKING EXISTING
+show running-config | include (ip-from)
+show running-config | include (ip-to)
+show access-list outside_in
+show run | include (ip)
+show (ip)
+
+# interfaces
+show interfaces status
+
+# edit in editor, paste
+configure terminal
+
+# access-groups
+show configuration | include access-group
+ip access-group access-list-name {in | out}
+no ip access-group access-list-name {in | out}
+
+# let host out:
+access-list (zone) extended permit udp host (ip) host (ip) eq (port)
+access-list (zone) extended permit tcp host (ip) host (ip) eq (port)
+access-list (zone) extended permit tcp any4 host (ip) eq https
+
+# write configuration
+wr (copy running-config startup-config)
+wr
+write mem
+
+# capturing
+capture capin interface outside match tcp host (host) host (host) eq (port)
+show capture
+show capture capin
+
+# general commands
+show run | include route
+
+# enable unsupported tranceiver
+service unsupported-transceiver
+no errdisable detect cause gbic-invalid
+
+# trunk port
+show interfaces trunk
+(config-if)#interface gigabitEthernet 0/23
+(config-if)#description Trunk port to (host)
+(config-if)#switchport mode trunk
+(config-if)#switchport trunk allowed vlan all
+(config-if)#switchport trunk allowed vlan 2-4094
+no shutdown
+
+# access port
+(config)#interface gigabitEthernet 0/23
+(config-if)#description (host)
+(config-if)#switchport mode access
+(config-if)#switchport access vlan 128
+(config-if)#no shutdown
+
+# save (commit)
+write mem
+
+
+
+
+
+
+### sources:
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config.html
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_aaa.html
+
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/interface-basic-5505.pdf
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/route_static.pdf

networking/cisco/cisco-asa2.md

@@ -0,0 +1,484 @@
+## CISCO ASA 5505
+ciscoasa# show version
+
+# factory defaults
+? configure factory-default
+confreg 0x2040
+relo
+
+# disable call-home function
+
+Enable Management Access with ASDM
+```
+ASA(config)# asdm image disk0:/asdm-647.bin
+```
+[Location of ASDM image on the ASA]
+```
+ASA(config)# http server enable
+```
+[Enable the http server on the device ]
+```
+ASA(config)# http 10.10.10.0 255.255.255.0 inside
+```
+[Tell the device which IP addresses are allowed to connect with HTTP (ASDM)]
+```
+ASA(config)#username admin password adminpass
+```
+[Configure user/pass to login with ASDM]
+
+# DHCP
+DHCP (Assign IP addresses to computers from the ASA device)
+```
+ciscoasa(config)# dhcpd address 192.168.1.101-192.168.1.110 inside
+```
+[Create a DHCP address pool to assign to clients. This address pool must be on the same subnet as the ASA interface]
+```
+ciscoasa(config)# dhcpd dns 209.165.201.2 209.165.202.129
+```
+[The DNS servers to assign to clients via DHCP]
+```
+ciscoasa(config)# dhcpd enable inside
+```
+[Enable the DHCP server on the inside interface]
+
+
+Permit Traffic Between Same Security Levels
+```
+ciscoasa(config)# same-security-traffic permit inter-interface
+```
+[Permits communication between different interfaces that have the same security level.]
+```
+ciscoasa(config)# same-security-traffic permit intra-interface
+```
+[Permits traffic to enter and exit the same interface.]
+
+
+Useful Verification and Troubleshooting Commands
+```
+ciscoasa# show access-list OUTSIDE-IN
+```
+[Shows hit-counts on ACL with name “OUTSIDE-IN”. It shows how many hits each entry has on the ACL]
+    Sample output:
+    access-list OUTSIDE-IN line 1 extended permit tcp 100.100.100.0 255.255.255.0 10.10.10.0 255.255.255.0 eq telnet (hitcnt=15) 0xca10ca21
+
+
+```
+ciscoasa# show conn
+```
+[The show conn command displays the number of active TCP and UDP connections, and provides information about connections of various types.]
+```
+ciscoasa# show conn all
+```
+[Shows all the connections through the appliance]
+```
+ciscoasa# show conn state up,http_get,h323,sip
+```
+[Shows HTTP GET, H323, and SIP connections that are in the “up” state]
+```
+ciscoasa# show conn count
+```
+54 in use, 123 most used
+[Shows overall connection counts]
+
+```
+ciscoasa# show cpu usage
+```
+[show CPU utilization]
+```
+ciscoasa# show disk
+```
+[List the contents of the internal flash disk of the ASA]
+```
+ciscoasa# show environment
+```
+[Displays operating information about hardware system components such as CPU, fans, power supply, temperature etc]
+```
+ciscoasa# show memory
+```
+[Displays maximum physical memory and current free memory]
+
+```
+ciscoasa# show failover
+```
+[Displays information about Active/Standby failover status]
+```
+ciscoasa# show interface
+```
+[Shows information about Interfaces, such as line status, packets received/sent, IP address etc]
+```
+ciscoasa# show local-host
+```
+[Displays the network states of local hosts. A local-host is created for any host that forwards traffic to, or through, the ASA.]
+
+
+```
+ciscoasa# show route
+```
+[Displays the routing table]
+
+
+```
+ciscoasa# show xlate
+```
+[Displays information about NAT sessions]
+
+
+
+
+# reset password
+# on console, during boot, hit ESC, enter ROMMON mode
+```
+confreg 0x41
+boot
+```
+# after reboot, password is empty, set enable's password
+# (very strong password, use different admin user to process changes)
+```
+enable password (password)
+```
+
+# enter config mode
+```
+enable
+configure terminal
+```
+
+# show configs
+```
+ciscoasa# show startup-config
+ciscoasa# show running-config
+```
+
+# set hostname, print label, attach to device
+```
+hostname (hostname)
+```
+
+# set clock
+```
+ciscoasa# show clock
+ciscoasa# clock set 07:29:00 May 06 2019
+ciscoasa(config)# clock timezone UTC +3
+```
+# if DST presents
+```
+ciscoasa(config)# clock summer-time MST recurring 1 Sunday April 2:00 last Sunday October 2:00
+```
+
+# enable logging
+```
+ASA(config)# logging enable
+ASA(config)# logging timestamp
+ASA(config)# logging buffer-size 65536
+ASA(config)# logging buffered warnings
+ASA(config)# logging asdm errors
+# send to syslog, if needed
+ASA(config)# logging host inside 192.168.1.30
+ASA(config)# logging trap errors
+```
+
+# save configs to memory
+```
+ciscoasa# copy run start
+```
+Source filename [running-config] ?
+# [enter] to confirm
+# or (will not ask source)
+```
+ciscoasa# write memory
+```
+
+# add user and change password of user
+```
+username (username) nopassword
+username (username) password (password)
+```
+
+# permit local aaa
+```
+hostname(config)# aaa authorization exec authentication-server
+```
+
+# list users
+```
+show running-config username
+```
+
+# delete user
+
+# give user privileges
+```
+username (username) password (password) privilege 15
+username (username) attributes
+ciscoasa(config-username)# service-type admin
+ciscoasa(config-username)# service-type nas-prompt
+ciscoasa(config-username)# service-type remote-access
+ciscoasa(config-username)# exit
+```
+
+
+# add ssh access
+ASA#configure terminal
+ASA(config)#domain-name local.local
+     ASA(config)#aaa authentication ssh console LOCAL
+ciscoasa(config)#aaa authentication ssh console LOCAL
+                 aaa authentication ssh console LOCAL
+crypto key generate rsa modulus 2048
+      ASA(config)#crypto key generate rsa general-keys modulus 1024
+                  crypto key generate rsa modulus modulus_size
+ciscoasa(config)# crypto key generate rsa modulus 2048
+ASA(config)#ssh 192.168.1.10 255.255.255.255 inside
+ASA(config)#ssh 0.0.0.0 0.0.0.0 OUTSIDE
+# verify which encryptions are enabled
+show ssh
+# connect via ssh (some routers use SSH1)
+
+# download file (firmware, config) from device
+Image Software Management
+ciscoasa# copy tftp flash
+[Copy image file from TFTP to Flash of ASA]
+ciscoasa#config term
+ciscoasa(config)# boot system flash:/asa911-k8.bin
+[At next reboot, the firewall will use the software image “asa911-k8.bin” from flash]
+
+# upload file
+
+# copy file to USB
+
+# copy file from USB
+
+# upgrade firmware
+
+# show interfaces
+show interface ip brief
+show switch vlan
+
+# set up interfaces (example: outside-inside)
+ciscoasa(config)# interface Vlan 10
+ciscoasa(config-if)# nameif outside
+ciscoasa(config-if)# security-level 80
+ciscoasa(config-if)# ip address 192.168.100.77 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+ciscoasa(config)# interface Vlan 20
+ciscoasa(config-if)# nameif lab5
+ciscoasa(config-if)# security-level 90
+ciscoasa(config-if)# ip address 192.168.2.1 255.225.255.0
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+ciscoasa(config)# interface Ethernet 0/0
+ciscoasa(config-if)# no nameif
+ciscoasa(config-if)# no security-level
+ciscoasa(config-if)# no ip address
+ciscoasa(config-if)# switchport access 10
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# (same for 0/6 PoE, deskphone)
+ciscoasa(config)# interface Ethernet 0/6
+# to check PoE status
+show power inline
+
+ciscoasa(config)# interface Ethernet 0/1
+ciscoasa(config-if)# no nameif
+ciscoasa(config-if)# no security-level
+ciscoasa(config-if)# no ip address
+ciscoasa(config-if)# switchport access 20
+ciscoasa(config-if)# no shutdown
+ciscoasa(config-if)# exit
+
+# routing (traffic to modem of ISP)
+ciscoasa(config-if)# route outside 0.0.0.0 0.0.0.0 192.168.100.1 1
+
+# same level security traffic
+hostname(config)# same-security-traffic permit inter-interface
+
+# set up VPN
+ciscoasa# show crypto ipsec sa
+[show details about IPSEC VPNs like packets encrypted/decrypted, tunnel peers etc]
+ciscoasa# show crypto isakmp sa
+[show details if an IPSEC VPN tunnel is up or not. MM_ACTIVE means the tunnel is up]
+
+
+
+
+
+The absolutely necessary Interface Sub-commands that you need to configure in order for the interface to pass traffic are the following:
+    nameif “interface name”: Assigns a name to an interface
+    ip address “ip_address” “subnet_mask” : Assigns an IP address to the interface
+    security-level “number 0 to 100” : Assigns a security level to the interface
+    no shutdown : By default all interfaces are shut down, so enable them.
+
+Static and Default Routes
+ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 100.1.1.1
+MORE READING:  Cisco ASA Firewall in Transparent Layer2 Mode
+[Configure a default route via the “outside” interface with gateway IP of 100.1.1.1 ]
+
+ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 192.168.1.1
+[Configure a static route via the “inside” interface. To reach network 192.168.2.0/24 go via gateway IP 192.168.1.1 ]
+
+Network Address Translation (NAT)
+ciscoasa(config)# object network internal_lan
+ciscoasa(config-network-object)# subnet 192.168.1.0 255.255.255.0
+ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
+[Configure PAT for internal LAN (192.168.1.0/24) to access the Internet using the outside interface]
+
+ciscoasa(config)# object network obj_any
+ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
+ciscoasa(config-network-object)# nat  (any,outside) dynamic interface
+[Configure PAT for all (“any”) networks to access the Internet using the outside interface]
+
+ciscoasa(config)# object network web_server_static
+ciscoasa(config-network-object)# host 192.168.1.1
+ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1
+[Configure static NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone]
+
+ciscoasa(config)# object network web_server_static
+ciscoasa(config-network-object)# host 192.168.1.1
+ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1 service tcp 80 80
+[Configure static Port NAT. The private IP 192.168.1.1 in DMZ will be mapped statically to public IP 100.1.1.1 in outside zone only for port 80]
+
+
+FIREWALL
+Access Control Lists (ACL)
+
+# show
+show run access-list (host)
+show access-list (host)
+
+[Apply the ACL above at the “outside” interface for traffic coming “in” the interface]
+ciscoasa(config)# access-group OUTSIDE_IN in interface outside
+ciscoasa(config)# access-group INSIDE_IN in interface inside
+
+[Create an ACL to allow TCP access from “any” source IP to host 192.168.1.1 port 80]
+ciscoasa(config)# access-list OUTSIDE_IN extended permit tcp any host 192.168.1.1 eq 80
+
+[Create an ACL to deny all traffic from host 192.168.1.1 to any destination and allow everything else. This ACL is then applied at the “inside” interface for traffic coming “in” the interface]
+ciscoasa(config)# access-list INSIDE_IN extended deny ip host 192.168.1.1 any
+ciscoasa(config)# access-list INSIDE_IN extended permit ip any any
+
+
+Object Groups
+
+ciscoasa(config)# object-group network WEB_SRV
+ciscoasa(config-network)# network-object host 192.168.1.1
+ciscoasa(config-network)# network-object host 192.168.1.2
+[Create a network group having two hosts (192.168.1.1 and 192.168.1.2). This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# object-group network DMZ_SUBNETS
+ciscoasa(config-network)# network-object 10.1.1.0 255.255.255.0
+ciscoasa(config-network)# network-object 10.2.2.0 255.255.255.0
+[Create a network group having two subnets (10.1.1.0/24 and 10.2.2.0/24). This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# object-group service DMZ_SERVICES tcp
+ciscoasa(config-service)# port-object eq http
+ciscoasa(config-service)# port-object eq https
+ciscoasa(config-service)# port-object range 21 23
+[Create a service group having several ports. This group can be used in other configuration commands such as ACLs]
+
+ciscoasa(config)# access-list OUTSIDE-IN extended  permit tcp any object-group DMZ_SUBNETS object-group DMZ_SERVICES
+[Example of using object groups in ACLs]
+
+
+```
+# create group
+(config)# object-group network (hostgroup)
+
+# add object into group
+(config-network-object-group)# network-object object (newhost)
+
+# show objects
+show object-group network
+exit
+
+# edit objects
+object network (newhost)
+host (ip)
+```
+
+
+# CISCO FIREWALL:
+
+# enable SSH
+https://www.opentechguides.com/how-to/article/cisco/39/Cisco-configure-ssh.html
+
+
+# LOGIN
+enable
+pass again
+
+# CONFIGURE MODE
+configure terminal
+
+# CHECKING EXISTING
+show running-config | include (ip-from)
+show running-config | include (ip-to)
+show access-list outside_in
+show run | include (ip)
+show (ip)
+
+# interfaces
+show interfaces status
+
+# edit in editor, paste
+configure terminal
+
+# access-groups
+show configuration | include access-group
+ip access-group access-list-name {in | out}
+no ip access-group access-list-name {in | out}
+
+# let host out:
+access-list (zone) extended permit udp host (ip) host (ip) eq (port)
+access-list (zone) extended permit tcp host (ip) host (ip) eq (port)
+access-list (zone) extended permit tcp any4 host (ip) eq https
+
+# write configuration
+wr (copy running-config startup-config)
+wr
+write mem
+
+# capturing
+capture capin interface outside match tcp host (host) host (host) eq (port)
+show capture
+show capture capin
+
+# general commands
+show run | include route
+
+# enable unsupported tranceiver
+service unsupported-transceiver
+no errdisable detect cause gbic-invalid
+
+# trunk port
+show interfaces trunk
+(config-if)#interface gigabitEthernet 0/23
+(config-if)#description Trunk port to (host)
+(config-if)#switchport mode trunk
+(config-if)#switchport trunk allowed vlan all
+(config-if)#switchport trunk allowed vlan 2-4094
+no shutdown
+
+# access port
+(config)#interface gigabitEthernet 0/23
+(config-if)#description (host)
+(config-if)#switchport mode access
+(config-if)#switchport access vlan 128
+(config-if)#no shutdown
+
+# save (commit)
+write mem
+
+
+
+
+
+
+### sources:
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config.html
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_aaa.html
+
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/interface-basic-5505.pdf
+https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/route_static.pdf

networking/cisco/cisco-router.md

@@ -0,0 +1,6 @@
+``
+sh ip bgp (ip)
+show run | section bgp
+clear ip bgp * soft in
+clear ip bgp * soft out
+```

networking/cisco/cisco-switch.md

@@ -0,0 +1,123 @@
+# cisco switch
+
+# users
+show user-account
+show running-config | include username
+
+enter config mode
+```
+confugure terminal
+```
+
+create users
+```
+username (user) privilege 15 password (encrypted-password)
+username (user) privilege 15 password 0 (plain-password)
+
+username (user) role network-admin
+username (user) password (pass)
+```
+
+remove user
+```
+#no username (user)
+```
+
+remember to save settings
+```
+#copy running-config startup-config
+```
+
+#
+# interfaces
+#
+
+show int desc
+show int stats
+show int status
+show vlanico  ne
+
+
+
+conf term
+
+
+# remove interfaces
+default interface (if)
+interface (if)
+shutdown
+exit
+
+# enable interface
+int gi0/7
+  sw access vlan 777
+  no shut
+  desc (description)
+exit
+C+z
+
+# configuring several
+interface ethernet 4/17, ethernet 4/19, ethernet 4/21, ethernet 4/23
+
+# save config
+write mem
+copy running-config startup-config
+copy run start
+
+
+
+
+
+How to recover/set/change enable password ?
+
+Unplug the power cable to the switch.
+
+Step 4: Press and hold the MODE button on the front of the switch and plug the power cable back into the switch at the same. After the power cable has been plugged in, wait a couple of seconds and then release the MODE button.
+
+Step 5: Your display on your HyperTerminal should look like this… switch:
+
+Step 6: Enter these commands into the switch
+```
+switch: flash_init
+# switch: load_helper
+# switch: dir flash:
+```
+Directory of flash:
+```
+13 drwx   192 Mar 01 1993 22:30:48 c2960-mz-124-0.0.53
+11 -rwx   5825 Mar 01 1993 22:31:59 config.text
+18 -rwx   720 Mar 01 1993 02:21:30 vlan.da
+
+switch: rename flash:config.text flash:config.text.old
+switch: boot
+```
+Step 7: Once the switch reboots, answer NO to “Would you like to enter system configuration dialog? [Yes/No]:
+
+Step 8: Get into the privilege prompt.
+```
+Switch>enable
+# Switch#rename flash:config.text.old flash:config.text
+Switch#copy flash:config.text.original system:running-config
+# Switch#copy flash:config.text system:running-config
+Source filename [config.text]?
+Destination filename [running-config]?
+Press Enter to copy
+```
+Step 9: Get into global configuration
+```
+Switch#conf t
+Switch (config)#enable secret password
+```
+Enter the password you would like
+
+Step 10: Return to Privilege mode and save your config
+
+```
+Switch (config)#exit
+Switch#copy run start
+```
+
+Step 11: reload switch
+```
+reload
+```

networking/fortinet/fortigate.md

@@ -0,0 +1,20 @@
+# Basic CLI commands
+
+```bash
+get system status
+show full-configuration system interface (port)
+show system interface (port)
+```
+
+
+
+get help with question mark
+```
+execute backup ?
+```
+
+
+
+create separate different admin user(s)
+```
+```

networking/junos/date-time-and-ntp.md

@@ -0,0 +1,4 @@
+-"how much watch? for whom how. MGIMO?" :)
+```
+show system uptime
+```

networking/junos/juniper-firewall.md

@@ -0,0 +1,320 @@
+# JUNIPER FIREWALLS
+
+configuration overview
+```
+show configuration
+show configuration | display set | match
+show | display set | include
+show ethernet-switching interface brief
+```
+
+global navigation
+```
+up
+top
+```
+
+modification
+```
+set
+replace pattern A with B
+rename object to object
+delete
+```
+
+
+enabling SSH, generate keys
+```
+set system services ssh
+set system services ssh root-login deny
+set system services ssh protocol-version v2
+set system services ssh client-alive-count-max 5
+set system services ssh client-alive-interval 12
+? set system services ssh ciphers 3des-cbc
+```
+
+
+## USERS AND PASSWORDS
+show users
+```
+show system login | display set
+```
+
+create new user and give a role
+```
+set system login user (username) full-name (FULL_username)
+set system login user (username) class super-user/operator
+```
+
+create permission class and add user (i.e. 'rancid' to fetch configuration)
+```
+set system login class rancid permissions view
+set system login class rancid permissions view-configuration
+set system login user rancid class rancid
+set system login user rancid authentication plain-text-password
+New password: (enter pass)
+```
+if authentication with keys, then
+```
+set system login user rancid authentication ssh-ecdsa (plain_password)
+```
+in addition to user rancid user creation, on rancid host, configure new network device:
+(on rancid server, add host to. do not use ";"c for commenting)
+```
+vi router.db
+su - rancid
+```
+add key and check that rancid can login
+```
+ssh-keygen -R xxx.xxx.196.155
+ssh rancid@(new-device)
+vi ./cloginrc
+bin/clogin (host)
+```
+
+set password, when already encrypted (copying pass from one switch to another"
+```
+set system login user (username) authentication encrypted-password "(crypted_pass)"
+```
+
+when entering in _plain_text_, pass will be prompted and encrypted
+```
+set system login user (username) authentication plain-text-password
+New password: (enter new pass)
+```
+
+## NTERFACES
+
+list interfaces
+```
+show interfaces descriptions
+show interfaces terse
+```
+
+disable interface (=clean conf + administatively down)
+```
+delete interfaces (interface)
+set interfaces (interface) disable
+```
+
+set interfaces ge-0/0/44 unit 0 family inet address xxx.xxx.196.159/26
+```
+set interface ge-0/0/34 description "(host)"
+set routing-options static route default next-hop xxx.xxx.196.129
+```
+
+trunk port
+```
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode trunk
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+```
+
+access port
+```
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode access
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+```
+
+VLANs
+```
+show ethernet-switching interface
+set vlans mgmt vlan-id 128
+set interfaces xe-0/0/44 unit 0 family ethernet-switching vlan members mgmt
+set interfaces vlan unit 128 enable
+set interfaces irb unit 40 family inet
+set interfaces irb unit 40 family inet address xxx.xxx.196.159/26
+set vlans (vlan name) vlan-id 96 l3-interface irb.96
+set interfaces irb unit 96
+set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members [ vlan1 vlan2 ]
+set interface vlan unit 96 enable
+```
+
+
+
+# CONFIGURING RULES
+
+search for matched rules in existing config
+```
+show configuration | display set | match (ip)    
+```
+
+configure mode
+```
+configure
+run show configuration | display set | match (ip)
+run show configuration | display set | match TCP_Port_(number)    
+run show configuration security policies from-zone untrust to-zone (zone) policy (policy-name) | display set
+```
+
+add new rule
+```
+set security policies from-zone (zone) to-zone (zone) policy (number) match source-address Host_(ip)         
+set security policies from-zone (zone) to-zone (zone) policy (number) match destination-address (ip)    
+set security policies from-zone (zone) to-zone (zone) policy (number) match application TCP_Port_(number)/(name of app)
+set security policies from-zone (zone) to-zone (zone) policy (number) then permit    
+```
+
+add new application (port)
+```
+set applications application TCP_Port_(number) destination-port (number)
+set applications application TCP_Port_(number) protocol tcp          
+```
+
+add new host to set of hosts in address book
+```
+set security zones security-zone (zone) address-book address-set (name_of_hosts) address Host_(ip)
+set security zones security-zone (zone) address-book address Host_(ip) (ip)/32
+set security zones security-zone (zone) address-book address Host_(ip) (ip)/32
+```
+
+checking that security policy applies
+```
+show security flow session source-prefix xxx.xxx.xxx.244 application smtp | refresh 3
+show security match-policies from-zone mgmt to-zone untrust source-ip xxx.xxx.xxx.244 source-port 12345 destination-ip xxx.xxx.xxx.90 destination-port 25 protocol tcp
+```
+
+
+checking and commiting
+```
+show | compare
+commit check
+commit
+```
+
+committing with failover
+```
+TODO
+```
+
+
+
+show history of commits
+```
+request system software rollback
+```
+
+checking that policy is in use
+```
+show security policies hit-count | match (number)    
+```
+
+
+## MAINTENANCE
+
+backup/restore configuration to file
+stop commit server, that somebody will not commit config
+```
+request system commit server pause
+```
+
+delete old, save rescue configuration, check timestamp
+```
+request system configuration rescue delete
+request system configuration rescue save
+show system configuration rescue
+show system rollback 0
+```
+
+at this point, configuration could be restored with "rollback" command
+```
+?? request system software rollback
+```
+
+save config, check
+```
+save dhcp-security-snoop config.dhcp-security-snoop.2019073
+save dhcp-snooping config.dhcp-snooping.20190731.1024
+    error: the ethernet-switching subsystem is not running
+save dhcpv6-security-snoop config.dhcpv6-security-snoop.20190731.1025
+file list detail
+```
+
+resume commit server, when ready
+```
+request system commit server pause start
+```
+
+copy from switch to usb memory
+```
+TODO
+```
+scp from switch
+save scp://user@hostname/path/filename routing-instance instance-name source-address address
+```
+
+copy from ftp to switch
+```
+file copy ftp://anonymous:geg@test.jnpr.net/pub/junos/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz /var/tmp/
+```
+
+copy from usb memory to switch
+```
+TODO
+```
+
+
+scp from local host to switch
+```
+TODO
+```
+
+
+restore configuration file
+```
+test configuration (file)
+load (filename)
+```
+
+insert configuration into terminal, finish with C-D
+```
+test configuration terminal
+```
+
+
+
+## JUNOS UPGRADE
+
+```
+show version status
+show version
+show chassis firmware
+```
+
+attach USB and take a snapshot (flash will be repartitioned and content of USB memory will be erased)
+```
+request system snapshot
+```
+
+upload from usb memory
+```
+start shell user root
+mkdir /var/tmp/usb
+mkdir /var/tmp/downloads
+```
+
+connect usb
+```
+ls /dev/da*
+mount_msdosfs /dev/da0s1 /var/tmp/usb
+cp /var/tmp/usb(new-file) /var/tmp/downloads
+umount /var/tmp/usb
+```
+
+
+upload via scp
+```
+TODO
+```
+
+validate package first
+```
+request system software validate /var/tmp/(new-filename)
+```
+
+applying new version
+```
+request system software add /var/tmp/(new-filename) validate
+```
+
+at this point last change to cancel upgrade by deleting install, otherwise reboot
+request system reboot

networking/junos/juniper-switch.md

@@ -0,0 +1,188 @@
+# JUNIPER SWITCH
+
+
+# global navigatoin
+show | display set
+
+up
+
+# modification
+set
+replace pattern A with B
+delete
+
+# USERS AND PASSWORDS
+# show users
+show system login | display set
+
+# create new user and give a role
+set system login user (username) full-name (FULL_username)
+set system login user (username) class super-user/operator
+
+# set password, when already encrypted (copying pass from one switch to another"
+set system login user (username) authentication encrypted-password "(crypted_pass)"
+
+# when entering in _plain_text_, pass will be asked and encrypted
+set system login user (username) authentication plain-text-password
+New password: (enter new pass)
+
+# enabling SSH, generate keys
+set system services ssh
+set system services ssh root-login deny
+set system services ssh protocol-version v2
+set system services ssh client-alive-count-max 5
+set system services ssh client-alive-interval 12
+? set system services ssh ciphers 3des-cbc
+
+# add A record on DNS servers
+
+# add rancid user
+set system login class rancid permissions view
+set system login class rancid permissions view-configuration
+set system login user rancid class rancid
+set system login user rancid authentication plain-text-password
+New password: (enter pass)
+# if authentication with keys, then
+set system login user rancid authentication ssh-ecdsa (plain_password)
+
+## on rancid server, add host to
+## do not use ";"c for commenting
+vi router.db
+su - rancid
+# add key and check that rancid can login
+ssh-keygen -R xxx.xxx.196.155
+ssh rancid@(new-device)
+vi ./cloginrc
+bin/clogin (host)
+
+
+# show configuration
+show configuration | display set | match
+show ethernet-switching interface brief
+
+# INTERFACES
+
+# list interfaces
+show interfaces descriptions
+show interfaces terse
+
+# disable interface (=clean conf + administatively down)
+delete interfaces (interface)
+set interfaces (interface) disable
+
+# set interfaces ge-0/0/44 unit 0 family inet address xxx.xxx.196.159/26
+set routing-options static route default next-hop xxx.xxx.196.129
+set interface ge-0/0/34 description "(host)"
+
+# trunk port
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode trunk
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+
+# access port
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode access
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+
+# VLANs
+show ethernet-switching interface
+set vlans mgmt vlan-id 128
+##set interfaces xe-0/0/44 unit  0s family ethernet-switching vlan members mgmt
+set interfaces vlan unit 128 enable
+set interfaces irb unit 40 family inet
+set interfaces irb unit 40 family inet address xxx.xxx.196.159/26
+set vlans (vlan name) vlan-id 96 l3-interface irb.96
+set interfaces irb unit 96
+set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members [ vlan1 vlan2 ]
+set interface vlan unit 96 enable
+
+
+
+
+# checking and commiting
+show | compare
+commit check
+commit
+
+# show history of commits
+request system software rollback
+
+# checking that policy is in use
+show security policies hit-count | match (number)    
+
+
+
+## MAINTENANCE
+
+# backup/restore configuration to file
+# stop commit server, that somebody will not commit config
+request system commit server pause
+
+# delete old, save rescue configuration, check timestamp
+request system configuration rescue delete
+request system configuration rescue save
+show system configuration rescue
+show system rollback 0
+
+# at this point, configuration could be restored with "rollback" command
+?? request system software rollback
+
+# save config, check
+save dhcp-security-snoop config.dhcp-security-snoop.2019073
+save dhcp-snooping config.dhcp-snooping.20190731.1024
+    error: the ethernet-switching subsystem is not running
+save dhcpv6-security-snoop config.dhcpv6-security-snoop.20190731.1025
+file list detail
+
+# resume commit server, when ready
+request system commit server pause start
+
+## copy from switch to usb memory
+
+## scp from switch
+save scp://user@hostname/path/filename routing-instance instance-name source-address address
+
+## copy from ftp to switch
+file copy ftp://anonymous:geg@test.jnpr.net/pub/junos/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz /var/tmp/
+
+## copy from usb memory to switch
+
+## scp from local host to switch
+
+## restore configuration file
+test configuration (file)
+load (filename)
+
+# insert configuration into terminal, finish with C-D
+test configuration terminal
+
+
+
+
+# JUNOS UPGRADE
+
+## show version status
+show version
+show chassis firmware
+
+# attach USB and take a snapshot (flash will be repartitioned and content of USB memory will be erased)
+request system snapshot
+
+## upload from usb memory
+start shell user root
+mkdir /var/tmp/usb
+mkdir /var/tmp/downloads
+## connect usb
+ls /dev/da*
+mount_msdosfs /dev/da0s1 /var/tmp/usb
+cp /var/tmp/usb(new-file) /var/tmp/downloads
+umount /var/tmp/usb
+
+## upload via scp
+
+## validate package first
+request system software validate /var/tmp/(new-filename)
+
+## applying new version
+request system software add /var/tmp/(new-filename) validate
+
+## at this point last change to cancel upgrade by deliting jinstall, otherwise reboot
+request system reboot

networking/junos/juniper.md

@@ -0,0 +1,221 @@
+# JUNIPER FIREWALL:
+
+
+# global navigatoin
+show | display set
+
+up
+
+# modification
+set
+replace pattern A with B
+delete
+
+# USERS AND PASSWORDS
+# show users
+show system login | display set
+
+
+
+
+# create new user and give a role
+set system login user (username) full-name (FULL_username)
+set system login user (username) class super-user/operator
+
+# set password, when already encrypted (copying pass from one switch to another"
+set system login user (username) authentication encrypted-password "(crypted_pass)"
+
+# when entering in _plain_text_, pass will be asked and encrypted
+set system login user (username) authentication plain-text-password
+New password: (enter new pass)
+
+# enabling SSH, generate keys
+set system services ssh
+set system services ssh root-login deny
+
+
+
+
+set system services ssh protocol-version v2
+set system services ssh client-alive-count-max 5
+set system services ssh client-alive-interval 12
+? set system services ssh ciphers 3des-cbc
+
+# add A record on DNS servers
+
+# add rancid user
+set system login class rancid permissions view
+set system login class rancid permissions view-configuration
+set system login user rancid class rancid
+set system login user rancid authentication plain-text-password
+New password: (enter pass)
+# if authentication with keys, then
+set system login user rancid authentication ssh-ecdsa (plain_password)
+
+## on rancid server, add host to
+## do not use ";"c for commenting
+vi router.db
+su - rancid
+# add key and check that rancid can login
+ssh-keygen -R xxx.xxx.196.155
+ssh rancid@(new-device)
+vi ./cloginrc
+bin/clogin (host)
+
+
+# show configuration
+show configuration | display set | match
+show ethernet-switching interface brief
+
+# INTERFACES
+
+# list interfaces
+show interfaces descriptions
+show interfaces terse
+
+# disable interface (=clean conf + administatively down)
+delete interfaces (interface)
+set interfaces (interface) disable
+
+# set interfaces ge-0/0/44 unit 0 family inet address xxx.xxx.196.159/26
+set routing-options static route default next-hop xxx.xxx.196.129
+set interface ge-0/0/34 description "(host)"
+
+# trunk port
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode trunk
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+
+# access port
+set interfaces ge-0/0/44 unit 0 family ethernet-switching interface-mode access
+set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members mgmt (128)
+
+# VLANs
+show ethernet-switching interface
+set vlans mgmt vlan-id 128
+##set interfaces xe-0/0/44 unit  0s family ethernet-switching vlan members mgmt
+set interfaces vlan unit 128 enable
+set interfaces irb unit 40 family inet
+set interfaces irb unit 40 family inet address xxx.xxx.196.159/26
+set vlans snic-public vlan-id 96 l3-interface irb.96
+set interfaces irb unit 96
+set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members [ snic-admin snic-public ]
+set interface vlan unit 96 enable
+
+
+
+
+# CONFIGURING RULES
+
+# show existing config
+show configuration | display set | match (ip)    
+
+# configure mode
+configure
+run show configuration | display set | match (ip)
+run show configuration | display set | match TCP_Port_(number)    
+run show configuration security policies from-zone untrust to-zone (zone) policy (policy-name) | display set
+
+# add new rule
+set security policies from-zone (zone) to-zone (zone) policy (number) match source-address Host_(ip)         
+set security policies from-zone (zone) to-zone (zone) policy (number) match destination-address (ip)    
+set security policies from-zone (zone) to-zone (zone) policy (number) match application TCP_Port_(number)/(name of app)
+set security policies from-zone (zone) to-zone (zone) policy (number) then permit    
+
+# add new application (port)
+set applications application TCP_Port_(number) destination-port (number)
+set applications application TCP_Port_(number) protocol tcp          
+
+# add new host to set of hosts in address book
+set security zones security-zone (zone) address-book address-set (name_of_hosts) address Host_(ip)
+set security zones security-zone (zone) address-book address Host_(ip) (ip)/32
+set security zones security-zone (zone) address-book address Host_(ip) (ip)/32
+
+# checking and commiting
+show | compare
+commit check
+commit
+
+# show history of commits
+request system software rollback
+
+# checking that policy is in use
+show security policies hit-count | match (number)    
+
+
+
+## MAINTENANCE
+
+# backup/restore configuration to file
+# stop commit server, that somebody will not commit config
+request system commit server pause
+
+# delete old, save rescue configuration, check timestamp
+request system configuration rescue delete
+request system configuration rescue save
+show system configuration rescue
+show system rollback 0
+
+# at this point, configuration could be restored with "rollback" command
+?? request system software rollback
+
+# save config, check
+save dhcp-security-snoop config.dhcp-security-snoop.2019073
+save dhcp-snooping config.dhcp-snooping.20190731.1024
+    error: the ethernet-switching subsystem is not running
+save dhcpv6-security-snoop config.dhcpv6-security-snoop.20190731.1025
+file list detail
+
+# resume commit server, when ready
+request system commit server pause start
+
+## copy from switch to usb memory
+
+## scp from switch
+save scp://user@hostname/path/filename routing-instance instance-name source-address address
+
+## copy from ftp to switch
+file copy ftp://anonymous:geg@test.jnpr.net/pub/junos/7.5R2.8/jinstall-7.5R2.8-domestic-signed.tgz /var/tmp/
+
+## copy from usb memory to switch
+
+## scp from local host to switch
+
+## restore configuration file
+test configuration (file)
+load (filename)
+
+# insert configuration into terminal, finish with C-D
+test configuration terminal
+
+
+
+
+# JUNOS UPGRADE
+
+## show version status
+show version
+show chassis firmware
+
+# attach USB and take a snapshot (flash will be repartitioned and content of USB memory will be erased)
+request system snapshot
+
+## upload from usb memory
+start shell user root
+mkdir /var/tmp/usb
+mkdir /var/tmp/downloads
+## connect usb
+ls /dev/da*
+mount_msdosfs /dev/da0s1 /var/tmp/usb
+cp /var/tmp/usb(new-file) /var/tmp/downloads
+umount /var/tmp/usb
+
+## upload via scp
+
+## validate package first
+request system software validate /var/tmp/(new-filename)
+
+## applying new version
+request system software add /var/tmp/(new-filename) validate
+
+## at this point last change to cancel upgrade by deliting jinstall, otherwise reboot
+request system reboot

networking/junos/logging.md

@@ -0,0 +1,31 @@
+
+
+observing logs:
+```
+show log messages.0.gz
+```
+
+
+
+saving logs
+
+to ftp
+```
+sh log messages.0.gz | no-more | save ftp://username:password@A.B.C.D/directory/messages.0.txt
+```
+
+
+
+downloading logs over scp
+```
+scp (user)@(junos-host):/var/log/* .
+```
+or more specific:
+```
+scp (user)@(junos-host):/var/log/messages .
+```
+
+
+
+more:
+https://supportportal.juniper.net/s/article/EX-QFX-How-to-collect-logs-and-files-from-standalone-and-Virtual-Chassis-VCF-devices?language=en_US

networking/linux/netstat.md

@@ -0,0 +1 @@
+'netstat' is not in use anymore, use 'ss'

networking/openwrt/2020 06 04 - openwrt@lab5l6l0.md

@@ -0,0 +1,92 @@
+http://192.168.1.1
+manual config
+Linksys config panel, pass: admin
+connectivity, flash firmware
+https://downloads.openwrt.org/releases/19.07.2/targets/ipq40xx/generic/openwrt-19.07.2-ipq40xx-generic-linksys_ea6350v3-squashfs-factory.bin
+http://192.168.1.1
+LuCi, pass: admin
+system
+	system
+		general
+			sync time from browser
+			hostname: xxxx
+			timezone: xxxx
+			[save]
+		time synchronization
+			[x] enable NTP client
+			NTP server: xxxx
+	administration
+		router pass: set pass
+		ssh access, check that enabled
+
+
+network
+	interfaces:
+		LAN:
+			general:
+				static:
+					192.168.5.1/255.255.255.0
+				[disable] IPv6 assignment length
+			advanced:
+				[ ] ipv6 management
+				[ ] force link
+			DHCP-server:
+				IPv6: disable everything
+[save&apply]
+[unsaved changed, apply&restart]
+quickly reconnect ethernet cable, renew DHCP
+login to apply settings (otherwise they will be reverted)
+http://192.168.5.1
+
+
+network
+	wireless
+		radio0, Generic 802.11bgn, scan
+		(tablet-ssid)
+			[x] replace wireless configuration
+			name: wwan
+			[x] lock to BSSID
+			Create/assign firewall-zone: wan
+		check:
+			general
+				mode: client
+				ESSID: (tablet-ssid)
+				network: wwan
+[save]
+[save&apply]
+
+status
+	overview
+		check that connected
+
+network
+	wireless
+		remove "openwrt"
+		radio1, Generic 802.11nac, scan for free channel
+		radio1, Generic 802.11nac, add
+			general
+				set channel
+				mode: access point
+				ESSID: xxx
+				network: LAN
+			wireless security
+				encryption: WPA2-PSK
+				cipher: auto
+				key: wlan pass
+[save]
+[save&apply]
+
+
+
+
+
+
+
+
+#
+# softflowd
+#
+system
+	software
+		update lists
+		filter: softflowd, install