tag:blogger.com,1999:blog-56912489573653914552024-03-05T08:59:57.394-08:00UC CornerA blog to share tips and tricks of Cisco Unified Communication (UC) products, such as CUCM, CUPS, CER, CUMA, etc.Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.comBlogger84125tag:blogger.com,1999:blog-5691248957365391455.post-15487654989884879342023-10-01T19:36:00.000-07:002023-10-01T19:36:05.891-07:00SFTP Server<p>Network and UC engineers often need a SFTP server. I've been using FreeFTPd for years due to it's small size and free. However FreeFTPd's encryption algorithm was outdated and not supported by some version of Cisco UC appliances. I have been looking for an alternative for quite some time with no luck. Solarwinds' SFTP server is "Free" but with 4GB limit. Other products are either too bukly or not free at all.</p><p>It turned out that Windows (Server or Desktop) has an "OpenSSH" option which works pretty well.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiTCzDfVpZJ4M2PlAAHCjKSqER1-6ulznbxNmRG9wjHsVISMFbp9wQGhY9fyN_tQZyameJzqUSw8KgQlTUAYmhIeAr0cOZGGFIadaf_VKh7kzbsazSXVwCCt5tL7bb0VVxKB8mAWJhsYg2Pb2BkIJtWDkDdfbX9-FZw2ECbiGj1udFBLhmEP0BlnbEJlPuP" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="848" data-original-width="955" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEiTCzDfVpZJ4M2PlAAHCjKSqER1-6ulznbxNmRG9wjHsVISMFbp9wQGhY9fyN_tQZyameJzqUSw8KgQlTUAYmhIeAr0cOZGGFIadaf_VKh7kzbsazSXVwCCt5tL7bb0VVxKB8mAWJhsYg2Pb2BkIJtWDkDdfbX9-FZw2ECbiGj1udFBLhmEP0BlnbEJlPuP" width="270" /></a></div><br />Go to Apps > Add optional features > Search for OpenSSH Server. Once installed, there will be two services. Start these two services.<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiMDG65UKU_NY0puXeoB_ueTzHT-JSjHiz71EBpYP8Dtb2T9vl0Qpk2tUKY9X_hg2ZkNesA08WmTJuXg8CdUpyidWNky_pl9PSdrQ8KHHGsEvucUmuXClm93BP-SrEdyUaUX8gFh3p0GwycORAzKterMJw3P1x5q0m-Y381qK9B6gGiva9DtaQFAjTL74S5" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="40" data-original-width="359" height="36" src="https://blogger.googleusercontent.com/img/a/AVvXsEiMDG65UKU_NY0puXeoB_ueTzHT-JSjHiz71EBpYP8Dtb2T9vl0Qpk2tUKY9X_hg2ZkNesA08WmTJuXg8CdUpyidWNky_pl9PSdrQ8KHHGsEvucUmuXClm93BP-SrEdyUaUX8gFh3p0GwycORAzKterMJw3P1x5q0m-Y381qK9B6gGiva9DtaQFAjTL74S5" width="320" /></a></div><p>By default, user has access to C:\, which is also the root directory of the SFTP server. However, Cisco UC appliance cannot handle that (with the SFTP root as "/C:/"). To change the SFTP root, you may edit the %programdata%\ssh\sshd_config file. Say, you want to make "C:\SFTP" as the SFTP root directory, add the following line to the file:</p><p><span style="font-family: courier;">ChrootDirectory "C:\SFTP"</span></p><p>Restart the OpenSSH services to take effect.</p><p></p><p><br /></p><br /><br /><p></p>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-80235937439138865152023-08-25T11:34:00.003-07:002023-08-25T11:41:23.946-07:00Minimalist's SIP Lab (Part 2)<p>With may vendors going virtualization, it is possible to run virtual labs where it requires physical equipment before(such as Cisco ISR routers). CML, VIRL, GNS3, EVE-NG, etc. we all heard about them. But how can we run a meaningful lab with minimal resource? That way, we don't have to fire up the lousy UCS servers?</p><p>Take the following diagram as an example. I was working with a group of developers on a voice product, which require a lot of custom tagging in the SIP messages. My job is to configure the routers to copy/modify/manipulate the SIP message. (Yes, a lot of SIP profiles and regex).</p><p>It'd be great if I can run the lab on my laptop. Did I mention that I have 2-3 production VMs (Virtual Machines) running on my laptop already? Adding GNS3 and some virtual routers will definitely have impact on CPU and memory usage.</p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgtkJUrv1elIddZzbSquLxw9OzReYakNb60EAyJhx_kiRVuiiEC4GBUbLAgyK_TWmZOk29KWY6zhZTQlSJPL2KmAlFexVIYgPrInzKBfdaxoSwnv1VAhPuNuXTjjB8h8ZQpuN828kEv5STofi-8d7JWT5Ni2_xInNM41VPGoyJBFk_vyPTdqyzOr-HwTxle" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="286" data-original-width="721" height="127" src="https://blogger.googleusercontent.com/img/a/AVvXsEgtkJUrv1elIddZzbSquLxw9OzReYakNb60EAyJhx_kiRVuiiEC4GBUbLAgyK_TWmZOk29KWY6zhZTQlSJPL2KmAlFexVIYgPrInzKBfdaxoSwnv1VAhPuNuXTjjB8h8ZQpuN828kEv5STofi-8d7JWT5Ni2_xInNM41VPGoyJBFk_vyPTdqyzOr-HwTxle" width="320" /></a></div><br />I achieved the goal with IOL (I86BI_LINUX-ADVENTERPRISEK9-M, Version 15.7(3)M2), which requires 384MB memory per each router. The IOL image boots much faster than the CSR1000V or the C8000V virtual routers (which requires 4GB memory each).<p></p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiehAA1-uQxSyHMrYd-8RVz2ey3KMGcDxWNxeCvfGSLMh8hKxX3St_w2-lmmTHhymCwLsqAieyMgtuAs9lX-34qozferqAqRkHLrtsbXUzInamXRZfni6vJHMJnZ1ZV-eiwPSAx3V-QDPSakjti2eY40TZynEPFTsOwJoui8rpGSO8wwbt7fi4p0Ixif_qt" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="535" data-original-width="880" height="195" src="https://blogger.googleusercontent.com/img/a/AVvXsEiehAA1-uQxSyHMrYd-8RVz2ey3KMGcDxWNxeCvfGSLMh8hKxX3St_w2-lmmTHhymCwLsqAieyMgtuAs9lX-34qozferqAqRkHLrtsbXUzInamXRZfni6vJHMJnZ1ZV-eiwPSAx3V-QDPSakjti2eY40TZynEPFTsOwJoui8rpGSO8wwbt7fi4p0Ixif_qt" width="320" /></a></div><br />I created 3 router instances. Two of them are acting as CME, with MicroSIP softphone registered. One of them is acting as a CUBE. You don't actually need the CUBE license, nor the "mode border-element" command. To test SIP profiles and SIP header manipulation, you just configure regular voip dial-peers.<p></p><p>As mentioned in the previous blog, Sandboxie comes handy when you need to run multiple softphones on the same computer. The footprint is much smaller than launching multiple VMs.</p><p>With this lab, I can make test calls from CME1 to CME2 via the CUBE. I can do all kinds of manipulations.</p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEi86S6lT0CtR3D16tIVdrHvx1UWvU8M_hK0NLWzHB3-He_yuciVEch_O6giWo3MnTkKfw2B2mz-Ew-dX3jP3c1fXfE3UW4eL_G3Ycd3m6dgJ6oQZUgdqxnhVew1rccEtpRg8UEXsn6CR6rhnp9Z3UyM-seVpvX0x8L6AyESZaWmnOj6TCGqB6TIJnFcYClQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="607" data-original-width="1371" height="142" src="https://blogger.googleusercontent.com/img/a/AVvXsEi86S6lT0CtR3D16tIVdrHvx1UWvU8M_hK0NLWzHB3-He_yuciVEch_O6giWo3MnTkKfw2B2mz-Ew-dX3jP3c1fXfE3UW4eL_G3Ycd3m6dgJ6oQZUgdqxnhVew1rccEtpRg8UEXsn6CR6rhnp9Z3UyM-seVpvX0x8L6AyESZaWmnOj6TCGqB6TIJnFcYClQ" width="320" /></a></div><br /><br /><p></p>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-22937716527705232972023-08-12T18:52:00.001-07:002023-08-12T18:52:38.000-07:00Minimalist's SIP Lab<p>SIP has become dominant in UC(Unified Communications) now. If you're interested in learning/practicing SIP, CUBE, SBC, etc., here are some ideas.</p><p>Software lab is always better than hardware lab, because of cost, power consumption, noise, portability, etc. Unless you want to test transcoding (which requires hardware DPS, like PVDM), software is sufficient for most cases.</p><p>If you are reading this, you are probably already familiar with lab software like GNS3, EVE-NG, Virl(CML), etc. I'll use GNS3 as an example.</p><p>There are different virtual images on GNS3. Each one has its pros and cons. I personally like IOL (a.k.a. IOU) because it's lightweight (as little as 256MB per instance) and fast boot time. Most of the L3 IOL image comes with CME(CallManager Express) function. You may use CME as a IP PBX and register SIP phones to it. Codec is limited to G.711 only.</p><div style="text-align: left;"><span style="font-family: courier;"></span><blockquote><span style="font-family: courier;">! Global configuration for VoIP, with SIP sub-section<br /></span><span style="font-family: courier;">voice service voip<br /></span><span style="font-family: courier;"> allow-connections sip to sip<br /></span><span style="font-family: courier;"> sip<br /></span><span style="font-family: courier;"> bind control source-interface eth0/0<br /></span><span style="font-family: courier;"> bind media source-interface eth0/0<br /></span><span style="font-family: courier;"> registrar server expires max 1200 min 300<br /></span><span style="font-family: courier;">!<br /></span><span style="font-family: courier;">voice class codec 1<br /></span><span style="font-family: courier;"> codec preference 1 g711ulaw<br /></span><span style="font-family: courier;">!<br /></span><span style="font-family: courier;">! Global config for SIP registration(CME)<br /></span><span style="font-family: courier;">voice register global<br /></span><span style="font-family: courier;"> mode cme<br /></span><span style="font-family: courier;"> source-address 192.168.28.10 port 5060<br /></span><span style="font-family: courier;"> max-dn 20<br /></span><span style="font-family: courier;"> max-pool 10<br /></span><span style="font-family: courier;"> authenticate register<br /></span><span style="font-family: courier;">!<br /></span><span style="font-family: courier;">! Create DNs to be used in later config<br /></span><span style="font-family: courier;">voice register dn 1<br /></span><span style="font-family: courier;"> number 2001<br /></span><span style="font-family: courier;">!<br /></span><span style="font-family: courier;">! Each register pool is a phone. MAC address doesn’t matter<br /></span><span style="font-family: courier;">voice register pool 1<br /></span><span style="font-family: courier;"> id mac 0000.0000.0001<br /></span><span style="font-family: courier;"> number 1 dn 1<br /></span><span style="font-family: courier;"> dtmf-relay rtp-nte sip-notify<br /></span><span style="font-family: courier;"> voice-class codec 1<br /></span><span style="font-family: courier;"> username user1 password pass1</span></blockquote><span style="font-family: courier;"></span></div><p style="text-align: left;">Then you may download SIP softphone apps, such as X-Lite(now known as "Bria", MicroSIP, etc. Register SIP softphone to CME should be straightforward. Make calls between two or three SIP phones and use debug commands (such as "debug ccsip message") to view the SIP messages is a good starting point.</p><p style="text-align: left;">Most of softphone allows single instance only. You may work around that by using Sandboxie or virtual machines (such as VMware, VirtualBox, etc.)</p><p style="text-align: left;"></p><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiWG01NCGgrdzJmGfAsdivrjYfE0OMIxzqnGK6kP_0_ub_K5mhcZq0HdGS0I_W-1tX4hIsZkr9Blh8WODLBuREM46J3Tf4xysZhXdOJNZCL2TxaG78A0C4qSGslITkXvktBX2TFLI_h8V6pkQzjkrBkaX3Gqt9QrgUv2QfIY6932hRU_IPsMPZ8QasuFNu-" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="919" data-original-width="1502" height="196" src="https://blogger.googleusercontent.com/img/a/AVvXsEiWG01NCGgrdzJmGfAsdivrjYfE0OMIxzqnGK6kP_0_ub_K5mhcZq0HdGS0I_W-1tX4hIsZkr9Blh8WODLBuREM46J3Tf4xysZhXdOJNZCL2TxaG78A0C4qSGslITkXvktBX2TFLI_h8V6pkQzjkrBkaX3Gqt9QrgUv2QfIY6932hRU_IPsMPZ8QasuFNu-" width="320" /></a></div><br />If you want to explore the features of CUBE virtually, you may use CSR100v virtual router, which can also be run on GNS3. There is no license needed.</div><p></p><p style="text-align: left;">If you want to play with codecs (such as g.729) or media resources (such as transcoding), you'll need a hardware router with DSPs. You may get a Cisco ISR4K from eBay for about $200. And get a PVDM4-32 for about $100. I'd get the routers comes with license (UC/K9 or VSEC/K9), though Cisco didn't seem to enforce CUBE license (yet).</p><div><br /></div><div><br /></div>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-8103384368439711882023-08-10T10:51:00.015-07:002023-08-10T11:44:38.263-07:00Cisco Expressway (MRA) and AT&T Wireless Interoperability Issue<p>When deploying a Cisco Expressway MRA(Mobile Remote Access) solution, I ran into a weird interoperability issue with AT&T wireless. The symptom was: MRA calls to AT&T Wireless numbers went straight to voicemail without ringing the cell phone at all. The same MRA call doesn't seem to have problem with other carriers like Verizon, T-Mobile or even AT&T wired phones.</p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh3F3Dp8W7x1u8ypaMvkBuOuOj6_ZgVnKsY9yM2UNM-hVNKSh7mC0GAbHS3KhoqKiE2CfUMVn3Xgd8R8pigP4KfPOSF3mfEhbCaOz3d-1DzSaazz1HYTxLOtYJH9AIJ2Q5eXKY5pGN3ZmXbMylOKq4OZA93pdU5mj-FzchvMjZrO9B-ynrjc6HIS_5dsIuP" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="541" data-original-width="1480" height="117" src="https://blogger.googleusercontent.com/img/a/AVvXsEh3F3Dp8W7x1u8ypaMvkBuOuOj6_ZgVnKsY9yM2UNM-hVNKSh7mC0GAbHS3KhoqKiE2CfUMVn3Xgd8R8pigP4KfPOSF3mfEhbCaOz3d-1DzSaazz1HYTxLOtYJH9AIJ2Q5eXKY5pGN3ZmXbMylOKq4OZA93pdU5mj-FzchvMjZrO9B-ynrjc6HIS_5dsIuP" width="320" /></a></div><br />At the first glance, this seems to be a carrier issue and there is not much we can do unless the carrier tells us what's wrong. The demarcation point is at the CUBE. I don't have any visibility beyond the CUBE.<p></p><p>I decided to do some troubleshooting within my scope. I noticed that non-MRA calls didn't seem to have this problem.</p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgEREqzmZaA6t3UgFRTEuRrUH6gJG0LoAPhkinkZwxO3gem1J_8-8oJ2oA51onVFjzY0rsJiEwaq-bXveR-CnXuO0DyAYCWffMhb3LL69ev54_IAEdxNAPcpp6P91oXY6tOjJ2JbPnuHxdlswSHuG-ZSDjtDEySylXC9ECjcLv4ucEVfUD36eu0dcL7HEzY" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="411" data-original-width="1214" height="108" src="https://blogger.googleusercontent.com/img/a/AVvXsEgEREqzmZaA6t3UgFRTEuRrUH6gJG0LoAPhkinkZwxO3gem1J_8-8oJ2oA51onVFjzY0rsJiEwaq-bXveR-CnXuO0DyAYCWffMhb3LL69ev54_IAEdxNAPcpp6P91oXY6tOjJ2JbPnuHxdlswSHuG-ZSDjtDEySylXC9ECjcLv4ucEVfUD36eu0dcL7HEzY" width="320" /></a></div><br />If it's only the MRA calls having the problem, it is unfair to point the finger to the carrier. But on the other hand, this only happens with one carrier. It must be an interoperability between MRA and that particular carrier.<p></p><p>Both MRA calls and non-MRA calls go through the same CUBE. I looked at the INVITEs sent from CUBE to carrier. They are very similar except that the MRA calls have "Max-Forwards: 12" in the SIP messages while non-MRA calls have "Max-Forwards: 69".</p><p>I'm not sure if that's the root cause of the problem but that is the only thing sticks out. By looking at Cisco documentations, Expressway has default Max-Forwards of 15 and CUCM has default of 70. These values are very close to 12 and 69 from the CUBE logs.</p><p>Max-Forwards tag was designed to prevent infinite loops in call routing, similar to the TTL in IP packets or hop-count in routing protocols. The value will be decreased by 1 on each hop along the path. If one of the hops has a different value on Max-Forwards, the lower value takes precedence. The diagram below explains why the MRA calls have a value of 12 while the non-MRA calls have a value of 69.</p><p></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhEr35z52iDWKuq75Oz2z_n2hlezfSOr73D7P_TZED96AhP2Ujtu9j359Ka885npOdsnSoghslifooHxwMqJVairuL8iML85oU6TxfFveZgb3Tvo9VatFBiK02e34G5MDvh9_NvXf-dK4B2YkqjmwUDetDnSbltBR7-MG2MDGOGpyvDCoWcUppj3i7znQlF" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="437" data-original-width="1209" height="116" src="https://blogger.googleusercontent.com/img/a/AVvXsEhEr35z52iDWKuq75Oz2z_n2hlezfSOr73D7P_TZED96AhP2Ujtu9j359Ka885npOdsnSoghslifooHxwMqJVairuL8iML85oU6TxfFveZgb3Tvo9VatFBiK02e34G5MDvh9_NvXf-dK4B2YkqjmwUDetDnSbltBR7-MG2MDGOGpyvDCoWcUppj3i7znQlF" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>Without seeing the AT&T Wireless logs, I cannot tell what happened within the cellular network. But imagine there are 12 or more hops in the cellular network before the call reaches the wireless endpoints (cell phones). What would happen?<p></p><p>When the Max-Forwards value decreased to 0 on the way, the call will be dropped. If that happens, the call controller within the cellular network will think the cell phone is unreachable (like when the cell phone is powered off or out of signal). The call controller will send a REFER (redirect) SIP message back to the originator. The call will be redirected to the cell phone's voicemail. This is exactly what happens when the cell phone is "unreachable".</p><p></p><ul style="text-align: left;"><li>If it take less hops for the CUBE to reach the voicemail server (less than 12 hops), the call will be established. The caller will hear voicemail greetings.</li><li>If it takes 12 hops or more for the CUBE to reach the voicemail server, the caller will hear reorder tone (fast busy) or the carrier's error announcement. Because the call will fail for the same reason (Max-Forwards decreased to 0).</li></ul><p></p><p>In my case, it is the prior. Again, all these are just my guess, but an educated guess. Is there a way we can fix this problem without carrier involved? Of course.</p><p>The solution is to change Expressway default value from 15 to 70. It doesn't necessarily have to be 70. It just needs to be a value large enough so that the SIP message can survive the number of hops before the Max-Forwards decreased to 0. Since CUCM has a default value of 70 and it seems to work, I decided to set Expressway to 70 as well. If you are one of those OCD (Obsessive-compulsive disorder) persons, you may set Expressway to 72. Then both MRA and non-MRA calls will leave the CUBE with the same value of 69, making it "consistent" from carrier point of view.</p><p></p><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhWlMRhtgUpEsCUP3J2-0uvDD5wopS4plr1nYcd5mCq71jOzijLK05BEeRDQ4OREYR-l8mT3rDU_p8CMELxMZYYqSltEP00z3IHnxQSeGEa0nceIoXO9OJxcdCY0Ee08KmhY8QEba_Ok7QWjYRC-6GV1rpbEfm52HCuQvIm-TK4o3v1cec0RD4aZ9C9I_01" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="446" data-original-width="1257" height="114" src="https://blogger.googleusercontent.com/img/a/AVvXsEhWlMRhtgUpEsCUP3J2-0uvDD5wopS4plr1nYcd5mCq71jOzijLK05BEeRDQ4OREYR-l8mT3rDU_p8CMELxMZYYqSltEP00z3IHnxQSeGEa0nceIoXO9OJxcdCY0Ee08KmhY8QEba_Ok7QWjYRC-6GV1rpbEfm52HCuQvIm-TK4o3v1cec0RD4aZ9C9I_01" width="320" /></a></div></div><br />After the change, MRA calls to AT&T wireless numbers work as expected.</div><p></p>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-32559457739783009612020-12-25T13:39:00.001-08:002020-12-25T13:44:15.802-08:00Guest Shell on CSR1000v 17.3.2<p>Software used:</p><p></p><ul style="text-align: left;"><li>GNS3 2.2.17</li><li>VMware Workstation for Windows 16.1.0</li><li>Windows 10 x64 Version 20H2 (Build 19042.685)</li><li>Cisco CSR 1000v (csr1000v-universalk9.17.03.02-serial.qcow2)</li></ul><p></p><p></p><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">In VMware Virtual Network Editor, a NAT network was created with subnet address 192.168.28.0/24. (Your subnet might be different. But the NAT network should have been created when you install VMware).</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhN49DaYas5HuLHUvtbzP8UydRoFMgmgTA-8ZZeDIdynNGBAGUt6kjRJrkGLjDNxEju6uIso_aDBDF95U76EXb0ajsjtxr_apheJ4pIHbjZPu1Bmdp2hjnqM3YArdAEmvqv84gVZgs0BIB/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="252" data-original-width="602" height="134" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhN49DaYas5HuLHUvtbzP8UydRoFMgmgTA-8ZZeDIdynNGBAGUt6kjRJrkGLjDNxEju6uIso_aDBDF95U76EXb0ajsjtxr_apheJ4pIHbjZPu1Bmdp2hjnqM3YArdAEmvqv84gVZgs0BIB/" width="320" /></a></div><p></p><p>When I created GNS3 VM, I told it to use NAT network. As shown in the picture below, it got a DHCP IP 192.168.21.128.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwu85V5K1OOzQvDveFskQdEFckB03zaIqxAUMc1q3uSruZ1F6OSVBEPVF6Jo0uuTvjL_KnZO1c38UT48sIcNzxF9-1Eq92pqIlnk3XvAj0aPQAyFs2gzIEkifadu61Bd7gSvsC6Q9UA8oQ/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="768" data-original-width="1017" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwu85V5K1OOzQvDveFskQdEFckB03zaIqxAUMc1q3uSruZ1F6OSVBEPVF6Jo0uuTvjL_KnZO1c38UT48sIcNzxF9-1Eq92pqIlnk3XvAj0aPQAyFs2gzIEkifadu61Bd7gSvsC6Q9UA8oQ/w320-h242/image.png" width="320" /></a></div><br />In GNS3, create a CSR instance and connect to GNS3-VM cloud, so that the CSR can have Internet access (to download software). If your GNS3-VM has only one NIC, it'd be eth0. My GNS3-VM has two NICs and the eth1 is connected to the NAT network. When connecting CSR's Gi1 to the GNS3-VM eth1, we actually put the CSR Gi1 into the NAT network.<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAzJHzHbIu5SnIe4dm8Jn5q_80JA0UULzRyRjpfcX0ZGXxMBzmtCRUh7MVGQRWtubq7zl-cf3JAzg1-dLQiNwOemkqV1bnuAUPIURCCBjwf0rugXxUL9CdYbExpndW7Ju4gOgnYIRTZL5q/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="88" data-original-width="428" height="66" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAzJHzHbIu5SnIe4dm8Jn5q_80JA0UULzRyRjpfcX0ZGXxMBzmtCRUh7MVGQRWtubq7zl-cf3JAzg1-dLQiNwOemkqV1bnuAUPIURCCBjwf0rugXxUL9CdYbExpndW7Ju4gOgnYIRTZL5q/" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">When CSR boots up, it shall get a DHCP IP from NAT network. It also gets the DNS IP from DHCP.</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS6k9vzDyLPlaWZrvLuJ4m3dSQHh1atmma0mpavFi6t0cNHLYzp1gzqbBStQYHBeLIMxxRiLPV2el8EzkuGkXaQcLxKfJASVAtxr14u15T5FhLxBpka1OQh8_FPNs_7yoPUzuQ-cWP62q7/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="425" data-original-width="826" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS6k9vzDyLPlaWZrvLuJ4m3dSQHh1atmma0mpavFi6t0cNHLYzp1gzqbBStQYHBeLIMxxRiLPV2el8EzkuGkXaQcLxKfJASVAtxr14u15T5FhLxBpka1OQh8_FPNs_7yoPUzuQ-cWP62q7/w320-h165/image.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div>To verify Internet is working, try to ping www.google.com.</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEineHwjRxGLsZKhXQ4ygvLhJL0QoBJlGcAOoFfa2bYnUN5doQRxonB31M9oNzy69AdzlBBGW1-lojR2y26_4DPG3HbpwM5UqkLDnwu50IkH5KBGEcVat18WNHoMzzKcM8pXLcEd9gbl0GzO/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="114" data-original-width="722" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEineHwjRxGLsZKhXQ4ygvLhJL0QoBJlGcAOoFfa2bYnUN5doQRxonB31M9oNzy69AdzlBBGW1-lojR2y26_4DPG3HbpwM5UqkLDnwu50IkH5KBGEcVat18WNHoMzzKcM8pXLcEd9gbl0GzO/" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div></div><div class="separator" style="clear: both; text-align: left;">Guest Shell is like a service module in the router (like the RSM in Catalyst 5500 switch, or the CUE module in Cisco 2800 router). A Virtual PortGroup (VPG) is needed to be the gateway between Guest Shell and the physical interfaces. In Cisco's document, VPG and Guest Shell are configured with private IP and NAT. See diagram below.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHbiQj6ixAU45ev80MyzLgv_I9YN8btQxLfem4S7lFvOezjlCXd5BuoL7KWxXtd2eVZwR6UhYZP8vR0Srbgfk85Xh45fysBTFFrV7nAKpHAQvC1CCWF7861E5eXOuKpczVqTBz7JFLcLAK/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="518" data-original-width="625" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHbiQj6ixAU45ev80MyzLgv_I9YN8btQxLfem4S7lFvOezjlCXd5BuoL7KWxXtd2eVZwR6UhYZP8vR0Srbgfk85Xh45fysBTFFrV7nAKpHAQvC1CCWF7861E5eXOuKpczVqTBz7JFLcLAK/" width="290" /></a></div><br />In home lab, you may do it in a different way. You may configure VPG with "ip unnumber Gi1". VGP will use the IP of Gi1. Then configure the Guest Shell interface in the same subnet as Gi1 (but a different IP). The advantage is - one less subnet in the network. No NAT is needed. The disadvantage is - you need to allocate an IP in the same subnet as Gi1. (this shouldn't be a problem in home lab though). This option is illustrated in the diagram below:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7uKN-sTqdepC-NPGXWaR6uO_p4UcpoiVzanP1mW7Rr279JsHZo8FENGF0r65TWpFrCfmWIEZ0uoIpKSTorIp3fAi58C8KEJcb7Exnaj4TPzBAAx8WVyJ7Mo0dES5-HM9k2sp2J0dUoyMq/s625/VPG.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="518" data-original-width="625" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7uKN-sTqdepC-NPGXWaR6uO_p4UcpoiVzanP1mW7Rr279JsHZo8FENGF0r65TWpFrCfmWIEZ0uoIpKSTorIp3fAi58C8KEJcb7Exnaj4TPzBAAx8WVyJ7Mo0dES5-HM9k2sp2J0dUoyMq/s320/VPG.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Enable IOX:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNatkswzfbtlr4E8TqEh2tRTSp9ihBPvzpogss8I8C8RyD_gB8blhAg4mGP4RumYuFAFes_0jyiH-71CEMvcCSL7aaCmZN8cZyBH_GC2n1ZSdzg80ILomI52WfqQUliUBhf26J7JGwQQSo/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="323" data-original-width="1058" height="98" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNatkswzfbtlr4E8TqEh2tRTSp9ihBPvzpogss8I8C8RyD_gB8blhAg4mGP4RumYuFAFes_0jyiH-71CEMvcCSL7aaCmZN8cZyBH_GC2n1ZSdzg80ILomI52WfqQUliUBhf26J7JGwQQSo/" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div>Configure VirtualPortGroup0:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">interface VirtualPortGroup0</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> <span style="background-color: #fcff01;">ip unnumbered GigabitEthernet1</span></span></div><div class="separator" style="clear: both;"><br /></div>Check the VPG IP:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJVtaAl4m3CEtFXqeFDptJjRLnicpS4-rmeK1g4FWUpJGFTiUF-mIrPLJs90Ir7aS04j_iS3OlwiF1ulDtTJRO1Nl7Cg0GhTCo6n5MLtGWxTsDEPaEk94QWp-tXMJPFmZFayJZCfr97oP9/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="130" data-original-width="811" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJVtaAl4m3CEtFXqeFDptJjRLnicpS4-rmeK1g4FWUpJGFTiUF-mIrPLJs90Ir7aS04j_iS3OlwiF1ulDtTJRO1Nl7Cg0GhTCo6n5MLtGWxTsDEPaEk94QWp-tXMJPFmZFayJZCfr97oP9/" width="320" /></a></div><br />Configure Guest Shell parameters. In the example below, 192.168.28.130 is the VPG IP. 192.168.28.127 is an arbitrary (available) IP in the same subnet. 8.8.8.8 is a DNS server.</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">app-hosting appid guestshell</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> app-vnic gateway0 virtualportgroup 0 guest-interface 0</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> guest-ipaddress 192.168.28.127 netmask 255.255.255.0</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> app-default-gateway 192.168.28.130 guest-interface 0</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> app-resource profile custom</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> cpu 1500</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> memory 512</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"> name-server0 8.8.8.8</span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">end</span></div><div><br /></div><div>VERY IMPORTANT: the router needs to know how to send the traffic to guest shell:</div><div><span style="background-color: #fcff01; font-family: courier; font-size: x-small;">ip route 192.168.28.127 255.255.255.255 VirtualPortGroup 0</span></div></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Enable Guest Shell:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheTMCINKZzxVtQJhiNsqCprNt3sgTaS4a1UcPAIrIVFgR5BwBBZaBbslJcOtzX8tLMw1xYHQ6ALyKEg8Az7DzmsIw79b5vMMDfG_UCfNVTjyPxUS8T41g3y3bCnJ15m-j_cz5GGVGYAETr/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="195" data-original-width="1047" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheTMCINKZzxVtQJhiNsqCprNt3sgTaS4a1UcPAIrIVFgR5BwBBZaBbslJcOtzX8tLMw1xYHQ6ALyKEg8Az7DzmsIw79b5vMMDfG_UCfNVTjyPxUS8T41g3y3bCnJ15m-j_cz5GGVGYAETr/" width="320" /></a></div><br />Enter Guest Shell. Optionally, sudo:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">CSR1#<b>guestshell</b></span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">[guestshell@guestshell ~]$ </span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;"><div class="separator" style="clear: both;">[guestshell@guestshell ~]$ <b>sudo su -</b></div><div class="separator" style="clear: both;">Last login: Fri Dec 25 20:45:49 UTC 2020 on pts/4</div><div class="separator" style="clear: both;">[root@guestshell ~]# </div></span></div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">DNS resolution within Guest Shell is independent of host platform itself. The name-server configured in "Guest Shell parameters" will automatically get injected into the /etc/resolv.conf file on the CSR1000v. For NX-OS you must explicitly configure the /etc/resolv.conf entry.</div><br /><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# <b>cat /etc/resolv.conf</b></span></div><div class="separator" style="clear: both;"><span style="font-family: courier; font-size: x-small;">nameserver 8.8.8.8</span></div></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Verify Guest Shell can ping Internet host by DNS name.</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3PCdMNHd_cbtIVMhPGSOswoOTbFkHQ8gEcxl6RY4Fzd0aIdebfoG1VWfqIulauVa8d_VIlC7thuiaAIlvrxd5kfkthzX0J32ZS6i1qklFPZr8h95MUX323VPShx8VlY9q0uJq015B6xQD/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="165" data-original-width="891" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3PCdMNHd_cbtIVMhPGSOswoOTbFkHQ8gEcxl6RY4Fzd0aIdebfoG1VWfqIulauVa8d_VIlC7thuiaAIlvrxd5kfkthzX0J32ZS6i1qklFPZr8h95MUX323VPShx8VlY9q0uJq015B6xQD/" width="320" /></a></div><p></p><div style="text-align: left;">Check versions:</div><div style="text-align: left;"><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# cat /etc/*-release</span></div><div><span style="font-family: courier; font-size: x-small;">CentOS Linux release 8.1.1911 (Core) </span></div><div><span style="font-family: courier; font-size: x-small;">NAME="CentOS Linux"</span></div><div><span style="font-family: courier; font-size: x-small;">VERSION="8 (Core)"</span></div><div><span style="font-family: courier; font-size: x-small;">ID="centos"</span></div><div><span style="font-family: courier; font-size: x-small;">ID_LIKE="rhel fedora"</span></div><div><span style="font-family: courier; font-size: x-small;">VERSION_ID="8"</span></div><div><span style="font-family: courier; font-size: x-small;">PLATFORM_ID="platform:el8"</span></div><div><span style="font-family: courier; font-size: x-small;">PRETTY_NAME="CentOS Linux 8 (Core)"</span></div><div><span style="font-family: courier; font-size: x-small;">ANSI_COLOR="0;31"</span></div><div><span style="font-family: courier; font-size: x-small;">CPE_NAME="cpe:/o:centos:centos:8"</span></div><div><span style="font-family: courier; font-size: x-small;">HOME_URL="https://www.centos.org/"</span></div><div><span style="font-family: courier; font-size: x-small;">BUG_REPORT_URL="https://bugs.centos.org/"</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">CENTOS_MANTISBT_PROJECT="CentOS-8"</span></div><div><span style="font-family: courier; font-size: x-small;">CENTOS_MANTISBT_PROJECT_VERSION="8"</span></div><div><span style="font-family: courier; font-size: x-small;">REDHAT_SUPPORT_PRODUCT="centos"</span></div><div><span style="font-family: courier; font-size: x-small;">REDHAT_SUPPORT_PRODUCT_VERSION="8"</span></div><div><span style="font-family: courier; font-size: x-small;"><br /></span></div><div><span style="font-family: courier; font-size: x-small;">CentOS Linux release 8.1.1911 (Core) </span></div><div><span style="font-family: courier; font-size: x-small;">CentOS Linux release 8.1.1911 (Core) </span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# </span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# hostnamectl</span></div><div><span style="font-family: courier; font-size: x-small;"> Static hostname: guestshell</span></div><div><span style="font-family: courier; font-size: x-small;"> Icon name: computer-container</span></div><div><span style="font-family: courier; font-size: x-small;"> Chassis: container</span></div><div><span style="font-family: courier; font-size: x-small;"> Machine ID: d1eabe2de31449ccbbc0bae3567b0b83</span></div><div><span style="font-family: courier; font-size: x-small;"> Boot ID: 222a6b054eda4e3f8bb93705a9bb7a44</span></div><div><span style="font-family: courier; font-size: x-small;"> Virtualization: lxc-libvirt</span></div><div><span style="font-family: courier; font-size: x-small;"> Operating System: CentOS Linux 8 (Core)</span></div><div><span style="font-family: courier; font-size: x-small;"> CPE OS Name: cpe:/o:centos:centos:8</span></div><div><span style="font-family: courier; font-size: x-small;"> Kernel: Linux 4.19.106</span></div><div><span style="font-family: courier; font-size: x-small;"> Architecture: x86-64</span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# </span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# uname -a</span></div><div><span style="font-family: courier; font-size: x-small;">Linux guestshell 4.19.106 #1 SMP Fri Oct 2 17:55:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux</span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# </span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# uname -mrs</span></div><div><span style="font-family: courier; font-size: x-small;">Linux 4.19.106 x86_64</span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# </span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# cat /proc/version</span></div><div><span style="font-family: courier; font-size: x-small;">Linux version 4.19.106 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Fri Oct 2 17:55:01 UTC 2020</span></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# </span></div><div><br /></div><div>Python3:</div></div><div><span style="font-family: courier; font-size: x-small;">[root@guestshell ~]# <b>python3</b></span></div><div><span style="font-family: courier; font-size: x-small;">Python 3.6.8 (default, Nov 21 2019, 19:31:34) </span></div><div><span style="font-family: courier; font-size: x-small;">[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux</span></div><div><span style="font-family: courier; font-size: x-small;">Type "help", "copyright", "credits" or "license" for more information.</span></div><div><span style="font-family: courier; font-size: x-small;">>>> </span></div><div><br /></div><br /><p></p><div>References:</div><div><a href="https://www.virtualpackets.com/guest-shell-5-2-b/">https://www.virtualpackets.com/guest-shell-5-2-b/</a></div><div><a href="https://blog.it-playground.eu/iox-and-guest-shell-on-ios-xe/">https://blog.it-playground.eu/iox-and-guest-shell-on-ios-xe/</a></div><div><a href="https://www.youtube.com/watch?v=JJjTByHN2iI">https://www.youtube.com/watch?v=JJjTByHN2iI</a></div><div><a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/173/b_173_programmability_cg/guest_shell.html">https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/173/b_173_programmability_cg/guest_shell.html</a></div><div><br /></div>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-45485780321535779462020-10-18T19:49:00.012-07:002022-01-07T07:09:04.187-08:00CUCM Security Tips<p style="text-align: left;"></p><h2 style="text-align: left;">CUCM Security Tips</h2><ul style="text-align: left;"><li>With CUCM in non-secure (default) mode, you may use secure SIP trunk, but you cannot use secure SCCP endpoints (secure media resource, secure SCCP phones). You may try to telnet to CUCM on port 2443 (secure SCCP port), the port is closed.</li><li>The easiest way to put CUCM in mixed-mode is to use CLI command "utils ctl set-cluster mixed-mode". Ref: <a href="https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215411-enable-encryption-on-cisco-unified-commu.html">https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215411-enable-encryption-on-cisco-unified-commu.html</a></li><li>Since from CUCM 11.5U3, you'll need an "encryption license" to enable mixed mode. License if free, but you'll have to get it from Cisco, either through PUT (Product Upgrade Tool) or open a license case. Ref: <a href="https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/plm/11_5_1_SU2/releasenotes/cplm_b_release-notes-cplm-1151su2/cplm_b_release-notes-cplm-1151su2_chapter_01.html#reference_54690C68E3499E0FC2E9BBD6B9AC66A8">https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/plm/11_5_1_SU2/releasenotes/cplm_b_release-notes-cplm-1151su2/cplm_b_release-notes-cplm-1151su2_chapter_01.html#reference_54690C68E3499E0FC2E9BBD6B9AC66A8</a></li></ul><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDBkjBR4Mgq_BgZu-A4sv6_dfXlUDUuOyvWVBpvn6nDYYUWLCapubEvIQ-_S-XAChnRfAnLl1NpljojvJAZDfMjh_8edw9IHRBXOYsze9i1t5qkwbLn0nKqaHy8TKqSjAkiFS1gGP0JfkW/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="277" data-original-width="598" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDBkjBR4Mgq_BgZu-A4sv6_dfXlUDUuOyvWVBpvn6nDYYUWLCapubEvIQ-_S-XAChnRfAnLl1NpljojvJAZDfMjh_8edw9IHRBXOYsze9i1t5qkwbLn0nKqaHy8TKqSjAkiFS1gGP0JfkW/w400-h185/image.png" width="400" /></a></div><br /><br /><ul style="text-align: left;"><li>Secure Conference Bridge has special requirement. Though configuration for secure conference bridge (CFB) is pretty much the same as secure transcoder(TRA) and secure media termination point(MTP), secure CFB requires the register name to match the hostname portion of the subject name (in the certificate/trust-point). For instance,</li><ul><li>You router's FQDN is R1.MyCompany.com.</li><li>Most likely you would enroll a certificate for the router with a subject name "R1.MyCompany.com".</li><li>On the router, you created a trust point R1-Cert to hold the above certificate.</li><li>You would think you could use R1-Cert for secure SIP-trunk, secure media resource, etc. Until it comes to the point that you try to register a secure conference bridge.</li><ul><li>On CUCM, you saw the conference bridge status is "rejected", yet secure transcoder and MTP are registered. So it's unlikely certificate problem.</li><li>On CUCM, you named them R1-CFB, R1-TRA, and R1-MTP</li></ul></ul></ul><p style="text-align: left;"></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p style="text-align: left;">The problem is with the name "R1-CFB". It has to match with the hostname portion in the certificate (which is "R1" in this case). OK, no big deal, I'll just change the name from "R1-CFB" to "R1". Well... you cannot do that. Because IOS won't accept a conference bridge name shorter than 6 characters or longer than 15 characters. So you either change the router name (make it between 6 and 15 characters), re-enroll the certificate; or keep the router name/keep the router certificate, and enroll another certificate for conference bridge (yes, for conference bridge only). For instance,</p></blockquote><p style="text-align: left;"></p><ul style="text-align: left;"><ul><li>Your router certificate is <b>R1</b>.MyCompany.com</li><li>Your conference bridge certificate is <b>R1-CFB</b>.MyCompany.com</li></ul></ul><p style="text-align: left;"></p><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p style="text-align: left;">No, you don't need DNS entry created for those names. You may use IP addresses and TLS handshake will still succeed.</p></blockquote><p style="text-align: left;"></p><ul style="text-align: left;"><li>On IOS-XE (all ISR G3 / ISR 4000 series), Cisco decided not to support secure transcoding, which means, when you create transcoding profile on the router, there's no "security" option available. Available options are:</li><ul><li>Register non-secure transacoder to CUCM (application sccp)</li><li>Register LTI transcoder to the router (application cube)</li><li>No transcoding at all. on IOS-XE, SRTP to RTP internetworking does not require transcoding.</li></ul><li>Crypto Mismatch in ad-hoc conference (call dropped)</li></ul><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><span style="font-family: courier; font-size: x-small;">31948894.000 |11:19:34.039 |SdlSig |MXErrorReport |interfacesEstablished |MediaExchange(3,100,114,571) |AgenaInterface(3,100,11,249) |3,100,247,81913.201^131.7.195.252^* |[R:N-H:0,N:2,L:0,V:0,Z:0,D:0] error=0 CallMediaFailureCause=block unencrypted media Reason=prepareAndSendOLC - Serv Param 'Block Unencrypted Calls' is true and the call is unencrypted. Hence blocking the call.<br />31948895.000 |11:19:34.039 |SdlSig |MXErrorReport |waitStopped |MediaExchange(3,100,114,571) |AgenaInterface(3,100,11,249) |3,100,247,81913.201^131.7.195.252^* |[R:N-H:0,N:4,L:0,V:0,Z:0,D:0] error=0 CallMediaFailureCause=block unencrypted media Reason=openOutgoingAudioChannel - Serv Param 'Block Unencrypted Calls' is true and <span style="background-color: #fcff01;">sRTP keys not generated successfully</span>. Hence blocking the call.</span></blockquote><ul style="text-align: left;"></ul><p style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;">The above messages indicate there's a crypto mismatch between the conference resource and the intended call leg. Use "show sccp" command to see support crypto on conference resource. e.g.:</p><br /><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><span style="font-family: courier; font-size: x-small;">Router#<b>show sccp</b></span></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><span style="font-family: courier; font-size: x-small;">Conferencing Oper State: ACTIVE - Cause Code: NONE<br />Active Call Manager: 143.124.8.141, Port Number: 2443<br />TCP Link Status: CONNECTED, Profile Identifier: 1<br />Security<br />Signaling Security: ENCRYPTED TLS<br />Media Security: SRTP<br />Supported crypto suites: <span style="background-color: #fcff01;">AES_CM_128_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80</span></span></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><p style="text-align: left;">On CUBE, create a voice class for crypto and apply it to the dial-peer:</p></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><span style="font-family: courier; font-size: x-small;">voice class <b>srtp-crypto 1</b><br /></span><span style="font-family: courier; font-size: x-small;"> crypto 1 AES_CM_128_HMAC_SHA1_32<br /></span><span style="font-family: courier; font-size: x-small;"> crypto 2 AES_CM_128_HMAC_SHA1_80</span></blockquote><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><span style="font-family: courier; font-size: x-small;">!<br /></span><span style="font-family: courier; font-size: x-small;">dial-peer voice 50 voip<br /></span><span style="font-family: courier; font-size: x-small;"> voice-class sip <b>srtp-crypto 1</b></span></blockquote><p>Reference #1: <a href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/srtp-rtp-interworking.html">https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/srtp-rtp-interworking.html</a> </p><p>Reference #2: <a href="https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/xe-16-9/isr4400swcfg-xe-16-9-book/configuring_voice_functionality.html#concept_xd5_zvc_sbb">https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/xe-16-9/isr4400swcfg-xe-16-9-book/configuring_voice_functionality.html#concept_xd5_zvc_sbb</a> (For<span face="CiscoSans, Arial, sans-serif" style="background-color: white; color: #58585b; font-size: 14px;"> SCCP-based signalling, only TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is supported)</span></p><h2 style="text-align: left;">Use IOS router as CA (Certificate Authority) Server</h2><p style="text-align: left;">If you have a router handy (especially with GNS3), IOS CA is probably the most convenient way to sign certificates. Though you may set up IOS CA for online enrollment, I strong recommend you practice terminal method. In most cases, terminal is the quickest (and probably the only) way to get your job done.</p><p style="text-align: left;">To set up CA server on IOS, you just need a couple commands:</p><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;"></span><p style="text-align: left;"><span style="font-family: courier; font-size: x-small;"></span></p><span style="font-size: x-small;"><span style="font-family: courier;">conf t</span><br /><span style="font-family: courier;">crypto key generate rsa general-keys exportable label myCA modulus 2048</span><br /><span style="font-family: courier;">crypto key export rsa myCA pem url nvram: des myCAkey</span><br /><span style="font-family: courier;">ip http server</span><br /><span style="font-family: courier;">crypto pki server myDB</span><br /><span style="font-family: courier;"> database level minimum</span><br /><span style="font-family: courier;"> database url nvram:</span><br /><span style="font-family: courier;"> issuer-name cn=myCA, l=Dallas, c=US</span><br /><span style="font-family: courier;"> lifetime certificate 7305</span><br /><span style="font-family: courier;"> grant auto</span><br /></span><p style="text-align: left;"><span style="font-family: courier; font-size: x-small;"> no shut</span></p><blockquote style="text-align: left;"><span style="font-family: courier; font-size: x-small;"></span></blockquote><p style="text-align: left;"></p><p style="text-align: left;">From a router (say, R1) you want to enroll certificate, do the following:</p></div><span style="font-size: x-small;"><span style="font-family: courier;">crypto key generate rsa label MyRSAkey exportable modulus 2048</span><br /><span style="font-family: courier;">crypto pki trustpoint R1-Cert</span><br /><span style="font-family: courier;"> serial-number none</span><br /><span style="font-family: courier;"> fqdn none</span><br /><span style="font-family: courier;"> ip-address none</span><br /><span style="font-family: courier;"> subject-name cn=R1.mycompany.com</span><br /><span style="font-family: courier;"> revocation-check none</span><br /><span style="font-family: courier;"> rsakeypair MyRSAkey</span><br /><span style="font-family: courier;"> enrollment terminal</span><br /></span><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;">crypto pki enroll R1-Cert</span></div><p style="text-align: left;">R1 will generate CSR and print it on the terminal. You're going to copy/paste the CSR to the CA server we created above. An example output is like below:</p><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;"></span></div><span style="font-size: x-small;"><span style="font-family: courier;">R1(config)#</span><b style="background-color: #fcff01; font-family: courier;">crypto pki enroll R1-cert</b><br /></span><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;">% Start certificate enrollment .. <br /></span></div><span style="font-size: x-small;"><span style="font-family: courier;">% The subject name in the certificate will include: cn=R1.mycompany.com</span><br /><span style="font-family: courier;">% The fully-qualified domain name will not be included in the certificate</span><br /><span style="font-family: courier;">Display Certificate Request to terminal? [yes/no]: yes</span><br /></span><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;">Certificate Request follows:</span> </span></div><span style="font-size: x-small;"><span style="font-family: courier;">MIIBfzCB6QIBADAfMR0wGwYDVQQDExRteUNVQkUuZXhhbXBsZS5sb2NhbDCBnzAN</span><br /><span style="font-family: courier;">BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqvvg3/mSs86PF/4EFGmLt+hbmj0YmBM8</span><br /><span style="font-family: courier;">JOfHLJ0lC1uEEYMxe/8+4D+J5vTrR3TgyMy2xkW2eUmZHWnFbWiGDhVE9QrnBGHV</span><br /><span style="font-family: courier;">YcS6eFL1WUMlk1y7PWICX8sBWmig6t3D28pMdvlLQTaLAyn9hiJvm6VPEhK3Pao7</span><br /><span style="font-family: courier;">+kwTpMPP5AkCAwEAAaAhMB8GCSqGSIb3DQEJDjESMBAwDgYDVR0PAQH/BAQDAgWg</span><br /><span style="font-family: courier;">MA0GCSqGSIb3DQEBBQUAA4GBAJ7VyBjaiu2t8IbTeKKBGzPgVqaja4NBTDkl5bHX</span><br /><span style="font-family: courier;">1OUyBJ0Ih02NM9Cq07HtdwaiWXiAcPdqPYOVfLHNM50FuC1e1aag0QgGWW126Na5</span><br /><span style="font-family: courier;">buyLyg3Daf67wymMhAyrKhFTkhGlIO1gJ739c9yPpVf2TUVtjMWNl+Fz6Je52qSF</span><br /></span><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;">97iD</span> </span></div><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;">---End - This line not part of the certificate request---</span> </span></div><span style="font-size: x-small;"><span style="font-family: courier;">Redisplay enrollment request? [yes/no]: no</span><br /></span><div style="text-align: left;"><span style="font-family: courier; font-size: x-small;">R1(config)#</span></div><p style="text-align: left;">On CA server, use global command "<span style="font-family: courier; font-size: x-small;">crypto pki server myDB request PKCS10 terminal</span>" to sign a CSR. An example output is like below:</p><p style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;">CA#</span><b style="background-color: #fcff01; font-family: courier;">crypto pki server myDB request PKCS10 terminal<br /></b></span><span style="font-size: x-small;"><span style="font-family: courier;">PKCS10 request in base64 or pem</span> <br /></span><span style="font-size: x-small;"><span style="font-family: courier;">% Enter Base64 encoded or PEM formatted PKCS10 enrollment request.<br /></span></span><span style="font-size: x-small;"><span style="font-family: courier;">% End with a blank line or "quit" on a line by itself.<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">MIIBfzCB6QIBADAfMR0wGwYDVQQDExRteUNVQkUuZXhhbXBsZS5sb2NhbDCBnzAN<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqvvg3/mSs86PF/4EFGmLt+hbmj0YmBM8<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">JOfHLJ0lC1uEEYMxe/8+4D+J5vTrR3TgyMy2xkW2eUmZHWnFbWiGDhVE9QrnBGHV<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">YcS6eFL1WUMlk1y7PWICX8sBWmig6t3D28pMdvlLQTaLAyn9hiJvm6VPEhK3Pao7<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">+kwTpMPP5AkCAwEAAaAhMB8GCSqGSIb3DQEJDjESMBAwDgYDVR0PAQH/BAQDAgWg<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">MA0GCSqGSIb3DQEBBQUAA4GBAJ7VyBjaiu2t8IbTeKKBGzPgVqaja4NBTDkl5bHX<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">1OUyBJ0Ih02NM9Cq07HtdwaiWXiAcPdqPYOVfLHNM50FuC1e1aag0QgGWW126Na5<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01; font-family: courier;">buyLyg3Daf67wymMhAyrKhFTkhGlIO1gJ739c9yPpVf2TUVtjMWNl+Fz6Je52qSF<br /></span></span><span style="font-size: x-small;"><span style="background-color: #fcff01;"><span style="font-family: courier;">97iD</span> <br /></span></span><span style="font-size: x-small;"><span style="font-family: courier;">% Granted certificate:<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">MIICFDCCAX2gAwIBAgIBBDANBgkqhkiG9w0BAQQFADAtMQswCQYDVQQGEwJVUzEP<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">MA0GA1UEBxMGRGFsbGFzMQ0wCwYDVQQDEwRteUNBMB4XDTIwMTAxNjEzNTI0M1oX<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">DTIzMTAxNjAwMjAzMFowHzEdMBsGA1UEAxMUbXlDVUJFLmV4YW1wbGUubG9jYWww<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKr74N/5krPOjxf+BBRpi7foW5o9<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">GJgTPCTnxyydJQtbhBGDMXv/PuA/ieb060d04MjMtsZFtnlJmR1pxW1ohg4VRPUK<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">5wRh1WHEunhS9VlDJZNcuz1iAl/LAVpooOrdw9vKTHb5S0E2iwMp/YYib5ulTxIS<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">tz2qO/pME6TDz+QJAgMBAAGjUjBQMA4GA1UdDwEB/wQEAwIFoDAfBgNVHSMEGDAW<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">gBTp6GtJM5PvbI3sgyhm0JTXwyp87TAdBgNVHQ4EFgQU8wuU1JkqJ5iCnGNsFDPW<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">eo/WSE0wDQYJKoZIhvcNAQEEBQADgYEAOup/WXtvcJ7piHuWP8kA9IyYaGMrAsMr<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">dDlIsQ2BqexzrQiWKRNVVzUl/33FFD6eIi+UN7ZnQG/CspL2xTI2FRQ5KWBDJC0r<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00; font-family: courier;">Znga3d2ITEWHwpn7yhscnI/B9MFABZgBAfXVFjUkZmV6Mlmjz/E+GDX+G1adnTcA<br /></span></span><span style="font-size: x-small;"><span style="background-color: #04ff00;"><span style="font-family: courier;">HbA6IdsOoFE=</span> <br /></span></span><span style="font-size: x-small;"><span style="font-family: courier;">CA#</span></span></p><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;"></span><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><blockquote></blockquote><span style="font-family: courier;"></span></span></div><p style="text-align: left;">The yellow portion above is our input. The green portion the the signed certificate (for R1). We're going to copy/paste it to R1. This is called "import" a signed certificate into R1. But before importing a signed certificate, we need to import the signer (CA) certificate first. On CA, use config command "crypto pki export myDB pem terminal" to export CA certificate. An example is as below:</p><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;"></span></span></div><span style="font-size: x-small;"><span style="font-family: courier;">CA(config)#</span><b style="background-color: #fcff01; font-family: courier;">crypto pki export myDB pem terminal</b><br /><span style="font-family: courier;">% The specified trustpoint is not enrolled (myDB).</span><br /><span style="font-family: courier;">% Only export the CA certificate in PEM format.</span><br /><span style="font-family: courier;">% CA certificate:</span><br /><span style="font-family: courier;">-----BEGIN CERTIFICATE-----</span><br /><span style="background-color: #04ff00; font-family: courier;">MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQQFADAtMQswCQYDVQQGEwJVUzEP</span><br /><span style="background-color: #04ff00; font-family: courier;">MA0GA1UEBxMGRGFsbGFzMQ0wCwYDVQQDEwRteUNBMB4XDTIwMTAxNjAwMjAzMFoX</span><br /><span style="background-color: #04ff00; font-family: courier;">DTIzMTAxNjAwMjAzMFowLTELMAkGA1UEBhMCVVMxDzANBgNVBAcTBkRhbGxhczEN</span><br /><span style="background-color: #04ff00; font-family: courier;">MAsGA1UEAxMEbXlDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgn+6fx3p</span><br /><span style="background-color: #04ff00; font-family: courier;">Km9VI/kLO32o5SPM184fbWBGm5OWq47B1PP8FfiyrboftDjClAl+AYXrV3mp79rt</span><br /><span style="background-color: #04ff00; font-family: courier;">jifQujen4vukCet/UNC+1U5txG8Y27wf+Zz4LQKlQWfXnXDUyQZ6DBbHCQrYs5Wm</span><br /><span style="background-color: #04ff00; font-family: courier;">9QqpDmq6JSfKaymAfY3aYBqp0SJjlR8+f/kCAwEAAaNjMGEwDwYDVR0TAQH/BAUw</span><br /><span style="background-color: #04ff00; font-family: courier;">AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHwYDVR0jBBgwFoAU6ehrSTOT72yN7IMoZtCU</span><br /><span style="background-color: #04ff00; font-family: courier;">18MqfO0wHQYDVR0OBBYEFOnoa0kzk+9sjeyDKGbQlNfDKnztMA0GCSqGSIb3DQEB</span><br /><span style="background-color: #04ff00; font-family: courier;">BAUAA4GBAEMKnOCtDz9UMP48liWPXBLzImwrr81ARfYnjUk5b9h+3r2xB7t4welr</span><br /><span style="background-color: #04ff00; font-family: courier;">y+bRNQGcBT7tnWI16KMFUmfijqD4NsGFsgxObGJT4eF3IZeLgiRCTmz8HEhP3chb</span><br /><span style="background-color: #04ff00; font-family: courier;">aTRkht8WRNchU+YO1Nds/V/j/vD1x/eaeL9Myqb8Zh4JgTHaB+/k</span><br /></span><div style="text-align: left;"><span style="font-size: x-small;"><span><span style="font-family: courier;">-----END CERTIFICATE-----</span></span> </span></div><div style="text-align: left;"><span style="font-size: x-small;"><span style="font-family: courier;">CA(config)#</span></span></div><p style="text-align: left;"></p><p style="text-align: left;">Now on router R1, do the following:</p><p style="text-align: left;"></p><ol style="text-align: left;"><li>Import CA certificate with config command "<span style="font-family: courier; font-size: x-small;">crypto pki authenticate R1-Cert</span>". R1-Cert is the trust point name, which is just a placeholder for a cert and its signer. Paste the CA cert (the 2nd green block above).</li><li>Import R1 cert with config command "<span style="font-family: courier; font-size: x-small;">crypto pki import R1-Cert cert</span>". Paste the signed R1 cert (the 1st green block above).</li></ol><p style="text-align: left;"></p><p style="text-align: left;">Now you have successfully installed certificate on R1.</p><p style="text-align: left;">If you got "Authentication failed - could not validate certificate" when trying to install the R1 certificate, it is most likely you have Revocation-Check enabled at the R1-cert trust-point.</p><p style="text-align: left;">Instead of:</p><div style="text-align: left;"><span style="font-family: courier; font-size: small;">crypto pki trustpoint R1-Cert<br /></span><span style="font-family: courier; font-size: x-small;"> revocation-check none</span></div><p style="text-align: left;">You might have:</p><div><span style="font-family: courier; font-size: small;">crypto pki trustpoint R1-Cert<br /></span><span style="font-family: courier; font-size: x-small;"> revocation-check crl</span></div><p style="text-align: left;">To fix the problem, set the revocation-check to none. Then you'll have to re-generate the CSR and have it signed again by CA.</p>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-44506113812974679912020-10-14T09:41:00.003-07:002020-10-14T09:46:49.450-07:00Revisit "Urgent Priority"<p>Cisco CUCM (CallManager) has "urgent priority" option for translation patterns and route patterns. At the first glance, it is pretty straight forward. It is usually used with emergency patterns like "911". The purpose is to eliminate potential inter-digit timeout. For instance, when user dialed 911, CUCM will route the call immediately, even if there are potential matches (like 911XXX).</p><p>But what happens if we use urgent priority on variable length pattern (like "!")? Since wildcard ! means "one or more digits", shouldn't the system wait for more digit anyway? Would interdigit timeout happen or not?</p><p>The short answer is "No". If you have urgent priority on pattern "!", and you are dialing digit by digit, the system will start routing the call after the first digit is pressed. Because that matches the definition "one or more digits". That seems pretty useless. Why would people do that?</p><p>It is not totally useless. You may still dial multiple digits with the following options:</p><p><b>Option 1: Bloc-Dial</b></p><p>Keep the phone on hook (do not get a dial tone), enter all the digits you want, then hit the "Dial" button. This is called bloc-dial. You may pass all digits to ! pattern with urgent priority with bloc-dial.</p><p><b>Option 2: From previous hop</b></p><p>In large-scale dial plan design, we usually expose translation patterns(TPs) to phones, but not route patterns(RPs). The intend is to use TPs to do all kinds of digit manipulation and class of control. Then pass the manipulated digits to RPs. In this case, TP has no problem passing all digits to RP (even if the RP has urgent priority).</p><p>Let say, you have a two-tier dial plan design (TP/RP). You have emergency TPs with urgent priority. When those TPs pass digits to RPs, it may or may not experience interdigit timeout depending on your RP setup. Interdigit timeout is evaluated at each hop. If you use RP ! to catch all digits passed by TPs, you might want to enable urgent priority on that ! pattern. Or as an alternative, you may enable "Do Not Wait for Interdigit Timeout On Subsequent Hops" on the TP.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMTOjkN6GMGWqQZkSPhAoFFlefjCX02LEc8khEiq9-tnOJbB-mT2svt7mSBEHv2loO9rqwTKlhdvM_DysS2bOMiKi1dXVqSlQW3w-vODDQdumIV-sBbJiPkU2nUxHoLqeA8ThI9BTIuT-/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="102" data-original-width="371" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMTOjkN6GMGWqQZkSPhAoFFlefjCX02LEc8khEiq9-tnOJbB-mT2svt7mSBEHv2loO9rqwTKlhdvM_DysS2bOMiKi1dXVqSlQW3w-vODDQdumIV-sBbJiPkU2nUxHoLqeA8ThI9BTIuT-/" width="320" /></a></div><p><br /></p>Another interesting topic is the interaction of urgent priority and "longest match". Take a look at the following patterns:<p></p><p></p><ul style="text-align: left;"><li>7XXX</li><li>700XX</li></ul><p></p><p>When you dial 7, 0, 0, 1, 2 digit-by-digit, which one will be matched? At the first glance, 700XX seems to be the best candidate because it matches more digits. Enable urgent priority on 7XXX seems harmless for this dialing string, right? Actually not. When urgent priority is enabled on 7XXX, you won't be able to enter the fifth digit. Once you entered the 4th digit, system immediately routes the calls. The only way to work around that is to use bloc-dialing.</p><p>In summary:</p><p></p><ol style="text-align: left;"><li>Interdigit timeout applies to digit-by-digit dialing. It does not apply to bloc-dialing.</li><li>Digits passed by previous hop does NOT equal to bloc-dialing. For instance, urgent priority on TP level does not necessarily immune to interdigit timeout at RP level.</li><li>Be careful of overlapped patterns. Using urgent priority might have side effects.</li></ol><p></p><p><br /></p>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-36203040089754304762020-05-24T11:24:00.002-07:002020-05-24T11:58:51.020-07:00cEdge - Single Image Switch to Controller ModecEdge is a Cisco router acting as SD WAN Edge. Cisco's road map is to replace vEdge products with cEdge. cEdge can be on ISR, ASR and CSR, as well as their corresponding virtual variants (such as ISR 1000v, CSR 1000v, etc.)<br />
<br />
When the above devices operating in "regular mode", it's called "Autonomous Mode", which is your good old IOS XE command system. When they operate in "SD WAN mode", it's called "Controller Mode", which is Viptela-like command system.<br />
<br />
In pre-17.2 versions, you'll have to load different software on the router to support different modes. Since version 17.2.1r, one single image can support two different modes. Please see <a href="https://community.cisco.com/t5/networking-blogs/ios-xe-17-2-1r-single-again-and-ready-to-mingle/bc-p/4091398">https://community.cisco.com/t5/networking-blogs/ios-xe-17-2-1r-single-again-and-ready-to-mingle/bc-p/4091398</a><br />
<br />
I put CSR 1000v 17.2.1r in my GNS3 lab. It boots into autonomous mode by default. I tried to switch it to controller mode with no luck. I was referring to <a href="https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html#d17982e2074a1635">https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/install-upgrade-17-2-later.html#d17982e2074a1635</a>. Also <a href="https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-2/">https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-2/</a><br />
<br />
I did quite a lot research. However, this version is too new to yield any helpful resource online. I finally figured it out. It's a documentation issue.<br />
<br />
First, let's take a look at Cisco documentation below:<br />
<img alt="" height="264" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA80AAAGTCAYAAAASrfBbAAAgAElEQVR4Aey9S6h22VX3a8Pb5wUFQW2IKNiwE7QhImhDO+IlDe0FgyJ2oqJROMUJoohBEDshksOHZRARQsBOUFBIWmKMnmMSG4EUIljBC8YLSBEUyrvPx2+TX51RI2OutZ5n3579vv8Bq+aac47rf4w555p7v/W+n3UKBYEgEASCQBAIAkEgCASBIBAEgkAQCAIjAp81jmYwCASBIBAEgkAQCAJBIAgEgSAQBIJAEDjl0pwiCAJBIAgEgSAQBIJAEAgCQSAIBIEgsEAgl+YFMBkOAkEgCASBIBAEgkAQCAJBIAgEgSCQS3NqIAgEgSAQBIJAEAgCQSAIBIEgEASCwAKBXJoXwGQ4CASBIBAEgkAQCAJBIAgEgSAQBIJALs2pgSAQBIJAEAgCQSAIBIEgEASCQBAIAgsEcmleAJPhIBAEgkAQCAJBIAgEgSAQBIJAEAgCuTSnBoJAEAgCQSAIBIEgEASCQBAIAkEgCCwQOPvS/PLLnzi98MLbTm9605tP73//BxZq94eRP/Jg7z7oHe945439+9D90DrJw23zcYnP5q/K4stb3vJjN/68+OK769S9v4vDfdUMATyEjXsH6o4NgDe1wJq6K0In9WMtqf8jH/no60zch+3XGbhl55Of/LvTe97z3tfF8fa3/+JNHb366quvaTcO15Qtey3y6DmXsIOeakcdYMscPBMxh91O7pvTHLw1DtbKROi4y1qZbDz1MXFcYXjf8d3nPmdt33cMVf99xqOd+7bBHuD6A8NL9gR9fexWrGifKhkDa/VZoWepxp6VnCSO60LgrEuzG7YfsrfZ8Nho6uNBWsd4nz747gJCY7lEF77eJvZLbG7JvPLKKzdY0j4kmSttsuGCDdgy99JLLzn1IO1DHGIPYeNBwDpgxFj3WFmj5PuuPuLe977fvqkjLowf/OAf3ujmssxFzfpyX7hr23uxnjPveiAOsHRNEB97KI9rljliI0beOy9z/QcGe76Yv2kduoejVx/UB/9kz3iU7XLIGwfyNT5107I/8DwrdNt4zFPFQxyZewzSJ/y4a0Lnfejd8vM+49HufdvwB13sA6zRaf3py7W3+E4NPOUY7jvfj5HDZ6nGHgO/2Hz2ETjr0szHHxs2mx0fRWwad0Xo43ko4kPnEnt8pN917A8V833buY+6OMfnhzjEHsLGOTHfJ6+X1/u00XV7YePwnoj9h/W3+k3nJPNYY36ATB+GrhXjsD/tqew5/tYYvqPkJZc8VtKWP4Tol3Hz7g8mlJWfH2Ss9kB1u79OebztJVN/rqUlN8R0KYl3lRfHqR4q3329P2v73EPEc982XFP3lfPoPQ+B+873ed7cDXdq7G5wjJZnF4GzLs1+RN3Hgc5HGM9E2PMDFB5/czPx9jF85mPP344gy4f5tDnwkdntIGvcbpL6SsuYxDv6nccGtioxxsOHqj4Rn7rh9wOZeT6oVjGod8qHvqFXO8auHG3XDS8YgMUeVQx9N3Za/FoRdjteR+2is8riM32ebvdofOIF/uYQvTX/2p1sVH+Yr7FwaXKs4+EHsz95h49LSa1D3jtextz1dT/Iy6oGe6zISvjRH+emFl5sSbWOmQPTql++3lr700VTXvNjv9vu63jKI7Idq5ozdXfcsTXxyV9bc7i1DuSf1rBztM6j8xwidvCqVGuOeKjxSuSAp1KvYXSiu5N+gu0qfuqk1krXYf8o9sSAPeOivyL4mKdG8IF3nr7OkSdmxokTnl5HxqoO2iNxVd+qrO/Mq5uY8ME59Pe9udc7uZniqXbre10HxEhfnPBD2rOjn90/a4d5SNzVSzvpxodOfV+hTie+LjfFc7S+0MV57d5ELnjv+2q3gX5l2NMhxsDBmkLX3n5iLVgDtLXO9uoUu+rAZ/GvOm6cK/85B5si9torWLhPTzHqT81dzy3ydV7le7rhO4IJfJfYnNYIeoiz/wBSrFnHlVwr4AwdqS908WBLbPWl6l69b+FmPlY11tcnfjCmTyubjqPf8wAbU271gfjQCx9tKAhcEwJnXZp13OKeNjR5zm1drF2OzYQ5Dh/eWVBuOHsfkGxIbi5sWvjN4cVG46GlPTYAxrRTeRmD2Ij9LQs+wMMYpE/awU83Cd4lNgHtGw86wFIMeEe38tUvZIiJMW3Di2zNB314sId95DzAlQMfxuAjLvTIV/Xre2/d2BgHv46NB0KXo6+seE1xTXKMiQttjQ2fiZs4oHPiQw4swFYs8M1xYzFP3QZ8xoK8dQcukNir52bwdLrhYw4yj+giNvraIzbzRMziV2vr3BrER3BHh5jS1xd9xg/jvZkc/oPP+ARRX+KGPmTVX2u0qwGbqqfPr/pdxvVhHsVQ/9AjVrWGxNicWT/o38rtyi/iRpYHe+Dc86+svFv4WFPKHGnF3TWPDHkVC1rilsxd90MMrTf71ovyNQ5iRTd+V8Km9ut4fT8He/DFDnHhX/ep6tVvfOIdf13n5EjyPECvdQSf8eAfj/Fim3drRz17LTLTOlOvtUMfP7SvXv1Eh2tNPsb2yPqo6wA57GAbu9ARO2CPDDhVwh/GrR1yT19Sd8Vav2pOiA85fcU3c9dtqtvWvBvPOfU17RXGQGxStVH113pUF/7iC3PEzYPMRNZZrRPrbMIO3eijxtWJLbBjHPzom4/JpvFVP9GHfN1LJlljNE81Rv3WHzCD3HdqHVsD8sB3RPdRTI7a1I8aT18j4GxtioljjPc90DzAa92on7yIf80RY+YVTJnTt1pj2q/tHm6X1hix4dcW4Rt85ha/qz/KWhNis1ejyqUNAg+JwNVfmllAPG7+gsNmzkKsm4pzth7W9WBjjk0VWR6JzaceMo6jHz43JRd23cjV1+2gg42ibphuhuip5MbZdehnjf+IT8j1eJTTd/HxINMfN3s2ti0yFnkmbJyrLfqRJYeV9K9jUHnEmnxVQifxErfYnhMfctRZ/yAwL+bffrchpvqEHvSRf8iDQz2MGYvxil+PTZzBR+o56rrko13VYM27+rAladf+Vgt+yhqHcSlHv485R6vcXt1VGd6rbfsdQ7AjR8QpVp0H+8Sgj7To3stt96f20Ykd9PjQr3UAv7F3W1XXOflQrtedH4o9RmtBfvypRC3XfUw91re8PY4JQ+KwVpTr7SQHT19XjIHrdEZ0nfTBF37jl4c4GJfMWcfBParuXcjtxaPeqZ3yKo69Rj339Iv5vs9jQz97nVX7q3Uw7aVH7fQ6wR7YMi71eMXaGpSPfQBe/IHQ0fFgXEyojRWZd3E7Wl9iNOXXmtE/bYC9cx1/9FQs8BcbyPb4eywdN+bFzriUMf/WqfU0xaGMLfHAp6zj6uxrx3la8ep5wj46ldUf4obsO69O+o4d1X0uJuo/x+a0Roiv5ta91Aui9Wkc2rXOtU+LfvaViiP6Gat1Ih9zK9Je1QVvzwlj2qi6xLPaZR7/j+x9YMKDr5Vct9QVZA1sxVLl8x4EHgOBq740u4j65g1QbgTTnEC6AfTFyrxz8rL4t56+udtHnvctWeakbtdxdRBzJWT7JiIu+tD7yB+R05eV791u9Yt35R2f/HBu1ZIb5DhgPFyMa5IRJzfayuMc+iD9OxIfPP1QQYeXA3yDVjamGvOwYY6n2/DQUHaFn3HcOFD+gz5zpF+rWBmXjuiDd8WnntpWX4jHgxLcyK0fDFWmvxu/WPf5Vb/ahke/wZ+DvR/2YjXVULWhHvNT52pu6/jqHR3WONjgM5cdfTN2fFuR/jhvHOjqjzy9fv3Q0a77aP2Aw79Kfvx13/TH9YbMFIeXJmsAOZ4tUvcR7Hv+t/SKWfUZfu0pi078ngh86tw59id93TY8E46Md/973nu/56zaV9e0DpwTp66397XjHm6urb96Tvd40VXxrD76Lh7dbu3rqzK17fHow159KTdh5FpyTl7XN+umkzzEy/uWz11Wn+v4Fna1TsUPm+cQ+CDr3oW9LR3GJyYrW90f7OAvz+rMOKr7KCa3tak/5tB6cG8lDvZ414B7rHyukYoRusBO3eRcmvLPHPFWPvlt1bWXE/gnGys8wW/Ptnmu61+/PHuckxd/Q0HgWhF4Epfm1SLaW7DTBmAi+pwbAwt3etzgpoXtpsRmOMkyJnW7jquj8jI3xdh96P2jcvqC/PS4+etjb5V3fPLDud6iW3mx50OC91W+0bHCaZpT/xQbYzW+Lbs1B92+Nnp8kz9+UHLYQByo9aK+wm9lY/LrNjVY9eHfyu6N8+0/XZYYOQzNqfMV86bitR8sYHeL0AFWkrrt04KD/jMP1n409BxWufqufB3z/agO+Xvrh5P5X+W+yomlY+xJyE2PPLTEzscohD36leiLOXz6JI923QMd9zJNXUtTHI6pF1vaU66352A/5b/rs7/KW7e3pfMcXu1utV0fvGKGv5W6//hJfqYaYKznbEvX1txRO6xNeKlvyDqv677Hu4W1PokHtbaK1X1Vmdp23LoPK94uV/n0yRzJyxoipunSjDz7EGtBPlp1VP39ffJ5C7vK333tunuffCmPDWrMfWDLVzHA3hZN/uydGUd1H8UE/25js/vDWsO2+JBXL4R1jyX3YCnhg98GyMvb4zAfytl2Psdtu5+OT+1kY0v/1hz6pzxXu1V+j7fK5T0IPBYCT+LS7MZTQfJwnubkcwOYDlPn5GXx9o9J52o7LWw3pdUhWeW7XefUgf5KdVNxvPvQ+/AdkdOXrQ8rbU6t8s5NfjhXW/LBgeLHnnNH5MXJC5CytM6hB9K/I/GBlx/1VacHoReDlY2pxtCHXufwmT51Yv3WmlnFbxzVL95rjvWr6uv89o/og3fFp57aVl/quO/4Rc731hjz6NrKGTzokvZsg6sffOgVq6mG1Elr/OavzvXc1jnekcHOVj7wWzxWuVevdTjVqDyrlj0SW9actSy/H2z6UH12DPmtx3zJT+yVqg1w5dmic7DHrz192jL3+FlJe46hs37YOk7r3uXYOfaVqW23zdwKx+4/tq2hqvPIu7qmdeCcOJ1jB3/Ejrb71+Pdwto4xKPXrvN7bY9HH/bWtnITRv5AwLnKS8zExZrbItaNe0ldd5OMPte5LexqnYofPu4RmChr/pE5oqNisGXniK5+ZhzVfRSTyb9zbOpPxYi8kyfjszbcg8EW/+p3K/zg3fMPH3PSlH/mOp/8tvqpL45P7WRjC8892+JQ49Wu55Fz8uJvKAhcKwJXfWkGNDYTnn64uQltbQQeav7U2yS4WFnwkgdX3QCZc8NxQ5sWtvrqBoesh0/9aJg2pWqn2582pe5D76PviJz49E1KfXsfKD0W5bo+/Km04lv5U2XFul8ewNoPFfRDK33ar/GBFw/6K/X829+zwceQHx5VHz7iO/Xb61q/On4dZ/XVHIvLbWqw6sPGyq72a1tl8R/ZvmaP6GM9q6vLY891XzGSn3nksWN+9LHmTax6DYm/dbGqn1VutWVLrslxrynmuw/arnGpBxy89E+65Fu1FVOw6ntmn/cCjD6wQIb9Dx/70/OxioMYwAJMyA/PFp2Dfc3/lk7mah1U3l6bq/NArIhbOse+MrXttplb4dj9X/kpn+dWted7r0HHyVXfS8+xY02ov2KFjR6vuntty2c9Uj99z6z65DOO2ooHuEJH68sY8KWTa9J9qtpATn+NC//Qg+1Kq1xXHt7Fo46LnXE51+v0qA3kV7wrzLRJK174VUmd7q32wQyiJT6xVLbGfFT3UUxuY3NaI/hs7dOSf0nfnSd+ado/5Cd+qWLhGO0kX+fVtZcTZCYb4omeStZD9bHO++466LkVC8+jXhPKpw0C14TAnV+aLXwW8jkE/yTj5s8hzgcAfT/k9hZr3dhYoPjGQncRV3tsCI6zmcLrou524MMf+Yiz+oSP+Oqhii5p2pSYQxf+VF7GGev24WEcGaj3j8qBjz7iP3oqPn2TuzFW/tNjmfwo7K+98vGA/+Doxzj26de4XhNoL27itBVr5fEDOic+7OoTGKDD/IORNOVpwrB/dCqvTuaJudIKv46zMvhba+O2Ndj1eSii11rTdm+rrGsWXMyvcVd/uw77xgFG5gI94tBxq7apLeqAR1lax6xpbdQakqd+HJyTW/23rXsK8ZNfsOG92zL3+MV75QUH+MHgUgIjn64DTJzDluQ6rfXvnK2y+AcZx1Qv+K+dI3VwFHt0HtGHf9P6Zdzaugmi/IVjxIUMcdW8WUfwux/BZ47EAd/2aFpnynccu/+1xqqfRzHR97oOwJ240YEf0Dl24EXW/FFHlTrWVbdrVr/qWrd+qFHeWUvydZyqPd47bozpn2sO2+iuccNX9y7PG2OodruNGhfv1ab7AXHoh1jfMA7/0Wadqvsd9tEx1emqnqou31337jnIgpE1UWNWprbwgmGtKWR5xKH7c/TMOKL7KCZHbVpjNZ5pjYCBOokfXytZW+BQyXHzRyte5Fya8s8ctia+mqcjuKFrslHr2PXpmui29bW2YlLXrf5Uv3tNVB15DwLXgsDVX5oBisXkxsUiZfHVDWELTD5uXKDIstmxiF30VZbNATtsWNVO/UCCn4OubnTqwCcPQOTRhe+Vpk2JeWSR6fyM1Y0F3r659D48R+TgEx/jIXbw6h868HbqsUx+dBn75KBj5WF9JLfw9Dy5OVcMj8YnXujtWNT8T3livsqhi9z7gWDMtMYID/5WWuHXcVZGn+3T4kfHteIBz1F9xFXXXbXT37svxKYd5lyzFcuuo/bxua5FdNDvmCHTbfd1vKrpIzk7J7fVf9/JN3uNNSUWjFUszD3z9SGX8B5Zj9qcWnMBhhM5jy3JWme/2yL3V/iMA9mJtEO7R0ex7/nf0mtMR9YEmBOb+4x1VPOGLerNNWdc4oBve4S+vs6U7zhO/vd6P3etodMYlZ320nPsWO/g0skaqOPqtvb1o/Lw3vcV9O/VJ3ITbkfrC3lsmGN85L3vRZMN80g81BM2qSnxQRe57/XY46Y/4cb4kTrVD3w8QsRW48VH7ODvER3w9BjJsTT503NrDfT1tqcbG0cwge8cm0fWCDrl63XpPklbqdc+uIMP+XY/gX+Vf3Iy8fU8HcFtZWPyEey67RpXfSeeuseZ285ztL6qXN6DwEMicNGl+SEdjK0g8BAIHN3878IXP5ruQld0BIEgcJ0I+EF+nd7FqyAQBILAPgLsY1y4+UFEJX+IUn/QWufzHgSeRQRyaX4Ws5qYzkbgIS7NHD7+UUzaUBAIAs8mAvxmZvpt5LMZbaIKAkHgWUXAPxXAfuafJvJ/ZeC36v0y/azikLiCAAjk0pw6CALDH/G9D1C4mPPkJ7P3gW50BoHrQYAPTZ5QEAgCQeCpI9D/eDWXZf7EXC7MTz2z8f9cBHJpPhex8AeBIBAEgkAQCAJBIAgEgSAQBILAc4NALs3PTaoTaBAIAkEgCASBIBAEgkAQCAJBIAici0AuzeciFv4gEASCQBAIAkEgCASBIBAEgkAQeG4QyKX5uUl1Ag0CQSAIBIEgEASCQBAIAkEgCASBcxHIpflcxMIfBIJAEAgCQSAIBIEgEASCQBAIAs8NArk0PzepTqBBIAgEgSAQBIJAEAgCQSAIBIEgcC4CuTSfi1j4g0AQCAJBIAgEgSAQBIJAEAgCQeC5QSCX5ucm1Qk0CASBIBAEgkAQCAJBIAgEgSAQBM5FIJfmcxELfxAIAkEgCASBIBAEgkAQCAJBIAg8Nwhc/aX5/e//wOlNb3rzifap0jve8c6bGJ6q/0f9fsw4qRHsn0uX1telcpf495a3/NhN/bz44rvPFf8M/pdf/sSTX0+fEdQjD3zkIx89vfDC225wpQ7f977ffp1H1grY35bM3yW1flvbl8rr81Pew2vsR+OhFnjugu6yhu7Cn6es42j+HivGu6ybx4ohdoNAEAgCzyICV39pfuWVV04ccrRPlR7zMvmQmD1mnHxoXHKRuLS+Jjk/bO8K809+8u9uPrqJizXw0ksv3Vr1Y38wap/2XAKHS3J8rp1z+KcccYmuZF1cEnPVw/urr756UwvYfSpkzp+3SzNx30XOyfNd1tAldXObtcfefE25v6Z6nHC9y7q5JNeRCQJBIAgEgRmBq780z24/rVEOxrv6jcM1R/6YcV56ab5LPPkN413m+T4+7u5D5zkYcvEHI/w4l97+9l+8ukvzETwf+8JzLs53zX8Eo7u2eZ/6HiOex66hS9ceP+RhvefSPFfkpbjO2jIaBIJAEAgC94nAo1+aOUzrH23kj6DW36JMHyhdhoOn/xaOw/o973nvyT/aSkuf8Ur8xvAI3yU2iQu/6mXSS0P/bZQ8/Y924hsfHfqNHPEyxjPF7kcKPhu/vtTYz3knJ+RGu+hDfyVjqGPkb0/OHNNWQj/26nj3A5uMwcf7uaRtY7FPnsRe3Vt1KS613fKlx9HxFMuqTxx6bZtb8dqya3zw8iCLjW5fHUfXBz5Vfejsa3krpi5b61qfKxbmmpaHdWGti9ORtaI8+eBdG9138aht5VeutvISG+P6xfiU/2l/Ukdt0YVtiT42eMTAmpBn1R7J20r2KHbmD/8kfbZPO/GdU+sdU/wzrxUvbOGLtS+e/QyBj7G635Ij9/AaT43Dd2yiWxIv5LVNvvb0IA8PupDFB/Nc14l2aI/UPnx769ucYNtHLHtumK/rRp+VozVW3/1BI33oaD0q37E8soaMSV9uDJ+BGTZrTUw5uA2uvW6O5Ake47JGwIgHfayDUBAIAkEgCNwOgUe9NHPAsalz0LLR++HLB4GbvAeBBxw8VaYeYPBCHLweahzKjHuAM848hA1s8Xzwg394wwc/fT5q5Dtq0w8hbaJT/fisb/p/M/BpfxnjQUcl5MEHMgbxInYPWN4l9CDHnLiKB4f5uTThhA/YIYeSvtgXN2zzji815/KZY/PnuPE6jh/G1vPFOPbPJW1bX/bBD1/pm8eaG/mqnBgzx7OiI3jCg10xRh/1ONW2/uEz/Fuk39aHeZnyOfk5rY+VT64H9EC05t/8IWud1LquWMKj34zzrk5yTiw8xkKNWztVp/VZ1wpj+MkzrVvtTJgy13OEb8aojL4wJw7467pg3Bwytke91umbz3PXu5gYOxiCBfr29oqj2BEfPrpWiK/3Get8q7rCNx50SOTCcWvLWoUPXyXzY8xgZv3X2jC35kk+bdd41F1bsXWMPrLga61ql/4WWUPI43/Pc5U3PmufOX0hJmkLM3wE/621px1xxI45QI76EUN4ya81RU7gBVtjwS/9rDqnekQeWeZqvh3H/op6ncFnLHuYEaM2eMd3/GCMPoRtcdA38me88ugH8ry714jBjbIzvlPUhx3xxj59cAoFgSAQBILA7RB4tEszBwQHDYdUJTZ+Dg02e8iDwA8UPx48YODhkGKcAwxCFt3quBn89Di60Qn5wWJfPvQgz8EN3camcaJPwgcOMsmD2IPbDwtljYN5ZCsRe8eRvh898hqTODp+pBWnijly+uMHCr7VOImRx3ltgSt85ssc9zyIu+MrP8x3x0Z7W622xcV+r0t91hf5lMNGj39ldxVHx3OyYazWhDaslYq/c7VVJx9qnfTf+tNPY5bfWnJ96FPFAl70kP9qq+cUPsdqffU1DR+x9Rzrc/dRLPWZdloryluL8osTerZIvhq78ShnXx/Bta9PeMXVj2/le9txoN/1qav61fWAB/GbR+eV7TXmvO1R7CaM8Ln71vmsq+7HVOvWaq0h/FQHvkLKdp3MUaf1ckHtdlzh01b3/8ZA+Y/4OGS/+mhN6p+8vbWGeq6Q109kjG/SR3zgjgxkHNalNs1/tdVrDl5sYLsS9vHVGHtO5UUfsvrCOO/orHYZ15+aM+Xdq9QrTltrqPt0DmZiPfntXoF+4ug+EBd+iw0+r3BlXDqaJ+OCv5J2mQ8FgSAQBILA5Qg82qXZw40DcYs8COCH7PMxw2GAfD3A4OHA4tDp490OPPWDvs5zODp3W5v6o34/5Dw8OWyJhw8AfPLjQL7+YYAefCJ2ccSGhI7al59xcZT3SLuFU5WvcYpZ/wCC348U5+SlrWRsjm/5McVcda3etS0uva9c92Xiq/ErN7VbcVT+LRtTbftRXHX0d3VaY3XeH974sbflZ10fxj355Aefcx1H7OvT1pqGb8qxtmsc/R39q7WCPLFMhD88W6Tv1g+8xqicfXgh4th6qi511Lbj0PvwTn5VHf2d/CBD7tmP0Lnnx1HsJl8m/Z3P3Fo71ede6+hzv658yFZ8zAVjqwd5fXGPqjqdO4IPNiTjsW9b/XOst/rtmVHnzRfnhHzTuep54hx2J8zQXdc3/clHbaGDd3DptMJq0ldl9+oR+X45RN4z1Ats1el798k4xEU+2oqZclNNVJn6jj/Iocf805cmHOSrPEfypH/EU8n4qt06n/cgEASCQBA4hsCjX5r3NvLpIODDwYsmhw4PfT+u+qGzgmI6sOTtOm5js+vyYPdw4wPFg5iPdPghPgrqYUl8fiDhu7w9jt5H14Sjse61k75Jpsa5Z6/qlJe2Uj/sq0zl431rrvPWvrbNRe/L232Z+Gr8yk3tUV/PtXHEvjppOzknFlt+Vlv1vevsuPW+/HvrC77Jn5Xto2sFeZ6JVrorb8eMOWOUz76YEwfrmv70sD9sUceh95Gd/Jp0grtx6he+8Y7fW3QUu8mXSX/n06/Jhz43YaBcnTMXXGIm7BmDui/q2purfN3H3pe3+udYb/W7j9N3Dp/re+ftMW3Z7b6ueLlock5xhsFDiw9St+n4St/RekS+2lEv7Uq3PN2no5h1OfVNLbhwPuOL/thHj+Scfdqj2HfelX9b8VW7eQ8CQSAIBIFtBB790jz9dLe6vDoI5OHj2EPBny576HiJlre3HFj1Ulrn+0/a69y5NvWn6vDCa3ziwOUZv7BB62UaWfTgl78JVF8/eHsfPu2sPjTUNbXoW+FU+Wuc2qv+y8uHUY1NXho8F0QAACAASURBVNpK5tXxLT+mmKuu1bu2xaX3leu+THw1fuWmdiuOyr9lY6rtI/bVyaWh02P9prn7Ma0veKYcr2Jm/Mhaka/7QJ81yrNF4mn9wGutKGcfXog49vQqO7Udh95HZvKr6wJn9zl9OyoL31HsJl/wuWI22TW3R2odfas9quJjLvoe2rHR52n/cq7733Xov+O973j1z7He6jd7Zyd/kMoPW+TzPKm89bemjG9hZl0of8RH7PsnS8R3hdWk75x6RP5af9NszPhXfwBmbpiXJhx6ncCzqu2aJ+32upzsaj9tEAgCQSAIHEfg0S7NXpz6wefG7wXYvgcB/M7VMOvh48dBvxh4eHigowu5eoihkw8Oxv1guo1N40RfJXRrg4NPkt/56hv8HKiV5K/jE1/HserYexcnbFXycPfDwL48xMXTP3qNzQ87fev54mJBLGKw8sN8Vwz0Ya/VtvXV+8pbO/oy8fX4le3tKg7lxXOyYawdK+sAvLZInWDb89Lt66cxq7evD30SQ/mIo37UMd5xZAw7e2savqmu9VmbthOvGCEjKd/xFKfJL2Vp5auxG6N89sVxhat87k/K97bH1vsrv7qeyXd4Vvns8kexm+zgMzhUAmvGxVI/em7MI7ySmPY9Sh3mXFn7ynthqz/MoHandaIt/VRHb8XH8d53fMqfc7bWRses+72KDz1cvLDlujcO61JbfX0z3n1kbRNPz03Pde9ro+tjfMVrDiveyPP0fIvT1hrqds7BbKqJngN9wE6lCe8Jh14nkxx6e556XNpe+eN82iAQBIJAEDiGwKNdmnHPjyQOBQ4ADjoOJR4Pw34QeOFSBjkPFQ9VDjE/EOBHhwcH4340+FGPPebhg18f5Dtq00ueNjns1cXhWMkDj/H+Ya4eZCs5rq+06ueglaaDuOMo75GWXGiHmNAl5tX3ftgbI36TW/rmvPrrRwc2iIlHXcSCPciPG/j0w3xNMR+JrePS++rAp+rLxOfHHTHCD8mHrHQUT2XVhfxU29YZNqod7dVWnWDIWjAv5hM8paPrA37XG7FjA5+sV/qSOSS/xIWNI+sLeX1Ezo9i60T9ttqGF/u01nCtPeXBbVq3+LdF4ol+ifeaB/viUPPPHONiUH1TX2/RXfl6H/7Jr66H2JAFF/BEhvzRZ7zG1GXpH8Vu8kVZ4saO+0K1e06tV0zr3oA+noqXthhjTyJ26xdfJddzXyfn4qM+Y7Zv2/1zvLbWELZZB91v+lKtJfm0XXN6zvqe1p6YuW5WOOIz6xHb4jvFfE49mld093zj1xZN9XgUM2LEdq0JcWAOqjzgzwP+1o0YwDvhaq6M4WieprjQYe1Uu+JXx7SXNggEgSAQBGYEHvXSjEts6H7gspFziPABJE0HATIeVPUAU4aWD676AciBRZ/xShxIR/jOsemBhI8cmB7I1S7vHqIets77UUdbCVw8ZI0bfDhkeSTmap/xCUf5j7Tdth9BVbYf9tqtPk9y8KFfeXPlx0c92CsfcVovYN1jrr6t3jsuva9c//CY+KitGiuy8uFrpSN4KovtSr22xVT8Km9/Vyd1WeteHZ3/6PrAJ/xED7HW3HSdrAdrH3+gI+sLzFz35noVc8cXOWzBryx2lQcPdW/53mMRz5oj3mu+7RsrOvRPHMS/70/dHn101xh6H57Jr0nXFLeXlxrTJHsUu8kXaxjfeVg3W3wdJ21Xv8RUneST+CZ8iK3nu+ZHvchb0+5L5+Kjrsln5ib/lLG1hlYxymfL3lnjEwvnbY+ub+yqz9ozh+JT86h+WnyRx5paxXy0HpVHn7rNz94amupMP40R/SvMuo8TX/eLPc9arHU24TrVyZE8reKydqpd4uOpYzVneQ8CQSAIBIHPRODRL82f6VJGgkAQWCHARxYfQdPHDh+PfMCFjiMwfaAel36+Oe8bu3NqnQsJ64LLRSUvuFxaQs8OAl6an52IEkkQCAJBIAhcOwK5NF97hu7JPz94/Ynz1MLzFMmfrE8x1bGnGBu/ReE3Kjz+sUR+k2M+uTyEjiMgbsclwikC943dObXub9n4oRHrgT7rgx8ksVb6ZdoY0j5NBNjHn+r59DQRj9dBIAgEgSCQS/NzWgP8FocPy60HnqdIfCBvxeXcU4wNn4mv/tFqPiD9461PNabH8vu+L36PFddD2H0I7M6pddZ1/d8j/OO6uTA/RDU8rI1cmh8W71gLAkEgCASB0ymX5lRBEAgCQSAIBIEgEASCQBAIAkEgCASBBQK5NC+AyXAQCAJBIAgEgSAQBIJAEAgCQSAIBIFcmlMDQSAIBIEgEASCQBAIAkEgCASBIBAEFgjk0rwAJsNBIAgEgSAQBIJAEAgCQSAIBIEgEARyaU4NBIEgEASCQBAIAkEgCASBIBAEgkAQWCCQS/MCmAwHgSAQBIJAEAgCQSAIBIEgEASCQBDIpTk1EASCQBAIAkEgCASBIBAEgkAQCAJBYIFALs0LYDIcBIJAEAgCQSAIBIEgEASCQBAIAkEgl+bUQBAIAkEgCASBIBAEgkAQCAJBIAgEgQUCuTQvgMlwEAgCQSAIBIEgEASCQBAIAkEgCASBXJpTA0EgCASBIBAEgkAQCAJBIAgEgSAQBBYI5NK8ACbDQSAIBIEgEASCQBAIAkEgCASBIBAEcmlODQSBIBAEgkAQCAJBIAgEgSAQBIJAEFggkEvzApgMB4EgEASCQBAIAkEgCASBIBAEgkAQyKU5NRAEgkAQCAJBIAgEgSAQBIJAEAgCQWCBQC7NC2AyHASCQBAIAkEgCASBIBAEgkAQCAJBIJfm1EAQCAJBIAgEgSAQBIJAEAgCQSAIBIEFArk0L4DJcBAIAkEgCASBIBAEgkAQCAJBIAgEgVyaUwNBIAgEgSAQBIJAEAgCQSAIBIEgEAQWCOTSvAAmw0EgCASBIBAEgkAQCAJBIAgEgSAQBHJpTg0EgSAQBIJAEAgCQSAIBIEgEASCQBBYIJBL8wKYDAeBIBAEgkAQCAJBIAgEgSAQBIJAEMilOTUQBIJAEAgCQSAIBIEgEASCQBAIAkFggUAuzQtgMhwEgkAQCAJBIAgEgSAQBIJAEAgCQeBJXZr/4A/+4PQLv/ALp1/+5V8+fepTn0r2gkAQCAJBIAgEgSAQBIJAEAgCQSAI3CsCT+bS/OEPf/j0pje96fRZn/VZpy/8wi88vfvd7z79/d///b2CE+VBIAgEgSAQBIJAEAgCQSAIBIEg8HwjcPWX5v/5n/85/e3f/u3pO7/zO28uzFyafbg45zfOz3cBJ/ogEASCQBAIAkEgCASBIBAEgsB9InD1l+Z//ud/Pn3bt33b6Qu+4Ateuyx7af7yL//y06/8yq/cJz53ovv/euH/PuUJBqmB1EBqIDWQGkgNpAZSA6mB1EBq4Dpq4F3/z/8+fNe76kvzSy+9dPre7/3e8cLsxfnrv/7rTz/3cz93OODHYGRhhIJAEAgCQSAIBIEgEASCQBAIAkHgOhD4f/+/jxx25GovzfylXz/8wz/8Gb9d9rJMy//j/O3f/u2nr/mar7n5C8L4S8L+/M///HDwD8X4rnf97xNJyRMMUgOpgdRAaiA1kBpIDaQGUgOpgdTAddTA0fvg1V6auQDXC/L0/ju/8zun3/qt37r549vO/8zP/MxVXpyPJiR8QSAIBIEgEASCQBAIAkEgCASBIHA9CDzpS7N/Edif/MmfnL76q7/69Nmf/dk3F+2f/umfPv3DP/zD9aAcT4JAEAgCQSAIBIEgEASCQBAIAkHgSSLwpC/N/NNT/JvN//Vf/3X667/+65uLM79x/vzP//zTG9/4xieZkDgdBIJAEAgCQSAIBIEgEASCQBAIAteDwNVemv/qr/7q5m/G9o9d0/L/OPP/Ovvwt2rz/zO/5S1vOX3iE584fehDHzp9//d//+lLvuRLTl/6pV96c3HOb5yvp9jiSRAIAkEgCASBIBAEgkAQCAJB4KkhcLWXZoDk32fmn5TiecMb3nD6lm/5ltM73vGO0z/+4z/e/Hb5d3/3d0/f9V3fdfqKr/iK0w/90A+dfvInf/L0rne96/Rrv/Zrp5/4iZ84fd7nfd7pR37kR078ce0PfOADTy038TcIBIEgEASCQBAIAkEgCASBIBAEHhmBq740V2y4DH/jN37j6Wu/9mtPv/RLv3T69V//9dPf/M3fnPjLwLg4+xvpt771raePfexjN38Z2A/8wA+cvuiLvuhm7vu+7/tyca6A5j0IBIEgEASCQBAIAkEgCASBIBAEdhF4MpdmInnxxRdPX/d1X/faBfmd73znzV/49ad/+qc3v4n+3M/93Ju5H/3RHz29/PLLp3/5l385fc/3fM/NH9fmUv1N3/RNp49//OOn//iP/9gFJgxBIAgEgSAQBIJAEAgCQSAIBIEgEASe1KWZdPH/M/tbZVr+aSroU5/61M3/3+wc/36zxG+ZHef/deb/lw4FgSAQBIJAEAgCQSAIBIEgEASCQBDYQ+DJXZq5HP/e7/3e6Su/8itvLsL8RWD8P8v8Ddr801NcqvkLw7gcf/d3f/fpox/96OnDH/7w6ad+6qdu/t9n/lkq/t/oP/qjP9rDJvNBIAgEgSAQBIJAEAgCQSAIBIEg8Jwj8OQuzeTr3//930+/8Ru/cfMXhPH/M3/VV33V6W1ve9vN/8f8b//2bzeXZ/4isM/5nM+5+du0f/zHf/z0Hd/xHacv/uIvPv2v//W/Tj//8z9/87dtP+e5T/hBIAgEgSAQBIJAEAgCQSAIBIEgsIPAk7w015j8i8D4t5lfeOGF06/+6q+OfxEYfzyb305zgf6nf/qn0+///u+ffvM3fzN/OVgFM+9BIAgEgSAQBIJAEAgCQSAIBIEg8DoEnvylmWhWfxFY/f+cv+zLvuz0gz/4g6f//u//Pv3Zn/3ZzW+euUjX//f5dcikEwSCQBAIAkEgCASBIBAEgkAQCALPPQLPxKWZLNYLspfhOsZvmP/yL/9y5HvuqyAABIEgEASCQBAIAkEgCASBIPBcIPDqq6+e3v/+D5w++cm/ey7ivYsgn5lLc/8NMv8+8xve8IaT/wzVz/7sz57++I//+HVjXq7vAsjoCAJBIAgEgSAQBIJAEAgCQSAIXDsCL7747tM73vHOa3fzqvx7Zi7Nosr/q8xfCvat3/qtr/0zU29961tv/mkq/tIwLsr1eYg/nk1RvulNb959+InPyy9/4oaP9/sk/MliuTuE+Und29/+i6/lmPdKd51X66nayPvDIsAaJQ/kdoseaq298sorp/e8572nF1542+vqED/5iXKlp1w/riVi2NonwcM4t/gqLnk/hoBn2hb30fWxpeMu5vZ87X5aX1s109d076vT+rPlXHjf+377M9bj0TiP+HZU17XzsWeBVT1X2dvY41jbkpiI8VaLjPXQ+Rj/yEc+qtrdds/uVv3sKn8EBvx9y1t+7GbP5DL1vJD1cB/xWmP3ofu2Oq1f2k6MUQPWA3FsrY8PfvAPX7dOkUO+697aF5nr3yndr2voP3OXZkD9i7/4i9N73/vem3+Kin+O6uMf//jNpbleln3/5m/+5tPLL798+s///M97ywcXKorHx0OAQnOMloOAlgK97w3XRXBvQe8ovjRGF92O+gefZpPgQH/ppZductjzd9d5tW4ePNAnaFDsae+SrMU9vQ+x1vjYowZ5+NDEJ2qRd2uz/hEs5vf8vkus7lIXfoMpD2tuRebn0r1mpTfj///FYwsL8X/sOtv7KO5+Wl+Mr6iv6d5XZz3jWaNc+OBlTdb1uLLTx4/41mX2+up87DxVP8Gm7mfsZXU/Y84LLh/a+O4D5mDMd5ZjttiwHhyjrR/95OgIIYcd+Ksu3+vF/oi+x+QBb2sY/8Easo4f07f7tm093Icda+E+dN9WJ3GzRjrxzUAtcLa6f9W9C7l6ueVy7DqAj5iRE1f0SdaTeuGtuvGn6lbumtpn8tLcAWYD4N9u9qJc22/4hm84fehDHzr967/+axe7t77FRMF0YowC3Dqwu8wlfTfIS2RvK8OiuDRGF/Rtfbhr+T08Hyqvdx3Xs6CP9U9+pvV2m/g8APb07tXGbXxAlo8zL8bTgeMH6NYF87Y+PKS8a4mYwdYPvO4D8TLPc9/7abf9rPc9w7biPLo+tnTcxdyer91P62urZvqa7v2us8bheqR+p/Vaefv7Ed+6zF7/vvbHPbureTABGx6w6sR+x9pmfrqYihF5n2irHtwzJrtdl3a26qTLXGt/Fcu1fm/dJY5b9XCXdq5JF+uGPYvLayX3gtWfNOCCi5w/WGKd1H7VxbvYuk639kXnuk9d52P3n4tL85vf/ObTl37pl47PG9/4xgfPgYXERtXJzYvNyp9KeyD3jZzDBR4OD3hoKfbO123QVyeLxN98I4++fpDTp6A9UJBd2cF/f/IEHzL1UHFhMOfjPH5X2e6P/LUlFjEjFrGlhVisHaMeoz6Jp/rBBZ1bpKwyvTXH+mis6qRfccXvPZvIGqd69N1awI9VjpSx7bL4gw/GJh8t49YLNnifYmKOfOon/Y77JfrESpt79Vbt4wOPOcH+UfwrHxjT5+n6Kla+w2Nexa7XNtjA19cuuWGc+RX5YcOBtiL1G7u4yN9rAJtT/Uz5n+oVX4wVXbxPfNqn9SDHbif9h8e15NjELw9z2CdX0jl7wpEaPhrrVEP6aV7wseeCWplyYTy1PRKbNsmHGIIRNTHVHzzuK+4NvX6qD767PupvHbCDPmKsdATDXnv4UvNa9dX3PV/10xyIz5Zu8dJO73ed8tk6f+4HYvUNHe6HExbEzdOp+io2jPmIQ5ejDw92eXpNdP4jOe0y9MUG+RVRC/hCLXUSoyl2eI25y9HX9hYGymkHmT2C170Iv6d8aZs1aF63dB9dD3t5EA/zT2tsdYz31Xmk7+zzlbCNHL5CR3DAHx5krTHkoB4z9rYwuhH69H/6vgrG6DP+yrtnx32z75eeYdblUd3iU30gLusADNHV+bqfU11Vnb6z76Cz+++ZTRwr0ifmkde3FX8dt07MZ52z5vieuWZ6Li7N/K3ZH/vYx8aHP5r90ORC2iocCpGFBw8FzuZBsUpsABQ448zD5+bI2FbRowP96lTej2/0+lGjHfiZ1x8XTl10bpDI886CdnPxwxa/XLDGp6/orPG4wMALwraLmncex40HO4xjG9/R13XSR4+kHcbwCVmxRC/vK8J37MGHvH4ZY/cRW5LYiCt2PVh53yJrSJ6uC5+N3VzKW9tVfpUlLgmd9PER/4jNmqGVxJN88l758FM6Vx8+qU+cxR1djFUcsEN9Omadi4fje/ibE+PGFrnGH+xjd4vggRc89EHc0IM/4AlfxRGdYrRVD+hA9hy6pH70BXu845O26UviWvHSHvFvkfrMkbzgxxwE3sRLLZgb9xD59UFc4YXQiy4ec8Fc1Q8fY9jYq2H5jBV7xlpzpj/ygRfxYBc71hD+Oa5/lbfHabznxCZ+2MYv+tiiT7wSvtDHP9eIfPot79SKDby8Y8e6x64kn9hMGBI3foANeKDL3CO/ReZjxaN9dEK02NrSyzx6pd7vOuWzNZ6qw7mtVt/AFFmwAC+xqLgyP+mvvm7tj5MfyGobu9Ym47U2p3rHF/iooS0ix/DtETy1XuUXoyl2ePRD/trqt7VQ5/q7drbqBBkwwldrF9y0Q94ka6aul5Uf1o864bMGqj/VjvkyfvNADfCOj/Cji7VPay5454EYw8dK8qGj1gE+yYt8xYG+/tVzD/+Q4bG+0SmO6CQW5N1Pqnz1y/dz9rIjdrBPLN2uODIPibV+qNu8wSd2zEkVF+KEz/yq+2gNqLO26qpjYERM+HwOGSNrkfjrnaDrscaJqZPY1PrtPNfQfy4uzdcAdPXBIpsKhzEKl6Ku5OagjIuzF6iFz6LbImywKdUNDn6L2gWsnV7IyCHPgpfc6PChkr672I2x65ziRgY+dYpd1a++vtgZZ8xYlNEfsTPmvgFik5img1ldtn2z0SdayL4xYxsZ8O0Epns2Ow708bUSNrBnnHXOd/Pb/dA/fJTQ3+uSOfG0lsSz6/RwuFSf2CmPfuLu8WGnYqE/5gJ54+s+Mlfxl6/HTW2QI/CpevWttvDgj/g4p1/WJ/p63rFbY1G2tujvcnV+er+kfvADO65F9PKOLvcb8WKsk/mv8p2HfBCPmDDPHsCYuaprqb6rC/34ik99nj6+Vf3IWcPWkrnRprqNwT42eqzYx19rRkzsKwsfeMKLX5Dx60flhU+cHa/t0djEpPsjBt2XjoHx4M8W3SWG+tx9od/Huk/kZ8tX/TRubTG+IvTVvPd+1znp6TITTx/TN+qwk3G6z9CvPsrf7R7xtcr2PcD1KV7Wx2Tb9bO1B+Dfkf3MePXNVowm+/BMcvgsDhO26q6tdoy7ztV39iKeHrPrze8i7e/pQ7e2e+3X9XBOHtTXbU9Y6Sf6IeqNnLE30da9lbjdZ/ANfcqJEXjDJ2kTnypVXXVcHK37Ouc7tvGt4yVGzElH7cDX63QVS9Xd1w91Qczu7frUfUUH+rVpzjof/T6mfVvsqccx9emH43st/lMT6ANHHt7JS8+JtVNzCw81A548XWbP/kPP59L80IiXTbsWjm5YuH3z6sXmxmKR9pb5LYLfzazyUbDMuXC00zd8ZJCHlzn9ZqF0chNwTt4eo7bQy6Lvmyt65ak2VvoqD3HBh1510IfEdrLnQbC3kMEBvZI+acO+MWsTudWjrqk1BufUx6bKu3adX7XqmfKLLnyD9H/lK+Pa1Bf72tbWXelTLy25wx623bydn/xxbCse5OXzw0adda7HWXl4x8aRtebhbx2SE2RdN12vfXj6Aejcqq25gMc4V/VDjEd8Uc+EF2sPHdOcfvb9h3HXoDWqL9iCiL3GzwGMHfg6r3Zoj+wJyFfquNU5eIlNDOCF7E9xm3PtqB//p0ed1e70vhXbChP97L6Ie7Wjn3Wsv3d9zm/JrjDEBz+qqAdyvLcnH7EHT/dzhY/6aMlNzUXvd51V1vcu4/hWq2/TR7F1TwvhX/VRvd3uEV9XsozrE3og9U31fmQPwL+6nrXd21Ud6c8UOzqUw05/qK2p3rtt+trpOuxXnmkPZ5+H1zlxQ+8eHVkP6juSB2Mxh9oXK/u0+m0NWnesR/LmWSef9dh1YBN7yICDNNnUP7Gd2i3c1Dnl1jnsn2PHc8l9iLbmE32TbvNtvL01b1OMjiFzpAa6bvv4xVPJ2InrUiLn+O+3Y8djKzb8Qf7aKZfmR8iQC2la5BYuxVXJYlOm6mCsP3vFRzF3G9pjzgWlHedqW31a+S1/1bnFy0asTWTYUOum75x6abf0IeumrA/2kYOMo+r03Tl5He+tuh3XJ+Xsi7l6iZe56VHX1E44ECsHFh+X+EOrvUkHY5Meeeuc/rOhTr4y5oFkbIxVumt96MZWjRcb9rU9+ePYHv7y9Vi0Dc7TnLZp4UHPRLVu+qHrx8jeWvaAmvQ7hu6ao5oLebbqB9mtONSxhddRHdawOsmnH2KMdT3kEN/cJ4iNNT7xMnbOnoCtSh03at6PJ3zArjy00BYmfU5Z7E7PXi0cia3jZ3wrX5yvrX7Wsf7e9TnfZY9giCx8fHBa766dPUy6Pf2w7X6u8JGfVtuO9X7XKZ8tsXQZ57ZafaPt5By2IeLm6dTt7vla5bssc93ulr7OW3X7bn7tr1p8cZ1XHm1MscNnPcBXn6rjyLt2VmciOuQxJ11vxXMLty5Hf289bOnrfvW+9sTKvq37HH32ZnIGuRfy7r6MnxI+eT7Tot++PJNN/VthzXy1oy7bSec0d44d9h3yR5yQ8db9qNpV96oW9Me8oQ+Z6ZF3rwbk6y1+8VRCV63HOlffiQ+f9ohvDteymEyxsadjdw+XPXsPNZ9L80MhXey4kKbCY2wqIItNGXVQmJcQNuqHqDr8cGdzgrQzbUjIo4c5/Z5+iubm4py8e4sEPhedceqP/tKu9DmOn8rD37G078Kuuj0Eqnyd9x0c8E3SNi1k35i1Of0UVh1b7YRD5cdf87NlQz1Tfp2r/lsX1VZ/NzZjd/6u9WmHtvpf7WBbvuqPY1vYVFkvZMZS56reOu/70bUGP/XuhyD5811dU2uNbsUijzXeMep6e/1Yv67hzm9fXCe8/KiY5pSnJQ4wg4+H9xqbvmALIvderPEbfuc6r/2jewL8lTpu9LFd/YMfH5iDtjBxTjvq39tvqk++H41NPjFSfuVLXVvy6qf9qe365Omy9PcwVLa2YI7c3hrR3hQH+lwbzovPqtatsTpf843OVez6b437we34Xqtvk5w6rUXi5ul0rq9Vvssyp0/Wk7FP6/zIHgCu2DGOat9394WaA+f0Z4odHutB/ktb7Rj3pEeeyc/+XSRuyFxC4FXXg/qO5EE/eywrrFwz+EmujM+80CLrZRo+/aF1rTHebfQ+PPqH3UtIndWuepy7xA57jzHWs3tLt1jJ01tx2qr/LmO/14Djva0x1zniIZ9b5w881BlEnvF3xd9jsd9rHOyw6/dJ9ena3nNpfoSMWLC9cHDFzYHiqtSLzcOn8ym/t7lQoFORascFu7LDImHhuGHgK32evjGxSWDLzVsfq+9ush0T/XFc7Co2kz7mu6wyXibVKR/jlYiDePY+ypAhPnyT9Ekb9o3ZA7PKIHvUZsWBXNDvH1Ldpr7V1vx2Wf0jLmmVX31x4xRPY1dePvt3rQ+94OfGr53JH+PDp0odf/mm2tBOj7Pq4x0MedBVSb9ca8zxDu+R3KnLtQie5sA5WtYWOmusNRdH68e1AEbSCq9qS14PxirvXG2Zx1/2MPeOKjNh40ecrTh0XjHvOVvtCZ2v4obPHVfGrBkxsH+khlyP+FnJOLb29aOxqavb6PL6cmRvqL763vU5fgmG6EKu1gH6ui5t1HYVBzzos66rjGPdHjzGVddtrwN5ev0gTz1sbu6izgAAIABJREFU6a9+9Hdzx97TfRMLa58+diq5vzAnbfkqj22Pk3F9Qg9kvVcbyh/ZA/Afv3nQ1Yl54mfeWCuP/kz24WOcOG5L2jHulT5j6flyb/O76Jw8wEscXWeN7Zw8rGKp+mp8ninGUPNEvI5XbCZd+O85qv6Jj7kVjvJPtaDO1R4gRrUezrFjnOqhX0nfHEN3X7tg4Dh86kK2Uuc7UgNVvr7rd68f84rtPoe8cubV/WR1LnmuWh/IgTX1Vsn6q/eJOn9N77k0P0I2XEi9cHDF4rEoda8XGwXtAUTBIsfGsFrw6rGlcOVFDnkXRC/cyY4bXY3BBccci4m+H7F9A3CTIC501INSf6Z4GMN39IoR8ozZN0YXNP7jCw9+YLsuXLFljEUOH7LGTX+PkK0x6pP42K8+Vmy6TeVWdq0h5/WVHCJb/d/SVetIWXEnJh5JPGt+3RRrXOLZ7Xafb6tP/PDBmPHN/Op3PYTwzcNVefzawt8Ye21op8epXVswhJfH2l6tNfIBv+tLX9W1asUSG+aRmIyR+qiHYM/FkfrRBry8o185+pKxVVy1V+tE/qkFa2IBB2KoBN5gVHWZY8aRlTpvjQH/efANW8iay6M1bJ7gR5YWXTzolcxDryFsVrt1PSKDTtcjOmsO1W17NLaOifI9ZmwZnzVVfcHvLer65LUW7GtjC0PyhD1rjxhqnalr1VqnYApOPVd+1CmvPXzTL+TIH370mmSs5tvYXe/YQx458ojealP+qkNfamvu0CEW+KpfYCKpkznemUOu++rawTZ8W3tOl8WWPiEr1dzgH7Gb98onf2/xCV950IUOHmNgvOJX5fVnhaV+VJn6jn9TnJWHd+3sxYPf6CPn4ECfOug2tIvePVKnNYBMxVz5OobMKg+rWKhf/MTfGid7A+PGpT1aY2Ou5shx6hF7+AIm1qQ6VvmBX3viaN1X39RT23P2snPsuHbcX/ra6bGo27yRE2WZk8QKefMmn/VxtAbUWVtlaTtpm9y4f+GbsTBfSX7m4cM/5Cb+rRq3VvdyWW0/xnsuzY+AusVk8VcXGGNj6IUzFRsbAQVLcSPD5kO/L9yq33dtoLfLo7cS/cqHLJtV3RDlx383MvjQ3WOBl8WlXefRh6yb6BQPvlT96Fphxlz1G30sTDcM8YcHX1noVTeb1LSpGGttkSevkj5pw76xykffzVBclZFnaq0h53otnKNLWXE3Z90GtsDDcWzge93s4RHPHody+nxbfZPf5FD71Q55N77q11H84VNefHodVXv1HZyQ57Hm0cVaJYZOHkJgew6x7ut+YH7ApFPPhVjq36p+iLnWK+/TGqEmjvB1v+wjjw88Xf9qLRlT5Z94ex629oRaK/imDf10z9JXYkYGPp5K3S658kOh2um5sFaO7OvdxhTbhAl+Ikscky81PvDV7xpff5/0wXMphthVFn9ch9Ma6r7QZx3UmkSeHKxwJbfMu+6xif2+36HbOe0au7jZIo8f3Wf5md8icwcW1Tex6LLo1X/XKm23Qz7lq/nv+nqczOsTtirddg8gL/hV9yTeGVvlrPrTY9Q3xoljRefmosc96QWj+m0x5Uu7W/hX3UfXw5E8rHJInVa/q33HqcNK7t3EWMl9zTpjfjqvt/LTY6aWp/VY7fqufdei62Hay86xQxzoRF+nKRZ0w9v96LLUQ+UD714b3U/rqu8vXTd98tBzJ5/1aq7wFfvYm4gcWA/GNfFv1Tg+i+V0t5jsPsZYLs2PgXpsXhUCWwv5qhy9B2fYnIi/b8aYYgObDoJ7cCMqCwJ8EHLwHP0YKKJ5vUIE+BhgjU355KOFXB/5yLnC0OLSHSLAxzt1EgoCQSAI3DcC7DVcinP2nId0Ls3n4RXuZxABNg8+XKeL4zMY7utCYsNk4+Thp75gwMe9PyFd/WTxdUrSuRME+AEG+PODCn5gkcPsTmC9CiWuJy5G5Jh15YWZsdDzjQD1wJrf+g3q841Qog8CQeAuEfDbLz+oOw/VXJrPwyvczyACz/OlmXTyocYHfP+jOM/jDxEes7ytQz6er/mPJz0mRk/VNh8o5Jfc+sfX+OHI9Nvnpxpj/L4cAeogF+bL8YtkEAgC5yPAD+v47sv3xnHscmk+jlU4g0AQCAJBIAgEgSAQBIJAEAgCQeA5QyCX5ucs4Qk3CASBIBAEgkAQCAJBIAgEgSAQBI4jkEvzcazCGQSCQBAIAkEgCASBIBAEgkAQCALPGQJXeWn2//minf5KdOfzP7A/Z9WacINAEAgCQSAIBIEgEASCQBAIAg+MwNVfmrkg9/9J/baXZv8mU9pQEAgCQSAIBIEgEASCQBAIAkEgCASBFQJP4tLcL7e3vTT7twR3vSuQMh4EgkAQCAJBIAgEgSAQBIJAEAgCzycCV31p9nLLJbn+e7HTpZl/0oM/yt3/SQ/+CLf/3in/hI6yta2XZ/7pB/4pEOfRlz8G/nwujkQdBIJAEAgCQSAIBIEgEASCQBC46ktz/Xctubx6+fVC62WW8XrR5b33STV/zJsLsvJcyum/732/fVMJXLqd6zrqxTplc7cI8AORD37wD+9WabQFgSAQBIJAEAgCQSAIBIEgEATuAIGrvzTX3w57SfZia59Lr2P18sW84/wGWXKsXoSrnaqjjlcd6kp7ewReeeWVmzzVP01we63REASCQBAIAkEgCASBIBAEgkAQuD0CV39pJsQXX3z3zaWK3wx7weLi66W5/va4QlJ50SFNl+Z6wea3zOj0kX/6m7zVeS2tWGz54w8CxE9eflhQf0MP3uAGf6WKldjQIsucfyKgyuy9gy32LpHd032X88beMVnZAFNzAkYrTCuOW+/Y1YfOdxv8V/7fZhz/iP0ayBwczds1+IwP+n2pP/eVA3C8L92Xxqpcx8x14rzr5yFqgf2MNY8PWz90hY8f/tb/vYh39kXOsUrGZ1y2jK9sqF/eqq++86exPG/h5b3/RZzyg6P+0tKfCJyrTvaplZ+TPGPso/oz8fiD8/oD74nvqY25zlbY3lU8YEv9hO4GAdZM/ZbivdJD5bXazHsQCAK3R+BJXJrr5bf+EWoPEj8EaDs5Vw+EaWz1ISIvbdXR7VxL3zi2/Jk2bD9qwJcPGnjqhc8/wo5ecAcP5uHjQcbccECce/k1x9f+0WPsxLxFxO+hWTFF3g/Niqk42lp39m3Rqw8df3N4Cf5bsezN4Rv+0lZ6rDUjPtUXPmLw79y6rDq23iebW/xH546s5y1d95UDcATP1YVqy6f7nuuY4WetTXNVx+7LJ9YoOeDizLqfCCyZg4c9gT9xg2/46V5R/xSO8RkXLXYcZ7+phKwXd9s67zu5xFf2D/ZzHvewnmf3GvzFPi2yjFdChzXIO74oS3znkHL9jMD+ZPsc3dfAa11WX4ztXKyqjiPv5ugI733wYP+SGCfM7sO/c3W63utarjoeKq/VZt6DQBC4PQJP4tJMmG6ObK4+brJ+LDBeyYsY4/UwVx45qepnQ3uqJBZb/vcN24+l/rGlDnX6Gw+xmnByrn/YqGur5QNt9WG5JfeQc8Y3xV79EDM+FDvxkewHYP0YrnzWaB3zfcsHf3BxCf7qP7clBvztmDBW19i5ei/l9wP+UvlL5O7LpnV0iU/IPFYOLvX3LuT2MNtaP3dhv+pgP+OxPvoagZe1Sp5We4Uf4Ordis+5esklXvYF9m/n1VVb5rBVf7DEO2PMScSAv+itNOHafZefvZ65c6j+cMH49A+Mq9/n6L0WXmuk+rPCuvLcxftj7hPkbaqnI3FNmB2Ru2+ePTwfKq/3HWf0B4HnDYEnc2n2wGQz8vHQ9rBmvF4W6nj9IFGeg1tyE2OuXrAZ54OBp+pW7miL//jD4a597Hj4q4c5+Hj4qKCPTL9coY8Poc6Dn8hskbFiA/LSXD+MtuSRwwZ6OqmbwwzC9+njiHygo+ZFvV7Ou+69Prr8zQi6ee+4MY4dno5d1w+P+YJXuVXsyovB6ocQ8PmhgP6JsMEzEX6sfNA2PFsEnxd3dOFHl9FO11NrzHf9rX7xzjx6trDutQzvpWuj+uE7/hsLcUuTXXLGuMQ7stYBOrtv2qmt8qytjnO3AW/3BXvUrviqb9V2O8it1jV6+zohRgnb5KBTX7PEi51Kk+6+Bnusq3x3XVONVtu+d8x6v9cC/ohH3eN73tHTY9Hm1IoXOv0BLrXQiXmwrDnoPLXf46lzxlb9JD5pJat/057FGP65L/e+ursO7LLelJOPduVH5ZnerWnyVfUwfgm5X9Z9AT3iWMd7PUzny9Ha7r7WvcN3ePSP81TcmQe/HjP9I3tNt01fnXXNsS6xWesHXvodi74namPvTBZnY6ZlDKq+MN7Xf5XxHTl1ggcyVSd4doy0p8/Km0t1T/lWxlZZZXprPZnXalt74I7cal/UVm2pBx4wM2bkq374j+RO39iXKla8d/nJBnawqx/Eom/V59X7Xs0gt1cbK90ZDwK3ReDJXJoJlIVSNyE3BBayHz3M8977Fai6Ebigma+HEptB1UF/Ovyr3q13Ng1scfixKbExsKl0vfAw5iZTNxDtE68bkvrY4JDjQccWuSmKH7z6h1509QO56kMOG+jphL/MqRv/6JO7SuaAWCTzi45zSZ/Qix4eY6q28WUPX2zrn/rMg/hOseuzMW/xwKt/5lV5WvzkmchYJ/0d/0keOXRT3/DTt/bxXdKOfVv9pk+dKEvdoMucGgP85EAMGTdm1y64Ki8fY/JhC7m93GHfdcs7D2Qs9rWLTteQPMgbg7HKg2993a5sgg3+Vpxdp4xJ2LrNesaO2Igh/mKbcWKQ8J8x6xrf4RUH+OzXdcO4a0JsVrqNF3ne4cMuJO74pq9Tvsk7curCT+2Tpy0yZ/L0vnlGp/5UH5Gzps07sWi/46Kd3mpXvOzXmkaG+Zor8Og8Vbd66pjv+k1sE61k4QeDCduKFzpXOphDB/N75Bra45vm9cfaoo4uJePueGnD8b5uam3LYy3t1fbkKzqMh3d10oIpD7ml7x4ChtLRvUb+3qIfv9HpunQfwC9r2Bjhd23A7/6FH5K16F4DhtaOOaPOea/xMcbD2Nb6B4sJM3NHPLzD59N16iOxSMqjm3ly7R6FPO8rwm9saUe7xkgfkgdbkLheUjvIg6v5w7+6X1V/xd/cMedaxHdI34iB3NEXE2zoIzbUx7tUMUW2+lL55K+tdqyZycaR2qg68x4E7hKBJ3VpJnAXKQvaDYdxNh36bt5uWpVH4OD1Awg+FrnEJuJGzBz6mHdDke+cFnv4XTdm5NkQsOEBwpg2kZHkMxY34CoHrx/P6NgiN0X1wTvhR+z43GNHDhvokeABOzdVZfSpYowt5MlBpcmvOr/1jn4wrjTZOYKvPnf/0Gd91dirTd6tUTHo8/YnHJ3DT56JJrkV/pM8dYOP9QMHPuqe/EnasW9rfPbl65gcwdpa7r6Yu1o3R/ThU/ePse6jdvsaEhtiwQd0HVm3k03qh3pBTyXXsx8zK1+sw1UdqNO9rGOoXnyTyG+va+aIETvUkXYr9uajysLfdfd4xVBd+tR9Vb987gXwV6Lfx+o87z0XvW8tkAf3enOBvPFPduAnxj1Sh/HAjw0w6/XEHLjDS37g4cEWPvT66fEgjz3jQm5Fkyy81mRfw8yZC3gg9KNnIsa37CNjreHvpWQctR4v0WVsPW6xdNx+rVvywri4kCvyVnnwqdf2yk9jqvP61+MUQ/1jvq899JjXWt9Vv+/4Te31M8u4lTdGxishh7y5t/6nOoEHe9a1MVadjvU1SL+OTZjpc9WHr8jB3/ODP/guKd/XKf7Cd2T9E1+N3XjMl319xLe7qJ0am3WnH/R573FZI+Kqb73mkMVH6x28tOE+Z97VJaa04LyHHXr0V1lt6I/+dRv0+5g60gaBu0LgKi/NdxXcNephA2DRcwixQbAJuXHib99sGXOTkM/NC12dnOvjtd/11Tne2fiw5eGGT3WjZY6x6cF+3bjRx0ZZN0s/HuvmC9+eX93PVR896NbPugkfwVe57h/2nMPGisxB/wDp/Fu6xLbL0FdOntpO+E86HCNXxIJOcoQuSTv2bY3PvnwdE3RV7OGHh3FkIHXVGOp7lT+ir+q8MfDp/3QftTutoSrn+966VZ/8tDWO6b1jMPky6a02tMNanahiJvaTL46ZwyNrdtJd94nJH+PRXm+Zh8CCD1Qe9kn2jL31pD1trPrWArqx74VAfue7b7Uv76p1bxdP+GpMU67Vxb4Djq5H/Kw+Gl/1x3fsbulWVlu21kb1dzWHDp6Jtubgd+/v8to3jtp2n7ygwQM2W/FOPtYx7XYb1oDj8pETckOOul1iqn739x5z9YN35eu4dt0rnOv+dVu93+XVYwu/lxLHaMGaOeoK0sceO3PIw8uc/k1nKBcb+JybYkQHueXZWv/6c+Pcp/+jbXNX53w/cu717xhkXdd7exHx1Xwboz7ZNy/Ggdz0VF3GUFvl6xjv3Q/nwRcfWI/GpC/dN2WO2BD7KQbH1LfX4gc1ok4xOFobe/ozHwQuQSCX5ktQu0CGDdhNh82Dj1wvpW5WqJ02ub6JqWdyY2tO/q7P8anlcNBPDxE3MQ4/dPHwIYHvNRb1eUgqz+HKYdjpHL+6LBupmz9+8HEjFrTSEXyND386bc3JKxaTvDy0+jcdwPjJM5E+VPyxBQZHCR3kABu0+GJfHdqxb6vf9uXr8R7BWl3ITo81g60j+uBTp/7Rdh8nnsrv+9F1O+nDX9bOFBdj5n2S1f7WnDwTLtMcNuFlnax8soaOrNlqV93gvEXGs7Jf840vrCX3H+1VnsmWNpzrfWvBeq8XUmSc7+ur+qzuqcVvfGUP6uQe1W12PvvYxE8eyXiqP3VMvqmVr8+hC5+n/IkHPNBKB3PmqOun775IPq0z+ejXeOp759W++qbLnnr3WuM2Nvl7zIxTd+TPH2YQK33906/qe30/t26xqX89L90/fDmy1xhfb1e5h6/m1Bi7PP3qU33vvD2m3pcfXPfW/+TPlm3mXPe0yNvXrvL2a+scPm9RxQw+Y1TOPvog42B8ei6pHfR2P9CjLeaoGfdXfem+3ThYfLRvW22Iz232TvdI9K6+447Uhv6lDQJ3iUAuzXeJ5kIXC5yN2UNNtmlzqhvQis9Nz8NaPlrn6lh/73b9aZ4f8Z3fjdAPPfvoqeTm2zd49BIXByA+887G2Kn71ee3+sQNxvoob8ez9+Hrdo3Pn4Sri9a5HnvlQW4Vo3ziAGYTIc8z0REfJjnHlKetNdRrRz7lbFd8HZMjWKtrVXvapD2iDz51Vllj0Ud5avyVn3fmjq5b9VUd+DtdnCoP78pOvjjXZWofO1t1hA7IOp/WXtXH+5E1W/Ohbtb4FhnPkXx3Paxt8rGHqTaU731rgXXqBajuWc73vUR9e63y4LN6agx8YCKzIv0XM/uVnzmxmepI3kmWOWTwdaoNP2LV62VVf9RNHx1TDaiDVj3KndOKrXjpCxheQtat+4I6tNPHnScGecRMbDsuyuy1ylc+/TNe57Stf+Bea0q+oy3y0w8fzGmPccrhXf6mefJ7Wv8TZh0bdTlOW/3vOuSre4I6rOO9HIMneiXzaL7sYwvShz296uut8n28+kHMR86z7ps6j9gQu0v3TmzgY5evcehPbafaqPN5DwJ3hUAuzXeF5Iae1SbEQc9m4MaJimlz6PLK9Q8FNnnkebao62PDQcaDsct6GHqIuDGip5J6pw94xjjUvVBOF1Lj6nqrjdX7hJt4sBFLE59+mwfl+kcEh44f2Xs+Ei+2+uaPH+gR0wkHeJDlmWiF/8Q7jU2HX41NGe2Yd8b9iKq+ydcxgadij3zH2pyLvbblqzV5RB/yU3zdR+32NSQfedOH7puydXyyaY47LtUG/qqv+2IdVqzFp7baqXmqemsO+CDhId+V9L9+tO2t2Z4P9LI+qm7eHa8+VewYF2vzzTw+VV3w6Wf1vb93nt4Xf2yCmZiIn7gjV6nHUufqOxigE/3Toz/MQX6Ir/YK9WlDefu2xjVdWuVZyTLPHH5XzI2ZOQm/yX3PofaNS37jM7eOn9tqt/qCf+7J5u8cversa0+dxsIam/yva8B13HHRxiRffZ1yo2zX2bF2D9Bf9co31ZY8tMTB0zHs8qsY2TeoHc/+1RrClmejdTbFiF3wkEdfO0a9D58+dywm3lo/2lAeTCvBS4zUxh7VuoDXGPXJPragFa7yXVI76K1+qEubN4YH2yu+Cb9uY5X3o9hVf/Wv68R/fNmrDeXTBoG7RCCX5rtEc6HLiwYbrh/jbIL02STqJjZtGn0Tqxs9H0jMs+miT50LV26Guz4G8Ufb+ohON8q6aeMvvOjp5E/+a0zweCj4Id7l6OtDndN+11d5ePcjBz78ohUPdEjGaJ92wsOPEFoutmCC7+I7xV51kiM/DohLTPFLXxlbEX7yTISOFf4Tfx8TZ2IjDvzAJ2OTX1yIA5vV9+pbPdTg8eIFT8UeveqED+o4MV9ruR6MR/Sh01ojTu3QVsyqXdeQPMTL/DnrdrIJLtYguonN9VFxwZY1oS8Vg4r1DWjtP+KPLeS0Yz6rLXKNPuzxTm1b62KlemMCD/g79XyoG3518w4ffajiTn5W+cYv5NRlTN1m94k+8cIn9b55RidU88Q75BpBtq5/9Cp3w9j+IwbkcUXGBu5Qx4R5bOCndSF+8Pd4qh3xXvm4JSsOYo5N3qkjcdGW+Fiv1jXjleRDDz71p/JuvYORa8n9RX58s1bgg8wx8W5R1YsMjxjVXBuf5wE56uum55FY6zrWt5U/rjcwww8IHfhhX1n61T9zB0bMIafPexigE13iW/cQxsldJfqM46cxWqf0pWrfNSS2PR5so0PfXSPYog5X8UyYdWz0x1okb+hDLzaxTTyS8oyZb9cCY/i2R/BV3LHHmPjYF4fb1o64dr+qH0fPs+6bOo/YgFec4Tfv1ozxq7O31pF1QGtdiufR2ui60w8Cd4FALs13geIBHSx0Nw42MjZjNzE3TtTUTU610ybGJuvmhAy6seFBpezUTvrg42DwQwCd+oneSvjL3LQB4pcbX/3QMlbk8HEiNkdiquRGXTGq875jq/oOHviHvJstvNivfcZWeLhhI+OB7oY9xa4vtmDBoV7zbox78tjkmWgL/4m/j1k7fiwQG36qt/ITr/kUg6nGGFOfsR3FWn+0I0b94/gcfbUWiMfY9I0x7eq3dhmXiL/mb7Vukek20WFdakMMq43qi3k/Zz1rx7WCDnzBNnp6vRNT5YWHtd9pb81O+eh4GUfVLe57+e5+rrCrunk3Nsd7f6oF6oJ4sGHdwYf/5gRMa/2ov7baUkedq+/GLh+YrPaKuo+iQxtVn+/wGkevsT1Z5q3XGnO3ry3wMQ5z45ytelatfHuta4uamMicen7YB6s9Ij4xdQ9gPeBzzXevh2ndHK3tySdkjRPbkHWJ7UrGV/0zd3t7TdXjO/bQyWNOxaLXEf3Kh6z7jfps62UTvmk/gBc+7aIbOrL+J8yQx1bFBn3wUh8Vn+ncU565mo+V7zfOtv9gv9aeedQn+8Za/RMH8XePaCZe17V+Xzc4fO/0/Zn40I+/+jL5ht6jNuBF17l7J3LWMP7woAN/sF3xPFIbHYv0g8BdIJBL812gGB23RmD6SFGpG6f9tEEgCASBIBAEthDgB3leBLb4MhcEKgLUDBc2L7h1Lu9BIAg83wjk0vx85/9qouenq/zUs5M/sezj6QeBIBAEgkAQmBDgN1GcKUd+SzfJZ+z5RSCX5uc394k8COwhkEvzHkKZv3cE+GNQ/FGk/sfAMMzcNH7vTsVAEAgCQSAIPEkE+JNLuTA/ydQ9utO5ND96CuJAELhaBHJpvtrUxLEgEASCQBAIAkEgCASBIBAEgkAQeGwEcml+7AzEfhAIAkEgCASBIBAEgkAQCAJBIAhcLQK5NF9tauJYEAgCQSAIBIEgEASCQBAIAkEgCDw2Ark0P3YGYj8IBIEgEASCQBAIAkEgCASBIBAErhaBXJqvNjVxLAgEgSAQBIJAEAgCQSAIBIEgEAQeG4Fcmh87A7EfBIJAEAgCQSAIBIEgEASCQBAIAleLQC7NV5uaOBYEgkAQCAJBIAgEgSAQBIJAEAgCj41ALs2PnYHYDwJBIAgEgSAQBIJAEAgCQSAIBIGrRSCX5qtNTRwLAkEgCASBIBAEgkAQCAJBIAgEgcdGIJfmx85Asf/yy584velNbz694x3vLKNP6/X97//ATQzE8izTY8ZJfVAn59Kl9XWp3Ln+vfTSS6cXXnjbTWxvecuPnSt+iF/swG/rIb/GzfsWWQt7fFs66tz73vfbJ+LHP9qPfOSjdfpmf7gk/69TUjroupY959VXXz0R/9vf/ouv5YeaeM973nt65ZVXXvPa3Gzl0DmEVnlnvOP7mpHyYo6x+6zSXoxiXut8r3bEXcx6X53mytacf/KTf6fog7QdA/s15pUjPbYV35Hxc+we0XcOz0Psw+f485hYnOPnFu9d1saWncee29sP7tO/S21fWl+Xyp2LAXb8HnjxxXefKx7+O0Ygl+Y7BvQ26vhg5CPioT8UbuNzl3UjeZY/Lon5MeO89AC+tL4mOT927zLPHAx8LPPRduQi02vvSJ+1hc8+Xs4++ME/fG2MOS5otBzE5HqL5K2Xui3+rTn8wCYXR+yDA22lS/NfddT3Sz82qo67eCc31AAP8VMHPP4QgXHrwpoEGx5xI5+O2eKbmDmmjPnnUr5F97He1bll9yHn9AdsJmK8r4e92hF39fW+OsGfd56ac/Sbc3XcZ9sxOGdt99iO+qnNyn+O3Sp3F+8PsQ+f4+djYnGOn1u8l9bGls5rnNvbD+7T50ttX1pfkxx55rkr4kw0LvfGu9IdPZchkEvzZbhFaoGAHwAs8GeZHjPOaziA+bBlM7/LPHs4PGTdiOUUB2P4RK4jK/b0AAAgAElEQVQfio7UlT7flU+PgXv3nUuwF+bph4Z8oPADFXh472SuVh8sW5ihFwwmu9o5khd5j7b8MAC710J7MYpxXQ97tdNx7/1Jp3hQE/5QA76HoD0MtnzosW3x1rlrq4O9nFbf834MgUtr45j26+F6zNp5TNtmgP2KXN8Vbe2Pd2Ujes5DIJfm8/C6FTcXDT8CWOC8M1apL/wuwwde/WhRljE//tDBH+PoH4F8hBzhu8QmH7Po5sE+ix17vPff4shD/JX4jQL8YoIO4mCMZ4qdDYoHGePXl6r7nHf8xmf0YJeWPuOSMdSPOT7m9+SQRyfylabNsftBfMR5mwMY23VT1xf8MV7tVP+qnPYZ86k4VDneexwdT7FUF23Fh/eeW/Hastv9mPrGMunRBh+15FX/kKlrS76Vz8hNa737o/6prTnT5yqPP32t9Jqt/PUde+jE/60aIM5uo8aMzp5rdE97UbXPO3rg3fqtIrUPD3F1MgcVp8ozYea8ttGxInnwoa7xKa/YmvwQZ2zw3p+VbfnxgWcrR/CCIX6pf/JxsmWMKxzEGD6pxuRYbTvuvT/prPLOU0Mrcm3WNQkv+zH+WS9H9ueOgfZrzL3G3S97bPiwlwtzVFvkJrtH9MGDHzznnonGXn2pce/Fgm11kAv37KoDnk7My4vtvl9MWHSZqcZ7nvq5ox9H6gLeS2xOteEPSbBbSdzJWyV0EB9ETN2Pjhd86IKPZ2+/qLa23qczBv2VsEvtVSJ/+Gh8xNPl6DPfaVpT3Q94GJtsd31Tv9eXffd6/daOOuTDd9/lPeJLj6PjYuxVJ3agXtvW2QpHfU57ewRyab49hoc0cOBQ/Gx+vLMgeWeMvlQXm4e+MiwYN5+66fjRwBx60cdGycPChFhk2mPTRhd/pJHFhk35jtrUj2oT/W7QLm7HjI9WP7BbDw50IQ8hzzy8xEPfOPFfYmNBhjjEVd8qrvLvtRNObkT4wjzkmHGCH37w+Ed98VPflEOWuGr+GDNex+E3NzVf2kDHJYQcmEn00cmYtWN+am6qHLGaC2Ot8amblnH1GYfYiSd2jJ8x3rWtnb06qzbPefdgMo9VVp+IHT/oE685lVc+c0fdIaPPda1Pdqoe4xVX+MGk5kyflbP24HOt6Cdje4Sv5ndVA8ZYbehrXY91DBn8sWZXNYJ/6MWHPYKHddFJ/ypOladjVuf0GR0rsmaJBf6OU91rsDX5IcbYwJYx875lG35kj6xTY7H28MvYqYktMsaVL4zjh3WuX1Os2tH2qj/plNfWfdB+b8kFftU6hId4GWee2rMOXVvEwVhdIx2D7h969Mf9zLWGLuxJ6jIX+CEevEPon+qg24X3aG6xgS/4Sf6xhQ/4VutUP23P3YeNpdaVMWOfd+LgWdEUE7I8fpN0LIiBWCquFUNsHTl34HPvxJ51QV7pg5971lGbR2qDfOB/xc0xxsFEwr/KK+bWHn5hE389M5FFhjH40Q2fGFU+7ey1E07WVPUXu9iUxA3bvONLzbl81o19W+O1Lx5TvrptZfbaXl/2sYGv9F3jYC3Jh+/UiX1i5R1fV3QET3iwS1z6gZ2ptvUPn+EP3R8CuTTfH7av00wx102YSYqfTWG16bgI6+aKHH3H3ETYwCohi275aFlMLPBKbKD4xkKHbmOTeDw00AO5GbqBYM9NgJaNVMIP48Bf/FdOHvyET3JTrXz4gW7mziVxEjfl9afHZd8DxL5yHob1g27KA3J1fOWH+Yb3Euq40O91qc+1Vrqcee3xdp9WcXQ8kes2jNWaUPdUZ86d21o/UxzmpNsnl/iqjHziJTa9JhkH2y1SVt3w4mOtZX1WD/71HDJnHusaU6a2R2rAfNWY0DGtx7o+4UGGuLrs5EMdm9577PKYg4qTc7STnH4Rv/tflanv5qWuY+apReIFfwlbkx+9vief1NHbIzkinm5DPcTHHP6uyBhr7VVeMYZPWtlzvsfY+5NOZW27jOO17TlgrtYmdtDT14Jr2drsGHT/VvuZ2IOHxLmOzUqeTXVPmeLrdtXf9aG751Z9xgSPdif56h/vPafn2Ba/WiNdv331ViyYM1dgbR+f1KmNHh/j7q+rPLmPYQPCNrrt3wyWvdP1fhubxllrg/caN7VCDTNW9xLjQAc5JH/61H0VL8bR388EzwNxVP5IK04Vc+SscfcV7NYaIyYe57XlujNf4uu8rbVsf+WHOFXbyuy1fa3Zr/lBhz5bK/JVPHv8K9urODqekw1jrfnGzlRnK/sZvxyBXJovx+6wpIXfN7tJQV10bDRuOiwmDvz+U0I3GzefSSdjbj5982LOBczcbW3qjxuLC9kFTgzESBxs6m5M8vWPGvxjDn3oRgZ5ybjs21YcHTvSqm/Cqcr3OLG3+vAmh3UOXuQrWSOOb/nhXJU/+t5x6X30dF8Y63w9/pV9fd3Dc8vGVNv9AFvZ3xvXP+u18k84MN9j73z2qVX8xP8j8U+6GcNHHkmf7ZObrceakr+3PbfMG8Mku7UexYZ65x09RwgfwGuPeuzy62/FyTla5Sac2Fv38mNcxN4JefS6N2Nr8qPjrE9d39TvsvAYsznSx2m9+KE1zWlP+VXOuj3kJr/UR9tj7P1JZ5WfdPR5+j0H/nB2OnOZwy6Y6I8xdwy6f/JP9eLc5B96wF798EqTXLer3JS/nttJH7b2cqU/ne8c2/KKpzqnVt4ppsrfsbC/tb+KwZSnqptY69lc5+q5fVub+qN+vnvQLxGL33j45D4D37QvEhc+8b1k7YOn1HPIuDFUPvn32i2cqmy1q71pDRIfvM5ZC1UX7x23LT+q7a5nq6+f4tL7yuoj89DEd9SHrTi0t7IhJlNtU8voDt0fArk03x+2r2meFtdrk+2lLzoWBhuLi8F5N9W+kJu617outNcGykvXcRubXRdm2PSxD3EIeEi52TPuwV83AnRxsBAzLTrs3ygbNlXHxcn+0XYLp6qjx7llr+uEF/lKvUa6TOXdmqt803v3s/eR6b4w1vl6/JMtxs7x9RwbR+2v/HJc/4i504QDPN32xMf6pL6pfeLioV/ru9ubdDOGjzySPttHN2sKP6bHy5z8ve24Mz/FRNyuv9V6RJaPYD8K0Q0vslvk/rbFwxz6po9I/a04VV1i1vGpPFvv5nzicQ7dELYmPzrO+jTp7GNdlnljFtvuR9XReeuc71vykz3GJr/UR9tj7P0jfh2pDT/COUcgzxPPScaoy7oe8cW+uesYdP+6/zfGPv2fPsda94yzbuWhlRyzT9vtdr+2eCd98O/lSp2d7xzbW7zqtz3K27FAfm9/XWGgbdseq+O0XcdtbHZd/vKA2Kxd6tMf9oANxN7pxZI+vOrCd9aG60MZ+Ka4JhxvjBz4z6RvEqt8e/Yqr7XQdRqr41XGMdutOXmmtvvZ+8roI/PQxHfUh6N8k42Oif7Rbs1VvrxfjkAuzZdjd1jSwq+b30p4bzGx2bKR+uHoQt77aa2Lafpo5wMXu9Mcfp5jU3/cWJD3w4F37IgDPtOnxT82f0k9tNUv45Cv9x3fw1G+3qqv2uw89PXPOLFX/a8y5KvOwYt8JWvE8S0/nKvyR987Lr2Pnu4LY52vx7+yr697eG7ZmGr7qP2VX47rn3l0nHbCgfFue8WnLmJXhrWwRfJVf/CRR9Jn++TG/cCxc9qeW2R7TPpFW3PZfel2+Qh0f2EfWRF7An5s8bhfuH9UXfpbcarze35W3und+Plo7eT+5g8nsDX50XE+x6cuiw/GjG+QPk7rxUvkNGc8W/LwkBv8qDro171NXbbUZZ3vMfcYlLP1EkEN7VG1hc26JrSDHvOEPmNmfuorJ8b6X9eAfjlX++z9vaZ7Lrsc8t2uflbstdNzO+mDt9tVvred7xzb8opn11378k4xVb6ORZ3jfdpfxWDKU5Xfqt9+ble5c23qjzqsazAQB32ldnmMW3yY16eKr3zokXoOGZ/45N9rt3CqstWu9qb92h8UOCcGVRfvHbctP6rtrmerr5/i1/vK6iPz0MR31IetOLS3siEm1kvld66O5f1uEcil+W7xXGpjs+MQr4XuJlgP97roWKQsgiqDgbow3Hz6R4UL2o90D1Y3Bh1l83YjZuw2NvGTWIjBjQWdbPqM+WFcPzyx7Xj1rcaor1W/YxMfcxVHeY+04kRbCd/Q6QeQfeP0YmBf2Rq7Y+jp+fLDWwxWfphvdFxCHZfeR6e1oy+Mdb4e/8qXVRzKi+dkw1g7VrUOOt4rP1bj1s+kZ8IBPfquTOfDX9ddtdsxrHO+d92M4yOPpM/2V7WnroqxMrWd/OoxdZvI1zzQZy+Br6+drqva9v3/sPduofZld72nD94vGBDUBxEFH3wJCi0i6IO+iJc8KP1SGBTxpdSjUbAwiLaYI9jSUEQqBMtgSyCEFvrkKChU+tDYxnirig9pU3jCsdIxYuIFLaLBMtHoaj5751P1q1+NOddYt73X2us7YP3nnGP+xu/yGb8x1/ittff++xzieVCfD/U+zxbuI9ubNiqnKjPyv97fdi7LUS7iU32GY4u+2piDznkXn/pYdBszvtFcLyMGbMLRwZwtNcf3GJXX38rf3BvNmf7VtaAOdSpjDPZzxFf9Humvspz7PmIcbsi55/xhrzb9t7/Ldf+WnmfahLFtNGfK1TnqTBjf7Y7GaUdGzu1IH7Ijf9RRj11uF9udX9Xbz9Xb883YzRuvzRHkvVd1Vr+X5kn/fCb2+Vdff98+xKZx4l9tzBtzxbEy0Hfz2TGdg/3Ky4f+ykK5pfHeXzvKiVhqM9d8JnS7PAd5mZuONTY/EHBeqn50oq9yW/JDBviza+tc+rX69JH7tJFcj9+x/bgUR+c5smGsHGtbyrMqk/PDCaRoPpzhlAY3TTwgOedh4ZudD3AU1UXng9sxLCAfNvXhwBsI41iIjEGfD6v6ENIe8uhi0fUid9ami77aRD928QX9Nh6Y9PGqm0vu6zv3qq/2ox9dxOSmGVmbDxmvPSJTGdm/7Vg3arDGtg9L4vPhb59x8oCXOffoZ7x9jsO+PnMfWWPFZ65pyDs3+sF8qa8y2BZTvd+59Gtk8b36Ql+X8wFNLPhc3zSRlcssz5EN+mTT8wwb1Y7jex/9a8250N8qO+LAfeKtdroc88V9fWZNcU6f81vt1POum3v4yMumz14zF+YF4/FHH+o45fsRv7pcj6nOA/eW1qPPGHMWOfsYt9ZqHIyHGy/Oja8+I6ou/e1xKNOZ2T97dF7ww3mtseGnTVnkONf/ztnND2yRW2t9LLLGXMdiS1l8wkdjr3JLtup4/MMGR+cQfbXV5x5j65zhR31mMk5f1GEMMOCcl3Pu877bdGw/+kzSV59JyKFDf/QRX5hP+rFLg1G91j/Z7fJc9vnNWPRwNI+xbRvlQbeLbJ2btbntjLVDXNWu/f04kpu13fl13f26PleMSUau9c5CX1yHjOvP19n3nZq/zhP69QE9tFmbzjny+M3cqguutamT/prj+EQfL+Ky2Y8+5NEPP66RxX8b132uO0dlZ4712exzQeb4YOt2mRv64ILPXDvn1T99Y+0SBy9ZMt7mGidm/XC+um3HbDtqW3792vHcxwb3aSM5mSDrnCrX4zAvjMOxladj9Q27o9w2z7BR7Ti+9hlPjvsRSNG8H7e9RvHA8A2dJOacvtrorw8T7nNNPy8eJCwgH+aOpa8+ZFiAvukow5gZuV1s+sDWL8biJ4u1ttEDgfs8WIyryuNrfUNAPw8G/EfeJhuvPSJTOdo/c+y2iRFfKnP9qHHyplZ9Ho3DvvrxkRdsfLih19blzBffbJXb5di59Gt0jXwZydU3Kzkgx8tr9BmHubLEZWSD8TVnHSuDamdkexsb86fqcQx96Kxzoj81xpEcY/pa901U/aMj46puZPCx5rI+1/GsdfJIxq7HmrNVvp5jr+rnXo+pz+HSelSO++jlZX5Xm0vnrCHmto7nnD7uLTX97XEoP2LmvZmj8yJnY3NNdh3IOxfKcKz+wcrnIvrWGvfrWGSNGVu1kWc99/r7TJXv58hWv4hjbQ6Jo88Z9vGLe7X1eTAGeXpk/LY5r3o9N28Y3xv+eJ+Y0N/fr5DBB/yi6V9lbI5XX9GDPvpso1xBHwzqXI7yYGQXvTNz2xnrD75Vu/b345LcjO3Or+seXdd5wTa5VvcuIxaM6Tnen6/Ok+uQY38fx5/Z9+1dbBIHL3wc5QZ2iVG5/mwzT3tM6Kpxw4qx6ME/G9d9rkcclZ859nzGx2oTHUt26/NkNI6xxGbcyvQ1hRx+mOPYM1/g0mOeiatz6dfqIFbscZ82ksM350dflGNsbTM8Hds599yWl1y04/hu2/s57k4gRfPuzDIiBELgDgjwxsCbRd84YJrND28EyKSFQAiEQAiEQAiEwEMnQLHNvoiCuDeKZ4r2tNMRSNF8OrbRfCYE/ISQImvtdSbu7uRG/SRxLbbRA3YnQ/ck7CenfOJMDHwabcFMX1oIhEAIhEAIhMBuBHxvXds3+G3pbprvX/oh7/n4ooCfmuDlj3bzxYLzyR4p7XQEUjSfjm00nwkBfnyJgmvb60zc3ckNHqDb4uL+pX4ji9+8AfpjW7zB80nq6NvnncBFOARCIARCIASulADfWG7bOyBzie0h7/mYD+KrvwrIvogfU2c+005LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzaflGewiEQAiEQAiEQAiEQAiEQAiEwAUTSNF8wZMX10MgBEIgBEIgBEIgBEIgBEIgBE5LIEXzafneaP+Jx35yk1cYJAeSA8mB5EByIDmQHEgOJAeSA8mB88iBJ9705ulKMEXzNKr9BVkYaSEQAiEQAiEQAiEQAiEQAiEQAudB4A//6JlpR1I0T6PaX/CJJ968YVLyCoPkQHIgOZAcSA4kB5IDyYHkQHIgOXAeOTBb4aVoniUVuRAIgRAIgRAIgRAIgRAIgRAIgasjkKL56qY8AYdACIRACIRACIRACIRACIRACMwSSNE8SypyIRACIRACIRACIRACIRACIRACV0cgRfPVTXkCDoEQCIEQCIEQCIEQCIEQCIEQmCWQonmWVORCIARCIARCIARCIARCIARCIASujkCK5qub8gQcAiEQAiEQAiEQAiEQAiEQAiEwSyBF8yypyIVACIRACIRACIRACIRACIRACFwdgRTNVzflCTgEQiAEQiAEQiAEQiAEQiAEQmCWQIrmWVKRC4EQCIEQCIEQCIEQCIEQCIEQuDoCKZqvbsoTcAiEQAiEQAiEQAiEQAiEQAiEwCyBFM2zpCIXAiEQAiEQAiEQAiEQAiEQAiFwdQRSNF/dlCfgEAiBEAiBEAiBEAiBEAiBEAiBWQIpmmdJRS4EQiAEQiAEQiAEQiAEQiAEQuDqCKRovropT8AhEAIhEAIhEAIhEAIhEAIhEAKzBFI0z5KKXAiEQAiEQAiEQAiEQAiEQAiEwNURSNF8dVOegEMgBEIgBEIgBEIgBEIgBEIgBGYJpGieJRW5EAiBEAiBEAiBEAiBEAiBEAiBqyOQovnqpjwBh0AIhEAIhEAIhEAIhEAIhEAIzBJI0TxLKnIhEAIhEAIhEAIhEAIhEAIhEAJXRyBF89VNeQIOgRAIgRAIgRAIgRAIgRAIgRCYJZCieZZU5EIgBEIgBEIgBEIgBEIgBEIgBK6OQIrmq5vyBBwCIRACIRACIRACIRACIRACITBL4KKK5t/93d/d/NzP/dzmF3/xFzcf/ehHZ2OMXAiEQAiEQAiEQAiEQAiEQAiEQAjsReBiiuann35688gjj2w+7dM+bfN5n/d5m7e85S2bv/7rv94r6AwKgRAIgRAIgRAIgRAIgRAIgRAIgRkCZ180/8d//Mfmr/7qrzbf+q3felMwUzT7onDON84z0xyZEAiBEAiBEAiBEAiBEAiBEAiBfQicfdH8T//0T5tv+qZv2nzu537ui8WyRfMXf/EXb37pl35pn7jvdMxPPPaTm7zCIDmQHEgOJAeSA8mB5EByIDmQHEgOnEcOPPGmN0/XhGddND/77LOb7/zO7xwWzBbOX/3VX735mZ/5memA70PwiSfevPnDP3omrzBIDiQHkgPJgeRAciA5kBxIDiQHkgNnkgOzteHZFs380a/v//7vf8W3yxbLHPkd52/+5m/efMVXfMXNHwjjj4S9//3vn409ciEQAiEQAiEQAiEQAiEQAiEQAiGwSuBsi2YK4Fogj85/8zd/c/Prv/7rNz++7f2f+qmfSuG8OuW5GQIhEAIhEAIhEAIhEAIhEAIhMEvgootm/xDYH//xH2++/Mu/fPPpn/7pN4X2j//4j2/+5m/+ZpZB5EIgBEIgBEIgBEIgBEIgBEIgBEJgSOCii2b+6yn+z+ZPfvKTmw996EM3hTPfOH/2Z3/25jWvec0w4HSGQAiEQAiEQAiEQAiEQAiEQAiEwCyBsy2a/+Iv/uLmL2P7Y9cc+R1nftfZF39Vm99nfvTRRzcf+MAHNu9+97s33/3d3735wi/8ws2rXvWqm8I53zjPpkLkQiAEQiAEQiAEQiAEQiAEQiAEOoGzLZpxlP+fmf9SiterX/3qzTd8wzdsHn/88c3f/u3f3ny7/Fu/9Vubb/u2b9t8yZd8yeb7vu/7Nj/6oz+6eeKJJza/8iu/svmRH/mRzWd91mdtfuAHfmDDj2u/853v7LHnOgRCIARCIARCIARCIARCIARCIARWCZx10Vw9pxj+2q/92s1XfuVXbn7hF35h86u/+qubv/zLv9zwx8AonP1G+nWve93mve99780fA/ue7/mezed//uff3Puu7/quFM4VaM5DIARCIARCIARCIARCIARCIAS2EriYoplInnzyyc1XfdVXvVggv/GNb7z5g19/8id/cvNN9Gd+5mfe3PvBH/zBzXPPPbf52Mc+tvmO7/iOmx/Xpqj+uq/7us373ve+zb/+679uBROBEAiBEAiBEAiBEAiBEAiBEAiBELioopnp4veZ/VaZI/81Fe2jH/3oze83e4//v9nGt8z287vO/L50WgiEQAiEQAiEQAiEQAiEQAiEQAhsI3BxRTPF8W//9m9vvvRLv/SmEOYPgfE7y/wFbf7rKYpq/mAYxfG3f/u3b97znvdsnn766c2P/diP3fzuM/8tFb8b/fu///vb2OR+CIRACIRACIRACIRACIRACITAlRO4uKKZ+frEJz6x+bVf+7WbPxDG7zN/2Zd92eb1r3/9ze8xf/zjH78pnvlDYJ/xGZ9x89e0f/iHf3jzLd/yLZsv+IIv2HzO53zO5md/9mdv/tr2lc99wg+BEAiBEAiBEAiBEAiBEAiBENhC4CKL5hqTfwiM/5v5scce2/zyL//y8A+B8ePZfDtNAf33f//3m9/5nd/ZvPWtb80fB6swcx4CIRACIRACIRACIRACIRACIfAyAhdfNBPN0h8Cq7/n/EVf9EWb7/3e7938+7//++bP/uzPbr55ppCuv/v8MjK5CIEQCIEQCIEQCIEQCIEQCIEQuHoCD6JoZhZrgWwxXPv4hvmDH/zgUO7qsyAAQiAEQiAEQiAEQiAEQiAEQiAEhgQeTNHcv0Hm/2d+9atfvfG/ofrpn/7pzR/8wR+8rM/iekgmnSEQAiEQAiEQAiEQAiEQAiEQAldP4MEUzc4kv6vMHwX7xm/8xhf/m6nXve51N/81FX80jEK5vu7yx7OfffbZzZNPvmXzyCOvffH1+ONv3DzzzHt0/96Pzz33gRvfnnrqnXfiy9/+1T9vfvOt/2Pzv/74H21+7H/+v29eT/wvf7J512//5ebjL3zypD6g///6P/+/l9nGD/z56D98/EXbH/rzf7zx63//3/7fF/tOcYJ+GdTjXfE4RUz3qXOJJ/1/+vTf3adr9277f/zp8y/m/c/8wO/diT8wr3OC3f/jzX+2YX3Vxton/zmeY4Mdftc1OsopnxtVjnOfMTz7dmk8rxjP82DU4Ml9nmm96UvPe3Q6rt9Th2PRvTQnxM9rrTmv6Kkv4sHnUz7vtb3k/5rfp7734Q9/ZMM+wH0B16dq2thHP3uCRx/9oRs/2cdcejuExaljhzX+sR9LOz8CrtfMz/nNzak9enBFM8D+/M//fPP2t7/95r+i4r+jet/73ndTNNdi2fOv//qv3zz33HObf/u3fzsp63e96/duHoIsNs5ZbBTLb3vb22/63/CGnz+p/ZFyC+S68O27i6KZTRqbJzaRbGbYnNFH0Wr/rhvLUZyjPjZo2GXDyIaNjTD28YN+7NNHQ5Z71Rc3khyP1Swo0OkLH+SxbVN6qB+HxDSzaT7Uv13Hj3g+/f985KboYH7heq2NvCfPya+lYulYbFg/zgVH7JFrzIX9tdDjAyvu1w+ujuXLoXrwmdzBb87xsz6zakHreiLPOOcFb2LdVqgu+SmvXmDybMIvXsxrb9jkXmdqPOZDH8e1cTAeua4DGfzitdYsXOWG3soO3fUZu6Zr13vnnFN+kM5+gA/Wn3/+9n1n1xhn5Hl/r+/3M2OQoZCniGP/wnj8vKSG731Psy+Lu4j7PotmuKRgf2mWnYuXem7XA5xeeOGF2p3zKyDwIIvmPm884Pm/my2U6/FrvuZrNu9+97s3//Iv/9KHHfWaT2gfe5PupaEAACAASURBVOz1Q50uyrv+xhku/eHoA7O/wQwdP6DTjRibzL4BRG29f4CZxaFuFkcFA/6sbSJRyuaXTSR+Hqu5IR7p896pNpWHxsQ8bts0j+I6ZZ/MRjb8YOSUPEd2z6WP3L2r+bJgY82Nmh8KjdbiSP4++9aeCxaFxuEzjP7eeMawZnZ9hvjc4vlTm7Zl2QtbbPHqjXXAyzkaPc+Mw/XEt+y9cW9bPunjyAbrELa8Ru8H3d5DuvZbq3OO6a72BadgQGEzKppPYetYOt0Twv2u22hfeNc+nJO9d7zjN27y55x8ii/3R+AqiubXvva1m1e96lXD12te85o7oU/RzGv2kynk+BbaH4fiyCfS/Ue3ZuV6kL5R82biiwe0b448KPwWnPvIH8s2vrgB65u76qcbub4JZcPo5tDN/67Fj5vP0Ya2+uC5dqrv9PlyI8iGD9/Y/HGPI5vMGf9kos16lEXVA7tui+vRphOGbtLxi/O68da28XA0JuTqWDbZcnNDXce5eXaTjM8WqXVc/RHXqtO40cOL8dW/Y/DUN2PUFpycO+9x3OYrPo/mfjQfxNP1dbmuC7497hkZWXo07jpfzgkyM7GqYzSv2vGIj9hifpcaeYwMc0DDB66rX2s5WPUyxlxDR2eG7C7rpurmnNzgRVzb2iiOOsb7+DjbYE5c5EttrE/XNPd9ZiLjHPAMqQ0ZZHkWOgcjX/QTttxnDH21uX5qXz83b/pY5bxfP1zpOd6fp2t+wwhfkakxaG+ku69DZI+1XrXr0fda3399n/U+3zj3PQDXdQ+hDgod39M5LjVlvG9xxnu79/Cj2qn9+opdGx/285Ny3uMcf2pDBy9k3dOgQ/vIq4P77D/63oYvHbrebYzUr28c6aMZV/UTn/zmH1lsKq9cZb5tj+SYepyxod/EW3NgxBbdu+isvnBeOXheeaF7rdW5Y5y5U1k7nrhgqn7s9Tl1HLLmymju0bmLPotf9NPIrz6+77H1sx61S59sOHLtfClPfNv2zcaGL4zb1mbW2zYdub8/gasomvmr2e9973uHL340+y6aC8I3BBfbyDaLmYcjsvVHue3zx7dm5UY2WMg+8LWBPhc/i5f7XHMfX1jctkNsu4lzk6zOfnSj4wbRazZO9HHNBovrtU1518s1PjCOTRV+sIFkc7XUlOM+myg3ZNjHD/TxYuOKXvvRa9+afvTiB3ZqQyc60Fl54QN91RabYq5hwTibvrLhpfhAn7bcoC7F5KaUGBhHrG6c2eRix3lBhnN00dwE4xPn3PNFnFWnPtaNPT4SCy/6Get8o1M7xtmPxtj7udYeOmnIopMXccKJ2DmvvtLv2FpgOPfI6qvxE6fz4bzV2I2JPps21IUf+qeuGRn1eSQmYjYmzs3L2ViNC3/qvGqjHuGFLeRmm/45ZlsOqlceNc9lZq7In37XKIy57utGvfVYY3du6v163uOo9zzHJnx2afrqGPKhMua85qbzij+1uT7MJ6/NB2VrHMh2+8gxltdak133wzHOs3qwxZqoc0Us9ukn18RsHOpjnGuqxsB9dTPOedQ/xqjLfKEP2+jZd73ql0ffby0Wea91g82R99y6B2DT7/swY2m+X9PPhp/rXoRoj6NFkX3uS3hv55zxFhe8/9PwhT1A3RNo3z0EtrHLhl4bjLHRZzzIIMs+Rvvo1r5FK/KwQZ4XPtJX9z/qdA+DDsdhG9nuu+P1Ux+xgR/arAUQPtkq87U9kvL16FhtcC1DuNvkQizcl625gq+2Wb/V6TiPlcPSvlDZfhzZhhV+O6eOqXESNzE515zbGMd4/OpxO3fI7qoPdupjvHHDHX+IpecY/TLnnBdNll5z1G/84pq8I47RvhlZ7SonsxsDC/9oF27Ewss4OE87PYGrKJpPj3HOAovSBdgXWNXgQ943UO/xRsU4FiVtVs7x/egCdOFz38Vf3yTo941U2UNsu4Fhk7utsalxE+W4uiFkPJse5Li/S2PThQ9srhjPi80RmyI3TeqrftDnBqvaZBxybtAdiy76t8VLnMiNXnUjh14YIFft02+RAhMaviAnw5vOT/2DTu4Z6ygmmRNbbVzXvpEN9XGsjXH40znhD3Nhkwcx1aZPszzrWGzqF/Zs2uo88YeXjJQ35/SNmGBQmSBrrOpl3kbFmfPGxpyGP5UFffoutxmZG2WDf0bzNRur/Pq8Dsy8yNq4RjK9z/lVv9cjtvbBhJj6s4GxcFJudt10n+q1hRv2eMGNXHSOldVv47C/Hs272rftHFvYtWjEH67NC2KsuaN81SuvuobU47ND+R4HLLFX4yIOXmsNecZ1TnUM99WjHeNSrj9Plas55npy3pdi8L66uca+Ph5zvWqjH9301n6LCd9vvcfG2A03fb5fo2OmdVvuAXg/r819in3aQd7G/gRfRrYdb3Gt3R7Pkn308nI8No2dfRQNXej1Wr/cq7h/GvmOrD45jqKFV7XJPfVZlKhv2x5JvfUIZ+zqm/fghW2bXLBdG74hVwuxWb/VWfVx3jko1+eqj+NaXzoz8xddNHOl5xn3iL3Gw7xzXXU69/vqw8+qj3Pi7ny1U/3sfPC5M5rNCfQSX9Vf+XBvrbH3x5/aiIVxPR+rTM6PRyBF8/FYTmvy008fLCQ8C8FF7SKlf/Ry0czKLTnWFz5yLn4fTo7tsofYdgNTN2za6ce6iXJc3awh3zdjyjG2v9wMdTtsstgs+s0Pm866Cat+jGzSx2ar26vXbga7ba8dj4/1RXz4Uwtn9NaiTx0cleVcNhZ3Vc7NpveUrYzYoKKPF/MFEzfrVVfnU21XfXUM52yIuY9t2SsDD+yOGrK81po86xx4Tiy1EFa26sMv5HsRgYxFh/ccX3VWXZ5rf+kIB5pzwRxzPmI4I6PdfsQ+Ptt2iVW7I5/U51HZupa8t3TUF8bSZnJQO+bykm7inlk3S+NrP+uANWQhLlNzoMdRx3pu3vTrnh91rmDJfZn2Itl1bbHJOkGmNvIfHXUOK2djYMwoDhiyNn0W4F/1sdry3DmqNr3nUYZcy6az8Fp7+EBffT8xPuPoMajb+9rvR20tHc1RY1tbr123176Xes2R932KiVGjAPDe0vv1aBx93VZ/X3dclxvZcazFpGM5Whx4r+tTVh3or809Ue0b+eB99lTcx6621Lk0Tjl0KNOLKO5Z8HlPWXyvbSmWKlPP0YsuxlEkErNNXb245r7fsBoz4/TN8Ry73+qsMpxXDlwrh29rTQ4j2xaf6Ko68XXppS3u41Nt2jqWvqqbfTf6+fBFttpBrvOhrzPq/qm/y6nLvb5yHFnTxD7bsAlnbXRms3oitxuBFM278Tq6NIvHheqnTy4sFsXo5YN0Vm7JaRcbNmycs3C5V1uXPcQ2GxU2IW56qp167kbHzZDXblSUdcPiZgz9nI9e2zZJ6GSchaI2ur/dJnJuxEZ26XMTq85+dHzv51p7bIhp3Z86pupxHPZ7ow89yNCWZGFGcciGEHlt13jsqzaW9GkLxozjiM9eq4M+XqNWYxzdp0+ZPh8jeWXrvc6n3uO8xjwa3+UdA8fuk9cWIchSAFoQycm5UveMjLL1WH2nf5dY1+a12uAc/7DV/e5y2DefRr5sy8FZn3rc1Y/ZOaxjPMc/CzXX6CgO5T26pryGAeP6SzbIWSRaCLNufEbW+zBhHDHrE/fxlb7Rh07GYEGO/CgO+/QBdrzW2rY50i/1OB+dhdeVietE+zDRt1EM6lZ+6QinY67XkR3fS+u9UeHg/Sq/9H6tbD/Wsdzr7+vKd7mRnaWx6OjyXZ92lnSM4u860UHRYMHpGK+RH/mi7erTSLdyHNW9pm8plqqHc+T44AOdHPHDa2XV5XU9eg+fd/HbcVUX55UD18rJr8t7vWa731Mne1zujV7qraztO7Y+9LKPNnZsUrRauOKvTRmvORoPftG6f8p2uZEuZdfuKVPrBXwm1x3HMe30BFI0n57xzeJk8bjAukkXHMUzzUVQf3+jj9lFbjSWvr6g6dMX7tXWZWd9rDrquZvFWiTU+5xTqLFp8dsjN2p9A75tM9b1cs0msuupcm6q9A8/3MwhN7LZx1R9M+eOH8kau99supkbybJhhC9NP2VY5WFQ+SqLrbXGhhobddPd+VTbXZ92OLJRtvX4ucbOqGG72h/JdH0jGftGsp25shwtRpwPx9d4qrzncNrmt7L1SB5SBDC+FjS7yijf52uXWJ2/Pq/qrkcLvLWYlbHI0RfsLLWeg/o0yvOqg7hdG7Wf87pu+j2umXPsLMWt3xawXi/F0eMe2VzqIwb81UbPCXgj4xrHlk1WsFh61fnSRo/DApv75D+vtaZd5EeNGPDHAt81VX0fjaPPscw/L/RUJj0Gdd/nejUW30u95ugmvvZ5nm+ab/cm7lX4ib26V+p7FeX6nqZyV2b0rWn/xlbZrq/bdb7qURmO9dvG6gvyyvkFSdXhlyzn/E1zZ2Q8/Ufpa1ye71I076sP9q4jfLV1v+nvc0Of8Th2NG4kp64699r2ntejIzL43eMeMRuNT9/hBFI0H85wqwYebr4JjhaLP8rkN81eszBrc2FaXM/KVR31vC987mmj2+6yh9p2Y8PGbrRxcZNTN7j29c3bts1YjdlzN3x1Y+U9/GHTWAs2NmF1Uziy6Qa1+6ffbqa1049u5Ho/124K1W0Bhe7a5GoxZ3FXfVcetsQl/1FM9DFWGcd2Xzsf5Eb66O9j6ZM5emzKuYm2/xg81eVRW157JAd49fj7BzrOffdVBubZ0rxVOYoE/Om6jBvZGRljGB1H8zUbq7723BvZoU9W5mSVg6vs1VfjRBZ7yPQ5cBwy5rmFtzbU5dpb4t/XjePrEeZwW3pm9RzQNv73RiyuP3zftclUBp1NvV8LYOz4bMO/0Uud3KMtxYFNcgZ9jOG11tbyBgbqMhZ5dn7645xikzHMDX3Grp5RDOrua0wfj71e17iMNsv+6pabcsf7Y68Wd0vv18r3Y7fV39eV73IjOxaTyPbmN3bud7o+5Zfsj4qA7sPS2M6uj9N294lihJc+Kwdr/IE9bUnfkj/q4dht0oc9vx1XVl3EUhuy+Ii8bdZvddZC3L0p8dmUI85tTV86M+cAXbSlXBnFMzP3x9ZnnKN97WjOOqPZnFA/x9qMp85Dve/5iI1j8TPt9ARSNJ+e8Y0FPhki4XnYsWBYZPT5qSFvMj54OPqmw31kGdMfjrNySyHWxcZDoH5y6cPOsf0hcaht9FoIsulis8JmiD42PqPNqZulvolyo8P92caGyk0r9tg0Mx5d+IN9N07o5LpuCt2k08cYNtRdJ/rYlC0VI91XdGGHcfXFJrDrwJ592Ed+JIcNN5HoJ07i0hZjbaOYLCZgxTjtdB4WI+iTG+fGow2Ozi9j0Ie8G3nkbfpIHzEgW3nCYK05fk3Ge0uyxo9/+Mm1/jPGVudeX42/FlkWB8wd95d4mpvqwrZ9jKF5vSajf/3Y54/7s7Eal3503f26soEZsTiXo7XGPfzDTvWLeB1LzD0G54W8IhZkXSNwp+2ybm4GtH/QiV38JhfxlT5t4yPx0oyDe5zzwi98N98Zu09Td2egLueS+9i36T8+LDXHwpGmLeejjlPfkh9V1ryRG3plxzzBxHliXM0bGdb1L2dt4K96aszc7zFU3a4f/atzeMz1qp/9ONqU817s+z3vvewBKN7sc6+wtFnvNrzutvr7+pLckh0LSvRSVLKn0UbdQ9info9L9kfFQffBPRV7JWzzwg6MGI+8jT72XrKkv/vEePdo6Oba/Rmytu6H/UuxeJ+j+igq0YMd/NJnZdVFP7L4gqz7Qq5tu/qNDvTzwjYx87KN9oXe68c6BzKzYEYnNmzGDsseT50rxlXejB8xP0SfHxbAF7/Rjz7nofptoct9+znip36P/MPvLlf3zawdxrm3Rx+vteZ8oZexHPGZV2e2pif39ieQonl/djuPJMnrwmSB8ABj0fTG4kLWRcKi4JrFXtusXB1Tz30j9gEwu/jRcahtdLCZYYPDZoeNFy82LWyO+qaob3yMw80O93dp6McO9rSNH/hTN2/oHG0K2Wzpt7bRyXiLAfVtK/CwYeGmLx7Rha3OA52Vnba6HLrZnNY4OWdz3NsoJuSqb/gD82oHXuq3mFyaFxnJDn3Mg/L6pE3sqxsmbI77/DimHh1f+5bO12SZW2zW+cDX3npcS/OB727w0TniqS7uaZcx5hm2Z2S6j16j03myj+NMrM5T9aXqWDonB+WMffn0uUQv9yvjmRzELmM6s65/l3UzigX/6rrDV/KTHK7NOLhfX8iyzmaeCVVfP1dnt6uc9+s6l/822zJEzjjqfGiDozpH+VTlzBv98sg4YiCfe+s5bs6M/K8FfI0ZnaMY1O1zSN3dj2Ot1x6b12x2R5tl3uvrfsE9AO+7tqX3a+/3Y7fVN/XKd7k1O7WYc09Tizp0dn3aWbKPHsbUNvKB8XWPxH7GIhJ5Gz4qxxjayCfG1KKPMcqra+QH95ZicRxH90zMJTGin/2fY5X1mgK2+uMHBMp5nPEbWdjIwdj84ENdHPu+sN7r5+i0mCcm/LXQ7Oy47rJ1ntA9O/fI7quPsSO/Laar38xZnQPt4qe+75IToxzA3igfsVXbKB+wzdi+Xuq4nB+PQIrm47GMphAIgSMScDN+RJVRFQIhEAIhEAIhcAQCFvxdFR9SUFRSmKa9RICilwLZYvulO5ubDzP4QCHtvAmkaD7v+Yl3IXC1BFI0X+3UJ/AQCIEQCIEzJ0AB6LfLFMgUg35LnQLwlZPHt8z8lAEvPnCAFx8w+C1zPmR4JbNz60nRfG4zEn9CIARuCKRoTiKEQAiEQAiEwPkS6D+e7499UyCmvZJA/7ULP3QYffv8ytHpuW8CKZrvewZiPwRCIARCIARCIARCIARCIARC4GwJpGg+26mJYyEQAiEQAiEQAiEQAiEQAiEQAvdN4CyLZn5cwRd/PbI379W/cNdlch0CIRACIRACIRACIRACIRACIRAChxI4+6KZApm/OFfboUWzv3SfP9FeqeY8BEIgBEIgBEIgBEIgBEIgBEKgE7iIorkXt4cWzf4feV1vh5PrEAiBEAiBEAiBEAiBEAiBEAiB6yZw1kWzxS1Fcv1T7KOi2f8w3P+4HRn+5D0/wu1f8eOv0zm2HmvxvPSXAK87TRJ9CIRACIRACIRACIRACIRACFwngbMumil4LYI5Wvxa8Po7zfRTINvPeb9mevkxbwpk5SjKueb/laPx+9Pe6zpqYX2dqZKoQyAEQiAEQiAEQiAEQiAEQuD6CJx90Vy/HbZItrD1mqLXPv7DcBv37ecbZJt9tRCudqqO2l91qCvHEAiBEAiBEAiBEAiBEAiBEAiBh0vg7Itm0D/55Ftuil++GeY/BrfotWiu3x7Xqaqy6LA5vhbNtcDmW2bu+VJ+9Je81ZljCIRACIRACIRACIRACIRACITAwyNwEUVzLX7rj1BbNFvUcuzNe7VAHvVx3/6lY9XR7Wy7Vv82udyfI8CP5PthCvPFj++P/sr6IXM250mkQiAEQiAEQiAEQiAEQiAEHjKBiyiamYD6TbBFrUWzBSn9tdVie5dvmvmR7GM3fTy23ll92N+ngPTH00/BZNb3kZwFMz8yj2/8SD3zXRv5sE/MVUfOQyAEQiAEQiAEQiAEQiAErpvAxRTNfLPoHwXrRXMtqOvvI9f++vvIjufHsG0Wh9yrBTb9FpxVt+Nmj+hA9301f+R8V/v81XL8PreieYYnfqdo3nXGIx8CIRACIRACIRACIRACIVAJXEzRjNMWcBRDvPymefavZxu431Kqx8Kq/ug3vz9NoamMv0+tjl2PFnn8CHG1z3n/sWJ0U+RX+5zX/3ZL+xSzVR8fLMgFmfphgLEYb/eFGGEAT5o+O44j+tSJP8qok2970YEu5LvO6hN68FXZ7vuNE+0fbVef6nmNnX79Ug3364cv3B9xVT7HEAiBEAiBEAiBEAiBEAiB6yZwUUUzU2WRRkFUCyQKvV4QUWhWGaca2VpoUuTZerFKgcX9/qO/ys8e9Rt9/LVvij++uaZg5FULZ+wRHz5S0OGT4+u33fQjR5ycI1vH4huxWmgix7m28AXb6KQfVrXQRE59ylR9jMVHxmKbe8ajPDrpw7at+kNc+u6cYHOpaR99+IouX1zX+a6xoM9Y5I/P2uQ8LQRCIARCIARCIARCIARCIAQ6gbMsmruTD+HaorcXZxaQFooUqr3YM34LRQpHmgWq18r5X3BVWyOd9FE01sYYCk91Wkjjp02fiak2+i2Ca7/+WKw7vhbSystp24cUyjmOI/EsFc1yrR86OBY/+AAhLQRCIARCIARCIARCIARCIAQ6gRTNnciJrinyKHJHjYLNos0itRa8jqHgozDknoUnBWlvFoj13qhotvCkcEa3RW3Vpz/Ys2m7Fqje80jRixx6taMOx48KWL8957jW1Fll1opm40Bm6VV15TwEQiAEQiAEQiAEQiAEQiAEIJCi+Y7ygCKP16jVAtDizgKzyltsIlPPq4znvUju18rVohYZivdasI/8WbPNWHRYmBKb18bkeK/1haP3sLvWKjPlsFnH1ZiNg3ixMXqpJ8cQCIEQCIEQCIEQCIEQCIEQkECKZkmc+EiRd27fNPeQKST9EXB/PNpik3s2znuByj37+eba8fR3HcrdxzfN277BNsYcQyAEQiAEQiAEQiAEQiAEQgACKZrvKA/8ZrQXihaQd/07zXwjjE/Yr60XuP0aWX3mXm0jWe77x7a05Xi+gfZ3p9Ujp1p0e68elat9vZCv3zT7I+uMqw37fJiBL2khEAIhEAIhEAIhEAIhEAIh0AmkaO5ETnRNsUZxRiHH7xpTOFJA08erFon+4SzGUNzy7ahFYi1UuYc+Cj5kuPYvRPfi0MKV8chiT9v+yHL1x2K2FpuMZZxFb/UFbOjFH76txhdeNe5eNCur7/pYfxd7aTrkUe+jr/rEdeVQ2eAbdv1mXd/Qh44+ttrJeQiEQAiEQAiEQAiEQAiEwPUQSNF8R3NN8caLYs1CjcKMQnH0B7hqQYechWh3l2LPYhM5CuhaOCqPDe1aSNLHWIt5jhSWtYBnPEWsMtjjha2RHfrwgfuMYSwxc21h6njuYU/dS74bQz0SAzpr6z5xbazK4Z8cuE/8+lVlRmO9n2MIhEAIhEAIhEAIhEAIhMD1EEjRfD1zfTaRWjSPiu6zcTKOhEAIhEAIhEAIhEAIhEAIhEB+pzk5cB8EUjTfB/XYDIEQCIEQCIEQCIEQCIEQ2IdAvmneh1rGHEQgRfNB+DI4BEIgBEIgBEIgBEIgBELgDgmkaL5D2DEVAiEQAiEQAiEQAiEQAiEQAiFwWQRSNF/WfMXbEAiBEAiBEAiBEAiBEAiBEAiBOySQovkOYcdUCIRACIRACIRACIRACIRACITAZRFI0XxZ8xVvQyAEQiAEQiAEQiAEQiAEQiAE7pBAiuY7hB1TIRACIRACIRACIRACIRACIRACl0UgRfNlzVe8DYEQCIEQCIEQCIEQCIEQCIEQuEMCKZrvEHZMhUAIhEAIhEAIhEAIhEAIhEAIXBaBFM2XNV/xNgRCIARCIARCIARCIARCIARC4A4JpGi+Q9gxFQIhEAIhEAIhEAIhEAIhEAIhcFkEUjRf1nzF2xAIgRAIgRAIgRAIgRAIgRAIgTskkKL5DmHHVAiEQAiEQAiEQAiEQAiEQAiEwGURSNF8WfMVb0MgBEIgBEIgBEIgBEIgBEIgBO6QQIrmO4D9E4/95CavMEgOJAeSA8mB5EByIDmQHEgOJAeSA+eRA0+86c3TlWCK5mlU+ws+8cSbN3/4R8/kFQbJgeRAciA5kBxIDiQHkgPJgeRAcuBMcmC2wkvRPEsqciEQAiEQAiEQAiEQAiEQAiEQAldHIEXz1U15Ag6BEAiBEAiBEAiBEAiBEAiBEJglkKJ5llTkQiAEQiAEQiAEQiAEQiAEQiAEro5Aiuarm/IEHAIhEAIhEAIhEAIhEAIhEAIhMEsgRfMsqciFQAiEQAiEQAiEQAiEQAiEQAhcHYEUzVc35Qk4BEIgBEIgBEIgBEIgBEIgBEJglkCK5llSkQuBEAiBEAiBEAiBEAiBEAiBELg6Aimar27KE3AIhEAIhEAIhEAIhEAIhEAIhMAsgRTNs6QiFwIhEAIhEAIhEAIhEAIhEAIhcHUEUjRf3ZQn4BAIgRAIgRAIgRAIgRAIgRAIgVkCKZpnSUUuBEIgBEIgBEIgBEIgBEIgBELg6gikaL66KU/AIRACIRACIRACIRACIRACIRACswRSNM+SilwIhEAIhEAIhEAIhEAIhEAIhMDVEUjRfHVTnoBDIARCIARCIARCIARCIARCIARmCaRoniUVuRAIgRAIgRAIgRAIgRAIgRAIgasjkKL56qY8AYdACIRACIRACIRACIRACIRACMwSSNE8SypyIRACIRACIRACIRACIRACIRACV0cgRfPVTXkCDoEQCIEQCIEQCIEQCIEQCIEQmCWQonmWVORCIARCIARCIARCIARCIARCIASujkCK5qub8gQcAiEQAiEQAiEQAiEQAiEQAiEwSyBF8yypyIVACIRACIRACIRACIRACIRACFwdgRTNVzflCTgEQiAEQiAEQiAEQiAEQiAEQmCWQIrmWVKRC4EQCIEQCIEQCIEQCIEQCIEQuDoCKZqvbsoTcAiEQAiEQAiEQAiEQAiEQAiEwCyBeyua/6c3bjZ5hUFyIDmQHEgOJAeSA8mB5EByIDmQHEgOnDIHZovjJbkUzSne8+FFciA5kBxIDiQHkgPJgeRAciA5kBx4sDmwVAzP9qdozuJ4sIvjlJ9WRXc+DU0OJAeSA8mB5EByIDmQHEgOXEYOzBbHS3IpmlM0p2hODiQHkgPJgeRAciA5kBxIDiQHkgMPNgeWiuHZ/hTNWRwPdnHkk7/L+OQv85R5UUN3swAAIABJREFUSg4kB5IDyYHkQHIgOZAcOGUOzBbHS3IpmlM0p2hODiQHkgPJgeRAciA5kBxIDiQHkgMPNgeWiuHZ/p2K5uee+8DmySffsnnkkdfevN7whp/fPPPMe2ZtvUyOTxJoH/nHl3+q8l/+dLP52Mdv733iky+/N/Ppw0jnzLhjy7z1U1h6fMe2c0p9T3/odh6I5ZR27lL3f/qvm837/+42Lv793Q9cdmzJs8uZv/tcTzyHaLuutX3za99xu/p36PvFyB6cLvm5PYrpPvve9O7N5h/++Tb/+Jfz6o+5wvqo/fuea2nf8TPjeo7chc0Zv85d5j6fgYey2fcZeojdS+Z1SNzHGMtz5YPPbzbUETbm8Kn/fpznzDF83FVHz4d+vau+S5E/Zpzmwr7H6aKZ4phi+fHH33hTKD/77LMvFtBPPfXOne0zWbS+OSHBKZrZDK0lt2+0HOvEj3TW+3d1TnGGb2wY7srmse0cM1GP7du++iiSae/98O389PzZV+99jUueXc76us/1tO+Gb9/8Go1bemYfsnZm3y92sXHf7yHYJ1d28RlZ82vXcaeWr3NEDvTYzIvev69f6OO17/iZcT1H7sLmjF/nLmOOnnp+TsFh32foIb5cMq+ZuI1vRnYXGfZ3NGoJ9nzkG/WEX5gwl7xH7aJzF1ns0Y6d5/JSb7/excdLkj1mnLczs/+/00Xzo4/+0Oaxx17/Ckt828y9XRsTRutF86hvNLkU1TSTR5nZ8crnuPzgOGaingvnhxjTubDd149rmZP7jPM+Nnw9H5ae2V1ul+tTPO9PoXM2JjZyNHJldoxybhS9PpfjNp5uMPeJ+b5i3BbTffl17nbv8xl4KJv7eIZeMq8Z3qd4Zvk+w7fMIx8onmkU0KP7x+jTh16fHKq750O/PlT/uY4/Zpy3s7//v1NF8wsvvLDhR7Off/75V1jim2e+gd61MTk0i2ahVD30jSbRh1eVNTnVyVh/LMNvrqsuNicsGmU4sshmvxlmUfQfOaOv2tAX+/oY/BrFSB/3bCO/8H9Gbh+bsEA3Lxps3cz1B40y/UfufDDJBB3EYRvFzrzyYozx64sM1449VnzSPuNGTX3Me/UPP+jTJ+WWjv/5v70yn2AFN8fAgIZP6KVx9P7ouC0mxnQ9PRYYdl8YN5M/s3m2j03n1hy6lDwbzROc+vOkM69xqmMmb5xjxjuOo/lU+7sfrKOab3X87HnPL9cEetfWaR1nvt8k66f+wf8lH3ocPYdlWfVVDn3dOBfIV7mRfWTwt+ro9h03uz6Q55m49p6xFlP1Bf/687Ny8Byb5gjjnQOO3JvJPX1yPtTdn63yqEfHOqYfnX997PPCtfnFWOek2hidG6f39J05tI3eU5Wvx/5cQzd9NDkiv6/NPq9LXLflDpyIr/rOue/DHLnuLBjTWTgfo5xBx+y8VDnscM2L5tx3f9euYcyr6iVuYluap6pvJt+R74ywUVlUnd0usj5rqtzSeY0FLn0u5MW3peYYciMb23IEH2RIPPhKc266j9U3ZcyNOn+d1yinum6uR005dFb7yHY2yvajz1jmu9/z2ti95jjDz/lg3pfmo/Ybo7y4RocfFnCtD7vYV5/+eI2umflAnlbzGr/1pR/NmzonMDz22sNutWHe7Rtnj4PrQ9tU0bxmhG+fj/FNMwnuRJL0nC8lPQnLQ4Pmj16QKBUIk0xC1ERUH7LYYEIcrxx9yo2A04csDR2cY8eFyrXjkDER0VnHEB8PARoJ4Rjj4p7+4xMv4kZO/xnL4kMXcfggUG7Wpn5Um/LBBvqxa5++2ncTxObl3NCFz8gwniYvro0T/9UHK8a4GIlf3ypX5etxZk6qXecdHfCSsf34RR/NOaz26vnaeGIxN+WAXuLimhirrno+ExPy3UdsYsNYfODUOORf51wG5s9snuHDjE3nsto0p4gBHuiyr7Kgz1bXJ7rwG1n5njLPqk+ejzjJHF+cf/uMczZvsEOrz4kar/3YYR5o9bngvNKvz7scGVdzZ3ad1nHEas6Zl3LpvszwJAfqfHNuXozWjXmCT/Lqdr1GBmaw1Fd40up8jvxE3jlwHaHX2Gvuw5HGGGTwn3Ma8sZEP63mNXpoxoIs92mc80InRxrxMIZrnjn4bl4YI7roQ48s6KPRh0++J2lr7bk8miPsG2P30VgqL/O4vhesPTMZK1djkL268NnYl3KQscwfDVkZoYNrWl8T9O1ic5SnI676v5Y75mdnY54Qp/la48EHbNLn+lnKGWLTF1kuzYt2q8/agZNzL6+Zo/OKr/iNbXnRp61RHs8+a2Hk+jVG5h79vOocqxMf8MfcRo6+bTHJUr/RoR2fHa4/+jnHhnPNeG0opy7YyKvmBH3oIkYZMobGtfpGvo3mbzan1FuPxOL8cc6L++rEpzoHzotsqi7PGUura9N7a8dRvPJj/h0rZ3xZmg/8U5/PDfxCB838YF5krrzzR/+afVnpj9eyw4a20eXczaxxY61HfUEv+k6x9rBnLlYO+g67XeOsMXh+Owv7/3tQ0fyOd/zGzbfMx/ydZkKZSfieLBUICW2S0s8E0xjDNclE64vPBUcCq2909KFTbXCO33UsNoyFyabVBagv9uEPjYSpdhmLHuX033iUZUG4IOk7xCbx+JAyUWUuN+zRXPA+ALCNH8aBv/jvOP11MXiNDK3KOSdyVLYfZ+fEGIwJPS7Uapd+OW+z7fiqk/HmHQ9+rp2PbfqQ5TUbE8yqTq5lry58IXZ4EudIBv/Qs2ueYWOkb8bmpeWZPOvRPJGb97iGp3nRc282b+TLeHVzNJ/sX/LD+WaO6vjZc8bV/OKcVtfLaJ32cT3+JftLcXSejO826ButG/rlLa8l++hEhxsM5fTf55x+dn39OSz/ylCdbhrhR1+f09qHPcdx5Lr2OS9VRn3dNv30GYtj3JA7t8bsM0w5/JWzfUvHPkf6xJExXstRXjU2dcOL9yWvR8fOgWt8rbLYwJ5x1nuemy9dBr96TPvYlJ9zj13O0eU+Qhb06ZfHmjvKOU5d+Ol7gX73eLBJc6zz0W1qY9u8KKdd/cVO31N4b+Yo4+q/vsKi6jCPXcPOpTmnbH+PllGP0Zjg5Fh09r0m99TZ15bjOKqvM8I/4tS+689rdTj3XjN3fb6c12pjxFA5xy/5Npo/edU5wSd1mlP62Y/6U/vV6fPAe/25an89mg/b7NYxxmv89Z6ciYf+2flQrucb+cO6Vx8697Gv3m5HdtvmQ06jmGv8njtPVa86jrX25FDzFfvHzrubh90B/+xdNNc/DLaPfWDQ+qSN+py4euzJ4r3ReCeXMciZADcODP7pPqmbo7r6JqLKeF59YeJZLLxY0DxQfaArb0w8dO0bHfW/LjzlSDga9w61qT/EjH6T2gc4MdCIgzcPk1250ZsG99CHbt9A9d24vPaIjWPNSY8JG7S+8OmHH23N9tp47jHf6jZ38IF7ay9ld80zdMqR+WCuYF5tyeBYeXaoTf059zyrDOu5vEfrscr1OJfyjjE1b7im9bwxR+xf88N71Z/Zc2wzXvklXV2uX/f41deP6t/Gk3HdhkxG68bNrLy6Xa/R6bPMPo4852huyNb8rM9h4x6tNzc53tP/6uPMcxz/9Kf6PNJX7xsXcviiDq65p+/9GcI9OND6+1jXjwx67dcnbXhtzNq81T7+V12jozF4T308hznXrveXjlj22d1leky72jTmUZ5WW/puftR7PXd4P+WljO/PjtXHMdGX5kjfsK0ujvqyNJ7+KqfdkY7ZOahj9b/2bfNVO/i2NJf1WauN0bPHe9pf48C9zs9xHGU5YjSSMw7vdV/s54gserWBrPeXxuGvco4b+Ua+0vRHfbe9r/xXndrvR8fXfvtGc1Cfq3WM5/hF8xlt/9pxLd6+xpQ1fvXqs9dLcvjWmSg74r3NvmP1Rz9uKbzyX23LifH6vHZUb5VZ0tF9wouZtee4EQfv7Rpn9dfzV1LZrWevotlvmPkjYPy+8z6NAGhOYg2o93mvHjtE74109sk1AegfvUYbBPV3XfaPjt0XHgI8dEggG75obymmrlv/ez/XXcchNrsu9POm7PzwAHMxuIFCxoVeH3ro4s2JxhEdXhvHUlyM0aay9bjLnIxiWtO/dk8f1mRqTLv4uYvsyD5zoG3uM28+jEYMjKUeHV/7PB/p2NfmSNc55pmx9+Mapyrb4xzNm/JdJ7KM9z7HniN9TJVdu1flRufdzyVdXa5f9/hHtuhb0j+S7zY6kzpm7V6VQ2dn7f1qb83PGms9V4/H7lO/Vm7bcxy5kT9L+pDnecA6szHea8Yho+/6UY/eU7beq+eVGf365Div0cd99fI84d7oVfX38xEHYuX9yvccjtrr473uftvPsd/b1WaPuequ57JAvvZz3nX4vut+wngdp48jnvQ5rut1vL5smxfl0ONYj2v3lFk66n+9v81XfejzVXVUvfW8ynDe76GT/Q82Rq+1D5NmOSzJdV94PrgHwy/fP3vcfZwxVrklm8j2e+obxU+fOaWdfnR87R/1eb/bt98jHGos9vcjfuEf/Ws6kaEhsybbfV7SOfJtSRZ72+z3sfrBuNHL+eh6O59+rd7av6Sj+zSKWT1Vbx+nDMd+z3GjGOkzzqrD85sJPeCfnYvmt73t7Tc/ks1x34IZfwmARvAGs9RX73veIdo/0tknV+BrDzX19aO6tn1CzLiRL1UfnwTz5s0Djn5jsripsvVc/2tR6v1tn8TtYlN/iFn9Ppi5pskBn2kc8c9iGjn1cKw+G4e6+7X96OWe1/24y5zoS40J/dXfqn+bbWTXxjO/6tZPfKg2RufKynckY982H9GFDzRyXganzLNdbOoPY4zpHPNM3/rRvK253WW47nEyH+ZGl695wz1azxtzxP41P7zX7cxcY7uuvyVdXa5f9/iXbKt/G0+5VN9kMlo33pPXkn385jna77N2aOQm99b8rM9h4x6tNwsd78362J/j1Z/q95I++/Gzvg/qK/fR4/VoE+IareOrbc9hNpojbeiL86JNYlTHLkfnZWkM/jo/azbwe2l99ph2tWnMozytfsvC/Kj3eu6Yn+hk7dDMVcbp47b50jfnQ5v6ssYMWeVGPnvPuVf3zFH/q+w2X7UDi6W5rM9abYyePd7TPjrdu9k3e5TDiFHVoZxxeK/7wjVx9LnBR+4tjbO/ymlz5Jv39Ec/tuWUdvrR8bXfvtEcuG5H99ThB39rPiEDL8YY0yjevsaUNX5t6rPXS3KVc5fdx363ox9rsWMX/2mM14+1o3qrzJKO7hN2Ztae40YcvCd3/dkWZ/XX89vI9/93p6K5Fsz7m7wdSQA0gjeYpb563/MO0f6Rzj65LgR0OI6jcvWNpt73nMXGoqsLl3P7lau+YItY6xjknHzO2ZjQeDCog2P3a8l/EggfTNBDbOKnDx8TFV9IaBpvzLS6mcK2/ZVtjdG4qn77RnLco3FPudFR9pUv5/Y7Br9oNSYfxDUW5OW8zbbjq07GV1ZcO4+VjX6Njvq+LabKB5v4232pcR87zw6xWfOg+lzZEV+dm/vMs9E8mScc632Zu5Hx2jhn8wadtP5csGgxn5b8cL7RUf2bPWdcXQOcj3R1uX7d41+yvxSH4+Upl+obfaN1Q7+85bVk/ya4lnPIdvv62fX157D8u5/o5FlNc42PnhHoZ6wy+t3noV8jN9JXYzEX1Skj+4255x6+yNmxS0fiq7Hrkza8luMSr1mblQNzwXVfm93myHdZ1GcPcs57jWkfm/Kr89pjXGKBHz137ON92+cnR2PTbznbLwv3PV53uSVflnwe5cxoT6Ef246VsbJLvpq33EfWufTa8XLywwsZ9XwxdnLZsUs6tV2fU47xqL7OyHicC3V1vzuLvsawo42lPNUXjnW847pvzHOfP3n1XOlxVFv1vMfBvSWd/bla9dRz5xTddW0p0/eoxls5KdvX2Ox8LMlVzto4xH63s8Suz4fXfd70qR9H87Sko/u0tE6cJ9eeHE6dd7fZvv+/00WzBTM/ks1/P9VfukA//wXVtv+Gikmh9UQd9fUJ5FrAjGeSWFBLOvvkspBcDDycuE+y8SbGa7TQqg88DGno4JzJV199UNZYTBDHYNPFWxm4ESZxGIM+/SJm/dBe9b8/0GZtmtTVJvqxS8NX7cLGhj37Oeo796uv9qMfXcTEWPWrY7QwuUerjFyUtQ+dNPkuzYlja0z4KmPyoM5Nt62v9ejDHB3od7w6zSf6acjU8UvnszFVH6svxjLK7Tonh+bZrM1Ly7Oleen99XnCmmaezTPy0fm3j/voqNzW8gZZ1wb6kXX+aj5hx2eAftS5R7b7PnNd86v60sd2uX699sxGVi6zPLHfbdA3WjfmHvLw677Xa2Rcu64hn9XMZ5XlmsZ84D/yzoHxIO945tH15px2f7CNDnNi9jmObX1RJz7QvNb3ygj9vPAH2zR9Z5ytvz/Qzzh1Lh2RQ7f39UkbXlcfze/KS9aOU18/ytV+x7kmiN2+NV3mK0xqHsioxrSPzToHnMNSv7jW/11yxxxADzmkDo51XdV8JR5ePqdG86Ge2XlxvfWckV3lbn7VPu3VY2fMvSVfzVt1zj5rd3mG1n0D9rBV56r6PjqXZWXkXKCbMT0O9XQWPnP0g6O61vJUfX2NjnwzN5GV62xOaacfzVfs4bP3tUU/tpAzRm0rOzrqP2Ncu6wpuXG/jqvzxjqsstUvzmv86lCv1z476GcM+cc9Wp0P5fe13/2ZnQ8Y0mps+jI69viQWdLRfZpde+icfW7MxjmK5Tby/f+dLpothJeOunBXRTMwSLT+EMaPnpSjyQU6C8eFiB6uTe4R7NpX3+CwySLvG4juC/dNPu5hmwTDl6qbPv1CjkTyIaocY2bkdrEpS/1iLK0/pEzs/uDhQUNjvH5ylHXVz4PMxaWsbLz2iM46p46rfcjirw9bxozmxLE9JvgaVx3bbetTP5I38DBG86nO7SgPu55+PRNT99FYui89t2fyZzbPdrGpX+eeZ30u1q57jo/mf5R7M3mDXfUz1zRydZRPXc414JvyWgxL97BX19rsOu3j0L/0zEa2rknjMFdGPNE3skF/XzfwcoPGPCzFqk5k6vpYso+fVQ5/sNWf1+jl+bjt+aScz399JR65Y8O1g31j4bw+w+gf5Yjy1W/iY26wQ3MukKHBruo2r9S1dmR8zR990obXxqourisv7DtGmdFRTt4zl2SKP7O6mEf1OY4+/KoxKbOrzZ6nS1xnc4fniY351B+PnYV5Xd8bluZDHbPzghz6aeZrzy902rbNbWfM2CVfsU2rOvd91jono2dof98zzrou5TY64mfPy/rsGMWBns5CP2SJz8SOHC9t93H2M67K0V99M09kULnO5JR2+pGx9bniffqrffxDrrJRdumIj4wxB9VBDo7GzKyx2flAP6y0La8RZ33Zx/7In5n5wB8a47W/dhzlzZKOkU+zaw8fGC8319PouTET5yim28j3/3e6aN7fxHjkKJj0zSVwOB2XEwuShVo3DjDmmjbafGQOjjsH4Rmex8oBP5Dr+tiU0JY2TV0+17fPRZi56QuTrNNj5wCbX9qx9UbffkwtWHledoZ8MUBDpt/LdZhcQg7cZvD+/6Zo3vJf/1xCEsTHwx5WfmLGp7O8UXDNxptPufjEqxfT4X0Y70vg56el2x6tlxBL99F83xbbpRZKzh3fMlAgE4ef+rPGO49cLzOR5aXmQuZ2eW7PgQ3FF+s0H0yf1zz5zSLzwtrnOWrBnLk6r7k6h3V8ST5s2/dsu5+iOUVzNpGf+jEv3rxtFMu8SaRgvs43COadzcK21yW9WegrG9VtcXH/kr9N6D/q5o95XXJMzt9dHlM0X+fz765yjOfs6BvNu7IfO+P85jnJ2q8/Ou6XCmE2ZhYul8HFPf6+xxTNKZpTNCcHkgPJgeRAciA5kBxIDiQHkgPJgQebA/sWy45L0ZzF8WAXRz75u4xP/jJPmafkQHIgOZAcSA4kB5IDyYFT5oDF777HFM0pmlM0JweSA8mB5EByIDmQHEgOJAeSA8mBB5sD+xbLjkvR/AAXh5ObYwiEQAiEQAiEQAiEQAiEQAiEwGEEUjSnaD4sgzI6BEIgBEIgBEIgBEIgBEIgBB4wgRTNKZofcHontBAIgRAIgRAIgRAIgRAIgRA4jECK5hTNh2VQRodACIRACIRACIRACIRACITAAyaQojlF8wNO74QWAiEQAiEQAiEQAiEQAiEQAocRSNGcovmwDMroEAiBEAiBEAiBEAiBEAiBEHjABO6taH7re26pfuQfD/8/yZyfXf9vr9lxs3K72t9XHn/WuOlvjiEQAiEQAiEQAiEQAiEQAiEQAocRuLei+T/9182GwvlN7z68aEYPr12L0NE4cD79oZfrGsnN2EIPbUZ2Fxl0pmi+ZZt/QyAEQiAEQiAEQiAEQiAEQuCUBO6taN6lSLwrWQp5Wi+a97X/3g/f6tt3/NI4tKZovmWbf0MgBEIgBEIgBEIgBEIgBELglATutWgmsFr88a3zB59/KdxPfHKzef/fbTYUs0sFJP3ooCnjN7zo8x73uy7vMc4xt5pu/7V4rnLI4g/3Pvbxl6Txu35r/tKdl870r8eJnu4bsl0OP+ijca6+fnzJYs5CIARCIARCIARCIARCIARCIAQOIXBWRTPFI4Xy737g9setLWTXCkQKxl7UOg59nPPj1X7rS3FqkVnH/ef/dmsXmMgwhr6RfsehE7mn/vttAY3vjqH/H/75dmo454Uuil7kuMc4+onXPn2zOK48sMc1bY3JrUT+DYEQCIEQCIEQCIEQCIEQCIEQOJTAWRXNBMM3thaOHP/Ln94WvmvfNlvEOs6imWLUPo4Wsfb1cRSwNMYrw7HK4QfXFLBVBj9p1WYdpyzxUcz3eBxPIY2s37hTPDuWI/pp6K799fxWIv+GQAiEQAiEQAiEQAiEQAiEQAgcSuCsimaLTApGisNeMNbCsJ47zj6LZr/dtb/L9euZolldHCl8GUOhy7fTtFpwd/2M2dYcjxxFfrXnOffQ7XU/brOR+yEQAiEQAiEQAiEQAiEQAiEQAnMEzqpopvijWLbYJAS+leVb2F4Y1mvl7Tt10Uwxr018pLj1W2yLXnxRRr84Kk+xPXr5493IMb6O9XztnjZuDOWfEAiBEAiBEAiBEAiBEAiBEAiBgwicXdFsYciRotJi1GKy3ve8F6enLJr5dtnfP8Y/feCcNlM080GA45aO6Mo3zbdM828IhEAIhEAIhEAIhEAIhEAI3BeBsyma+TaZ4rcWohSUSwVwLTbvsmgeFcf44u8abyua/V3lpTjzO833tRRiNwRCIARCIARCIARCIARCIAReSeBsima+SeYb3PrXoilE7et/OOsURTM6sVf/6jZ9tSjHTxpy/vVrfp+Za1otmi2kuW8/P9ptTPRRPPuXvbFjXMjRkEWPctqpsuih2Xd7lX9DIARCIARCIARCIARCIARCIAQOJXA2RTPFIoUi38RaGHKk4Fz70exe1HJtEdm/za3F72gcfRTCFM00C90+jm/F/bFx5PDZYtox6KLQ95tl5Ojj1eO0SO8fDCCnbe3Qh20LZPQZr33IpoVACIRACIRACIRACIRACIRACBxO4F6LZovIHF8qqI/B4vC0iIYQCIEQCIEQCIEQCIEQCIEQCAEIpGj+1Le/xyhWz0VHUjsEQiAEQiAEQiAEQiAEQiAEQuA4BFI0p2g+TiZFSwiEQAiEQAiEQAiEQAiEQAg8QAIpmlM0P8C0TkghEAIhEAIhEAIhEAIhEAIhcBwCKZpTNB8nk6IlBEIgBEIgBEIgBEIgBEIgBB4ggRTNKZofYFonpBAIgRAIgRAIgRAIgRAIgRA4DoF7K5qP4360hEAIhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCKRoPh3baA6BEAiBEAiBEAiBEAiBEAiBELhwAimaL3wC434IhEAIhEAIhEAIhEAIhEAIhMDpCNxr0fzII6/dPP74G18W3bPPPrt57LHXb7j36KM/9LJ7d3nx1FPvvPGB4zW3D3/4IzdzxHzw4vrQxpyjK+04BJiTN7zh52+YwpXz3ujva63LXPP1M8+858XnDqze8Y7fOEsc5/Rc0pfnnvvAIitlTvkcxT5zpo27sLkY8IXduOTnwn34/pDfux7KuiEveO3aZsb5rDmn99L7WAdLbM2htfeEU4xd0tn7nT/fK/r9XIfANgJnVzRTKFM0Uzyzkb2v9vzzz29YYBzPsbn493k47RLPk0++5eYNiLlgTo7B475J5QtxAAAe5UlEQVQ3HrzJ7PPQvCvmu8wPsnXN4OMotnN6Y901vlPL86GDfOB338+etXjP6bk0s0G6C39dl+b9Xdhcm6NLumfeX5LP+nofvt/3e5exn+J4zuvGNc5xW0NmRq7rGY0jx3yuIP/CCy/c6N7nywNy5xTF9n2sg87O65n3BGRHLGbHamufI3Pc53QfPfuO0f4++bmvzYw7LoGzK5rP6QFwXNTH1cbGHlanXnyn2CScQucsXd709n1o3hXz2ViUm1kzMzLqu7ajb2R1c3RtDPaJ9y42OTN+Zf5mKI1lLvm5cB++3+d713gGr6P3Pt57D9krjGaFnwAjf47d7mMdLMUw+54wYjE7dsn2TP99v1fcRx7PcInMPIGzKZpdMDwAfNG31Higcd8f5WYM34rOfgJI8vYfaaXPNlpcfQy2Rz7O+DXrP3Ghjx8XlYtv3F5zxF99xk9l1h7Sa36qq9qoujqLt73t7TefwiI/YiJXjvrGXPlNNuNG8zfLCb34XPX1+cGvGk/1tfvCt7fGVH2u47cx55N7dKCLcV2nPnMPXfinbPcd2d5G8XT/HEN/nT/6GV/XD/frGnDs6LhLbLP5iJ2eV6zRkU/85MPa+kUX8RiTccKXuG3cr8z6uXIce44wlj7tVNm1c+LBTv9JGn3pPxpODiHPWnBdGoNjut9cKzO7hhxTnzXGUXNFhvQxBp+WWvcXuT7HM7mu/j4WNvI03kNs1jiJbfRM2pb73Hesfnt0LpGh9XjIaeNwjJzJNfNYmZ6T3McGc15blzN38ZPzXZuM3/Wu33vZMxdePd/Ml25jZg0zZhff+/wRG4xnWrczykvXGzqdi1F823IEf2SILvPC+cCX2mCKDLaQwTbjzI0qS39/NpovVa6f60+V7TyXnsddFz4yllf3uctuywOZo9MXvi415b3PNa9tc1bH4be2PNJH4xpZW8937tfnhlzV08fPzlfPT3ygr+vTr3rc5qOy6JqdN+T6GpDb0vyssXAszxTnAn9Gz7NZZsblUfvGqP8c6ettZh0zZoZvjYm4eC1xQqdzUX2q/tuvXM/vETfH5Lg/gbMpmklOE4IHM+duLEbhmYBs8JDlwUvi84BeG4cuZEk07HBeFyDXNH1xIaGzjuG+BZoyjPPNj3voRR8+8fKNkAXmm5r+86BwASuHPmwy1jcr9HFfO4zDF3TqM/LY5xofRs3xS36qTz/RpV/4UFlgAz3Ypb/yGNl27oi3xs94XtrZhdPIpxojfjCH8MJH7hGTuWLuyJMYkMNX2q7M8d14qk76YGpzzujDFnHIUz+V7Ud8r+M552WMnNtqLPTJRv7V5lLOqAsWPTb00AdHYqfpG/3b8hH50Ryaf9yz6XvNXXOK2G306VPnqj5ikZc5gd/aUNdazJ2tY5aO8GEM/tvsox+GtcmPPpm6xvCLvvqSmSxk41wTu/lu/qMb29hiPDkgI/zUX/uRQZZ+bC+17i/2GMN49HNf/ca0pMt5cqw5qx+O39emc17zCt284Exby4Oa+/hInK4FY0IX92jEX7niN3NEH0ebzyLGco4cL32RB30wqjbQgRw66ee+drimn/zYtaGDsbzgxXX1U1vMkfnHuW3EWjnzFtldfFeneW5+4GO1rQ/1KEv9Jh7zEr02fWSumb9qw/XCnKOn6oIN1849+mRIPza4dv7qMwB95pOxKcdY4rPN5pTy9ag/+ErruohVP5Bda/iEb/BiHLocW585zlldczI2D5gb5ejDdl9X1RfH28c1vqzNGbJ1HD5iizicG/2mD1mb45wbYsUWNhmDr7KFAefEROuMuYcebHC07bIOHFOP23xUdnbeXBt13ojNfCSOUVtjUZ8fnFcWzIFtlpny9YjOGiO66hqudkbPBObEXDIHOZrb5gC5Qw5gy7nmuEseM9a1aAz6X/uRwz72XB/mEP36qY4cDyNwNkWzYZAA9YFkfz2SBMjUhwr3SX7GkzhrrSc9sup00fTk9Lrr5to+H2w8SGpjLP4qx3G0IHjA4huJbkOOvp74PmDQbdPHbfxm/UQvuvChthE/7vsgrQu6jvNcncxXbfrvHOzCCZ9GnHx4aEsb3Udi7PPGGORkvwtz7BAnD+Xa9McHqf7UOVdeTr5Z29+P+I6sTZ0cbVXG+TcfleHow7f29XPnuepHxvXnutSP6lvXVa9HedXXpb6PdOI7cTpf8pM1trhXWdCnnzUnnGv9M+aqi3vm6Mgfx46OyBOvzY2Ab6rOufE6VyNf1cHR8a4h+TknyjpX6qUfLn0Nab+vDfS6Keh5oA2O3V+vq13kuO59VQ/no/yg37lx/rTRr7v+anMpTnQxV47VFv21yVPOyMOzrn9l1EU8nSs6fUaYA+ai8WiXscyB+W6/drStz8fKXezIuPvvmsMHm2vOnJT1aM30NTzruzplq22OuzzTOiN8xk8ZG1+VMz7jMWfkry/Oq2OXGCpnjplLPTZjJs9sszmlfD3qj3lm3ukvssRKf53fqsNzfOq5aV6qX//l5liOPQ/0RSZVtp87R/Z73ePAx2pbOcd1HvbXcfBgnOteGWOtc1bHKTc7X7PrQL31uKuPs/PW1z52Zt4T8G3EwjmuzJA1F4xplpny9eicorM359/nrsx7zjm3zrnr07xWL3rwtdoyxq7TMfUIo65T/2s/ctjRb3Voqz+HvJ/jfgQusmiuobJQSSQSww1jTagqy7lJZ8L3+14rpy7skJi8sIO9pSTd9obi4kRnby5U740eLoxxQeCnrftsfz86dpufjNNXdWhjxM+Hicwc04/ohOOo8dDlRdO2LKp85bTmk2/M+qts91Fb6OUhWN9gtSs3dNiW9HmfI3mCHHq1ow7H9zcKxpFjzP+2h17PEXVqA11VxjjoW3pV//s5Y+obQb3PvHpPPzrrKu+5ss6T/f2o76Pc9c3Le7LuOioL7mm7+qkdxy7FTG52fY6lv7/Up6/mGc8U8p5cYYz5oJzPmpGvXSc5PGr4yvilZ2WPAx3GItOq13voXGrdX3zY9hwd6VLPKD+8hz+0fj1j01hGcVZ/YGR+137Oa+47j8yrzfcn56HnRr8mDpq+ea2+Lt+v5UH/ks/cY53s2jpjx8+sOeMZsTbfvTfruzo7g3qtj6Pjmp0qPxNflZ959jtPjjMW51ub5E1vzCu+05yTGnM/V2fXU8frj/p4LrHumJORDyNd2O15pT71G6dzXfX0PFB2zX/Hy2vp2v7uYx/X/V0aZ7/revb5qv4+R/XaeOk7xhre1Udi08+ZeZudp84eO0tj67zoS2XUz2XmvNSj431/rff6fmuNeX3W699obdR96lqM1Q/PsS9z+/S/9iM3es8fvQepJ8f9CVxs0cxm02Q1uX0DqQnV0YySrstwPZJjUfDmoR3s4oMb36VF3/Xrd+/nuuvQRpftctwf+dzHjWyMZOzrvq7ZWLunPo7o5DVq1V4977I1/m12K8M1WR6k2mQMm4X6hl5t6s+aPsaiA1364DXjaI73Wr31HnbXmrqVGemsMsZBvMiOXuoaHauufl9+9OvHNv93kdV3dPfW7VVfqmz3v49DVjuO62Ps59jvuVFGb385zjc02fAmbEFIjuA7jTfDulka+Yqcb/jI9jfv2WdljwO9csBub2v3lB35u+056th6HOnxfr/Xr5HbZnMmFvSMGOlHzzfmjnm1ce7mRh8ppDkfvZzHJd/whfkejaWPHKOt+bx2T79HR/QzFt9q6wy8V+0sxYNs11vHqctjvafOUzzTtMdxJj7kdnn2d4bGAos1m/2e7GZy6kZx+8fx1R+eHejzfQvmXJubTcWLl3Vu7Oz6e5zKcdxFto7jvM9Rv1a++9jlug9L4/Z9vqp/Zr66r/rCce2ecvv6yHj9NC/W5m3tnr4s+bw0ts6Lvswwq/Y8dzzH3rxnnGtcq0/1vOvsMfXrLl+vsa8v9ncf6R/JKb8WgzI57kbgIotmHth+0lOTf5RQHYcyblD7fa+V60nrfY5sVPGDNxSaC6IWWlXecxfZ6I2HTRWJ7r2lpNfWrvHv4iey+qrvchnx894aM3XWzaS6OcJSntqWRZWrnLQ78ok3Cxh6T9ltPiLnhyNuPndhrh38dDz+dx3KzXzyWeOv5z1H1MnRVmX0gfzdp6GrFnJVh+uSPv3YxrrKOk9VZz3X99EagyG+ec/8qeM5ryy4HvmpHceuxdz1OWbbkTzHR+3rNwzQSd5zrEyUrUzN8VHBjA7nhLG2kZ5RHHLQN8dz9F7VW+9zPrLTZfpztN+veioL5bqNfq1cPXabxjKKs46D0UzuMwYbyKOTF+euOX1k87et6RtjakOfz8ra38/XfOYeObhr0398q21mzRnPiHVfw7O+q1O+1aeZ8zU7dfxMfLKZffZ3hsbifGtz9D7oPXzU7kxO1Zg8d3z3x/vY17dtNkZ51fWrayYPlJWJPo2OlQn3+7Vjuo9drvs7GnfI81X921hidy0/exz66fEQH9Ghn+aFczGaN+9tm6eRz0tj67zoywwz469Hx8/st9aY+56Kbv0brc+6T0V2Kcbqo+fYR742/a/9yGGnNz+Y35dV15frWwIXWTSPEodwfMOtCTWaaBKezUZNch8sbkK6DXSyOOoYdLtgOHfz2hNYXSbvkp8keV2M6Bw9XOjHH+6h26adbfHP+oneGp92Rvy45wNim3119geX/u/DCZ949fmxAPEBr43qI/fwqbIkns64XyMz0jcaSx9NRtpyfM9HZOVUi+5bLS//t+eIOrWBdJVx/tFfW18D9V497zF4D47YsbDRj8pa2dFxlFfdpyXf0eeHHOaA/LqtyoJ7Iz+da8caM/Zrcy13llVm6dzc5EjsNmP0fp3H7iuy5n73DX1dXhv6Xeemc0FWX4i/NhiTs4yp/lUZzrt97MHKOVJ+aa68z3GUH/Q7N8ayj82lONXlM0lbPeae+/hFjPBhrHNZ43beah/jZOG6Nxe7zSVflLeAVK7nhzmwT+7KReb4TdP3T12+eKi5JeuR3b6GZ31f0glb8+ZFZwYnS3aMx7nwuquo8cl/23wtMezjnSeOtRkztm2zOaV8PXZ/YGLeV7kaa+2v5yOZrl//Z/KgM6m2+nmfo36tfPexy3V/R+OWZJyzuj66PfTNztdSfmpnxFB/D/Wxj3fe8Kk21trMewJjRiyW5rjPyyyz6pvnxjKz35I5Y2rrz3rnoM418qP9/FKMVb/nMOqMWY/0V1tc82JeatOW7wP1Xs73J3CRRTPJSJKweEgIkppk4ron1AgNY5DjDZpzFoFv1iaYi8vkdKE4hvtuhOoDy6Qm2RmDPhd5TWrtIY8uFt7ogYOfVb/x+ODiHj7CpPusrA8dY6F/1k/HqovjiJ8PmBn+6HSuYGj8cnKDgq1ZTs4PDJ1TY8RebdhBDh7Y9uFGP/PQ/XFTuwvzygjfeNW4sUHjCLOej/KEz7bWc0Sd2mB8l6lszFNZ13Ej25WXDPHT+ZOXftS8G+mzrzJzDvWJa1tdd/punlZb9jnOY2cx8hM9yNmYe+MzR/Sj63PMtiO+M5YX81GbzwJs1tZ9lY8+cd8X88QL/eiBIfewxTX9lRfXfa1g21yszzTsqgOdS4171Y4xM15/5DiyXfUSI7ociy580g9j2dema6LGiW5ePrtnc1+/9Y/57HNM/MRTn1nIV17oMRc755qTyHB/xNLnFnGYJ8jJrXLXVu0zlnrsjL3HOPzvjb6qs/q5toZ38d35w446XR+dXfevspSRc1HnbSY+5xXb+MGLcfLWlyWGzoFyPE+NA27046P6Km9tb8upHj/X3R/nyPVAHDLBx7XW53uknz5t1DmTcbVhHnCPftbhUnO89/u1/d3HkRyMYYlN56OO2+X5WtkxT7TZ+TJ+/DE/YWcO4PtS28XHGpv6el7QbyzmBnGQo/ojK3X0o+PhKgvOsd/H9nmZZdZtcm0s+Im/6Kp5DVPbLs961yfPCmwwR+RNj8d5JKbZPMYnZH2+oZNrG9e8em7Qh19pxyVwkUUzCEh0E5XkYBH6cKgJtYSrj0cXfTYXV9XFfRcwNn2YWiQ4ljEuGH1jsdTGmBk5xi89EOtDE39HPmNTn2ss9M/Yd2z1nfPOD/48KPC32+lj0clrpGNfTtggfh/GdX66fR6Uzo++YpexPvQ58pAip2qbZc6Yyhd9jCVmfMNXmnPGPexp39yqtpfOe46oUxuM6zL04V9fQ3XMkj364VL9lVddC/oh4zV93us50delcsxh9X0kt5S7ncXIT3xGrjZzhH5e2uz66pht58438dTmGyTH2rqv+jI6yr0zXXpWrsWBLn01N3suVz897/7SzzjnBpvqq7nj+H5krGvXnOvP/UNsEqf68Q1W/Zk0k/v6zbw6N/jeW2dBTvVcMBeJqzdzss9NZ4lcZW5c2KPfpq3a5716HDHmvjaqLOej3JpZw4yd9R1Z/CcmmRPniFv3TzvIO9a8rLKz8dU8Ym7Wnv3I1uYcVL+Zz/q81beRPzM5Ve15PprTznOUn46vx9F8j/QzZjYP+ntvtVfPO5N+rWz3cSSHbz4PnKc+Dt495/ozCZvksXLYss3O1y7rQN0eZ33ssTF+ad7g0Z872EFHzV19qMcRi1HeM2Y0L7PMqk3OjYXxo/XU5Wef9axP/DdXYOAztuuczWPXPLrUp//mIrq5B6Nq3/fG/j7Qfcn17gTutWje3d2MOAcCFMd10eoTbzAsYB5IaXMERg/BuZGRuksC5DQ5z5tobW6OeCNMC4GHQIBcHj3fH0JslxgDBQbzMSpE2KRTiKWFQAhcJwGL5uuM/u6jTtF898wv3iJv4H7yRTHBm7mfnuUNfLfpTdG8G6/7knaeyG8+HOLaH8HiU91eTN+Xn7EbAocQ4HlOIZZ8PoTiccfybRHPGF48c3j28AzyG7h8SH1c3tEWApdEIEXz3c5Wiua75f1grPGm7Y8asWjZaFFM58dBdptii7F8s7Mbt/uQZq7qj2/6I1ApMO5jNmLzFAR4riefT0H2MJ3MSf1xUj+05pmUFgIhcL0EUjTf7dynaL5b3rEWAiEQAiEQAiEQAiEQAiEQAiFwQQRSNF/QZMXVEAiBEAiBEAiBEAiBEAiBEAiBuyWQovluecdaCIRACIRACIRACIRACIRACITABRFI0XxBkxVXQyAEQiAEQiAEQiAEQiAEQiAE7pZAiua75R1rIRACIRACIRACIRACIRACIRACF0QgRfMFTVZcDYEQCIEQCIEQCIEQCIEQCIEQuFsCKZrvlneshUAIhEAIhEAIhEAIhEAIhEAIXBCBFM0XNFlxNQRCIARCIARCIARCIARCIARC4G4JpGi+W96xFgIhEAIhEAIhEAIhEAIhEAIhcEEEUjR/arKeeuqdm0ceee2G4yW2u/D/uec+cOeMtMncPP/885c4NfH5xATMfXIlLQRCIARCIARCIARCIASOTeAqi2Y32RUmBRmb7kstzI7tv8VqLUTsu8sPFp588i2bRx/9oZti/W1ve3udsp3P9b/GtLOSDDg7Aq7nzOvZTU0cCoEQCIEQCIEQCIEHQeAqi+Z3vOM3boqwBzGDJwri2WefvWFUCxGLzrsqmvkggG+YKZbf8IafvymeX3jhhb0jHsW0t7IMPBsCKZrPZiriSAiEQAiEQAiEQAg8SAL3XjSz4X3ssdffFEcUSHyz+OEPf+RlsCmUZuT88Wpk/XYS3RRLNmT6i3u9IPSasRRtjnn88Te+zD/lONY22sgTF/GpC9/Q3QvBHisFY42h2vFcPxhrww7XvJZ4KFuPxKiPHtGvDT50WGOCLmJCRrscR3Nb7fZzbcDtmWfec+PTu971e13sJj787M046PfceDg6Z7P5hQ5ezIU5S1yVuT6gu891l+MaP9DHHHOOPvh2fj2PsbOr3/rmEXvEY6t+cA+b3Wdl61EuyMqFI3PWcx7Zvr75cKTnCtfE11u1IXs5Op+M6XbxZ0lnt5HrEAiBEAiBEAiBEAiBEKgE7rVotiiiuGDDziabjTAvN9ZsnC0oKCbYGFM4uTlXjqAsOixs0OdYf+ya8fZx7kabI+MtErzGF/zkGrtcY9umHMfa+kYePxmLbfyq+uizcQ8/ZFILmW7DMRz1Q//pm+FRdXiOr84NMaObedAGeteYOGfE63jngj7nQnujIzrkxX2vK3vHydprj+QBvtKWYtJX5LblF/rwCR+Ih7mxMOba5hw618jJE3mbfmObc/iqz9jRxQubld2ufuN7b9i132/19bn6UnOq6+BazviHrzVn6TOX0WNc6nFd0G+uMA9cEzNx2mSjPmzhL7LEgs80ddZYXLv0pYVACIRACIRACIRACITALgTurWhmY8tGlw1wbWx82YSzyaVxtKiocmzy+wYcub7RZgPfx7vJr/qwW+W87v6xoUfODbpyXqvTgsh+9HTfkNU/CgCa4+Bjo3CgH9mlph/I2WZ5KF+P+qH/3NPGNibOWY2B8cSBTxSQ25o65IK8hWfnoK9dZ59n5WpM2qnc0DPKL/XVuIyJezbyklct+Lhn7ui//uBDbTDiVcf3PNnV7+qftrBhv3PbfeG69zne44iL+nqRKgM/OCGX8KPOCXqNF3na0vMCRqyrqmN2rel/jiEQAiEQAiEQAiEQAiGwRuDeimYLBguIJSfdkNcCQlk33N6rRYAybt5rUaROZTh2uX6trH67yVfO6yU5fFt76Z/6KAQoGOBjfOoeHR2nHmRmeYz09TiRGdmgv8vKdyle7m9rxN8LT+338drvOvXDfuXQY1NmxLjnl7KO9Vg566PFnjIcLfy8N/IHuarP8eplDE1fZv1GvrdqBz0W+3w4wYcVFrZ9XL/Wl9rf/fVejxkfemGtLP54z3Gj54X3nFd0rr1kqJ0cQyAEQiAEQiAEQiAEQmCNwL0XzW50l5wcbciVHW2We3Ew2ryPdHa5fr1kUzmOtY18owBAbvSqBQrFFYWL36BRAHA9KpC0qR+1IGDcDA911GP3n3sjG/R3WfmO4qSvflNbbXrut4zE3JtMKi/td1n9sF85fLB1Gfs5dvkl2cp5iZF6q2zXP5Kxr+td8mXJb+R7q75wj/yioCdPuef9bfM18qX7q+0esza8X49Vbx9X5fo9dM6utaon5yEQAiEQAiEQAiEQAiEwInDvRfPom6PqqBvnUcHYvwkcbcBHm3d1Vjtdrl8r2zfoynGsrcvhGwXfro241TUqItWnH8jaZnkoX4/arHGNbDCmy8q3FrZV97Zzx+P/0quy0H7Xqx77lasxKTOTX8qqz2PlLCO/TVaG4zl/01z99Jxvm/m29/9v3wxyG4ZhIPj/XxdzGIAQ6NRpD/ZhBAR2bJJajeRCm6S/rduNixxgPts5B7Dz2+QZx/l/vmn+TfPZV+8jEIEIRCACEYhABCJwReAx06yBwPjO5mZbU/TN/25O82JN683N+51N/pZHzXPTb9z5f59+I8p9mgbf9+qznv+7S5xjN4bjNrZ5Xx1znFvOFjfreK6uqfcq94y9mjPzt/HZL0Zb3cRvL39GrNG1//mNqHWoZTOOmrYrreRP00b8tm64rl5rnvq8jpEm1g+KNj1bPa7Jjhzat7rRNBvrbeqmLuOTqbFXY/Y+xy3m1Gv8Oear58JfG/jhw9XfC/T+9VlTU8cIRCACEYhABCIQgQh8IvCYaUYU5omNOxtnNsl+s8UGfxogfy5KPJtxDMO5UabeNAEOetu8aziopwk548731js3/WzaNUnc46WJQA91aIxnxnFdE0W8zWsygYvGQq3GzuOm9y6PWcdzTQra6BcTufVBPPfnWGGyzZnjP42ZfXJ0TWgs5z3PZcQ80tRFn2jh5fpAl20bE/c2reZT2+a8+t7jyVnDRw3WNO8d15zrk9tVPa47RnJsd3XbD+uIc/gxF1O3mqmJZvqT89Rs3/O4cdn0kqMWufrhBHq4Z7/bWvE58NlAJ3odizXvPmvogQEvc+e4Oo9ABCIQgQhEIAIRiAAEHjXNCGCjrEFh88qGmE3vbJisO3HTBJjPZpjr5Nuo5wace7Qz7nxvLnXImZts9Goc2MBjkNjQb3H06yafcVPvNJFc0xBRQyOjhu246SX3NDxb3FaPa9NckXeVuzFhTHBwbuWCSbpq5BBHzqdGDcY24zB99sURTZq+WescE/fol3jzqb2tQ+d41uP8ivNcY2qauRu3T/XohxzbXd3Ek+e6Yz3Bi+NcH1xzjPIlj34+NXNmzDdrhflkrajPtbL1O8chUw0/fdp4Ju88a4yT18y1RscIRCACEYhABCIQgQhA4HHT3DREIAIRiEAEIhCBCEQgAhGIQATeSiDT/NaZSVcEIhCBCEQgAhGIQAQiEIEIPE4g0/z4FCQgAhGIQAQiEIEIRCACEYhABN5KINP81plJVwQiEIEIRCACEYhABCIQgQg8TiDT/PgUJCACEYhABCIQgQhEIAIRiEAE3kog0/zWmUlXBCIQgQhEIAIRiEAEIhCBCDxOINP8+BQkIAIRiEAEIhCBCEQgAhGIQATeSiDT/NaZSVcEIhCBCEQgAhGIQAQiEIEIPE4g0/z4FCQgAhGIQAQiEIEIRCACEYhABN5K4Afa398ifRqpGgAAAABJRU5ErkJggg==" width="640" /><br />
<br />
Per above documentation, the cfg file (in router bootflash:) will trigger the mode change. That is NOT TRUE! At least not in CRS 1000v 17.2.1r. The cfg file won't be used UNTIL the router is switched to controller mode.<br />
<br />
To switch from autonomous mode to controller mode, you use CLI command "<span style="background-color: yellow; font-family: "courier new" , "courier" , monospace;"><b>controller-mode enable</b></span>". Router will warn you that all configuration will be lost. After conformation, router will reboot into controller mode.<br />
<br />
The first sign of controller mode is - you'll be prompted to enter username/password, even if you don't have it set up previously. Default username/password is admin/admin, which aligns with Viptela defaults.<br />
<img alt="" height="246" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA08AAAFGCAYAAACyrqT7AAAgAElEQVR4Ae3dXZJjOa6m65xuzWoPse/PRR7jtkI3EglyYUkK/5GeMpOBBD6AFNcrd4ERGfXX//zP//z9n//85++//7//4+UMMIABDGAAAxjAAAYwgAEMdAz8/ffff2meNI0aZwxgAAMYwAAGMIABDGDgggHN08UBdR0nn5sIDGAAAxjAAAYwgAEMfB4DmifNkxsGDGAAAxjAAAYwgAEMYGDAgOZpcEhuFT7vVsEz98wxgAEMYAADGMAABioDmqff1zz99ddff8frFTcEr6z1iv18eo3J8whN2GfObNWY5sd6Yad5dL/v54xn5plhAAMYwAAGGgY0T82h1A7zB83rF906fwRyX4R/FgN3n8ezDDya/2jeI4zK+VmMeh6eBwYwgAEMfCwDp+YpvsRl+5UH5cvZvz+Y9Uzq/Cufj7X+/Xy+40yeZeDR/EfzvuOMrPkzWPUcPAcMYAADGPj1DFw1T/UNfuUXpq9cq77PnzjfncfO/xPfgz29/ofms8//0fxH8zDwegacqTPFAAYwgAEMfBEDr2ye1pepeHUPsPuytfNFnWp3dbNupwn/lTZ0VzbXiXGXE7Fld/Hwn7ST/KgzsXmtXe2oU7VX+sjrbM7NdTvt8p00udYpfxfb+fOa3RqdL9eq8at6K3eiyWvEuK4V/mnNyL+7fuTl9fL4br2ca/xFvwB+0F9J9sw9cwxgAAMY+BUMvKp5ql+k6nwdxtQXB9fpIxa205x8OZbHUW9qp7lVV+drveWLV16/aus8tDt/xCf2VOMUm9SumlUvXjnWrVN9d+erfs3Ja07HXY3ON11vlxv7uYqHbrpe6Lu6y1f9dR752Z40Xazz5XrGfmliAAMYwAAGMPDjGbjTPO2+/Ez9na7zxaGdYkuzi3f+5av+Oo91r+w0b6er/jWvvu79dZpOd7X/Lr6r/ar6ec1Xv9+891o7x/Ie7o67Op1vel673NjXVTx00/VC39XtfJO6d/N2+tgb6xcmBjCAAQxgAAM/noGr5ml94YnX7s3svhRVf52vep0v1jnFIndpulfUCHtVK3QTO62101V/ncceqr/Od7rw37G72lFjxa80ob2yuzrVX+dRt/rzfI3rPPLu2qgVtubndSLW+XIsap10S38Vj5oTbV6zq9v5pnXzPmJc18vz0LB+OWIAAxjAAAYw8CsZuGqe4k3tvmCt+C5W/XV+yr2KTeJLE69u7YjdtdNaO13113nsp/rrfKcL/x27q11rLN1UW3Njvsuv/jrf5Ycu7NLFOGzkTm3Nq/OoU/11fle304e/s7s1l7bG6rzTxBqdNmLP5OUaxv/vZ5SzcBYYwAAGMICBX8DAtHlaD3P3ZWrq73SdL8A5xU77ifxsr2pl7dV4Wmunq/46j/U7f/XVeeTetXfr3NXn/exyq7/Oo0b1xzzs0sU4bORObJfT+fI6dZzX6XI731VOjufxrlbnn/pW/U776Lo5z/gX/GJIF0+el+eFAQxgAAMYSAzcaZ7Wwe2+UFV/nXe5S9Pp4gGdYnc03dqR/6id7K1bt8vrfF1u59vl3n1fpzpdrPNN19zldv7qq/NYc/lzrM5DN7G5ztJf1Qp92LpG9V/VizVrnd281g9d9e/W7fw1N2pme9KcYrmGcfphrGH5v39TABe4wAAGMICBH8vA3eZpvZHdF6Plj9fuDUc8aoSd6HfaXDPGtd4ut+ruzGOtbLv8SXyXt/NHzS7+iG/V2+XFWtnutBP/bq2TP9be1e9yO98uv/pjvagR86pb81Ms9KGZ1IuakXtlo2anm6wb+VXb1cu+yMu+PM71Ypzjxn4xYgADGMAABjDw6xg4NU+/7s24ud02QJ6lH04YwAAGMIABDGAAAxh4kgHN05MHqGHTsGEAAxjAAAYwgAEMYOAzGNA8aZ7cQGAAAxjAAAYwgAEMYAADAwY0T4NDcpPwGTcJnrPnjAEMYAADGMAABjBwYkDzpHlyy4ABDGAAAxjAAAYwgAEMDBjQPA0O6dR9irmdwAAGMIABDGAAAxjAwGcwoHnSPLllwAAGMIABDGAAAxjAAAYGDGieBofkJuEzbhI8Z88ZAxjAAAYwgAEMYODEgOZJ8+SWAQMYwAAGMIABDGAAAxgYMKB5GhzSqfsUczuBAQxgAAMYwAAGMICBz2BA86R5csuAAQxgAAMYwAAGMIABDAwY0DwNDslNwmfcJHjOnjMGMIABDGAAAxjAwIkBzZPmyS0DBjCAAQxgAAMYwAAGMDBgQPM0OKRT9ynmdgIDGMAABjCAAQxgAAOfwYDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRockpuEz7hJ8Jw9ZwxgAAMYwAAGMICBEwOaJ82TWwYMYAADGMAABjCAAQxgYMCA5mlwSKfuU8ztBAYwgAEMYAADGMAABj6DAc2T5sktAwYwgAEMYAADGMAABjAwYEDzNDgkNwmfcZPgOXvOGMAABjCAAQxgAAMnBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQTt2nmNsJDGAAAxjAAAYwgAEMfAYDmifNk1sGDGAAAxjAAAYwgAEMYGDAgOZpcEhuEj7jJsFz9pwxgAEMYAADGMAABk4MaJ40T24ZMIABDGAAAxjAAAYwgIEBA5qnwSGduk8xtxMYwAAGMIABDGAAAxj4DAY0T5ontwwYwAAGMIABDGAAAxjAwIABzdPgkNwkfMZNgufsOWMAAxjAAAYwgAEMnBjQPGme3DJgAAMYwAAGMIABDGAAAwMGNE+DQzp1n2JuJzCAAQxgAAMYwAAGMPAZDGieNE9uGTCAAQxgAAMYwAAGMICBAQOap8EhuUn4jJsEz9lzxgAGMIABDGAAAxg4MaB50jy5ZcAABjCAAQxgAAMYwAAGBgxongaHdOo+xdxOYAADGMAABjCAAQxg4DMY0DxpntwyYAADGMAABjCAAQxgAAMDBjRPg0Nyk/AZNwmes+eMAQxgAAMYwAAGMHBiQPOkeXLLgAEMYAADGMAABjCAAQwMGNA8DQ7p1H2KuZ3AAAYwgAEMYAADGMDAZzCgedI8uWXAAAYwgAEMYAADGMAABgYMaJ4Gh+Qm4TNuEjxnzxkDGMAABjCAAQxg4MSA5knz5JYBAxjAAAYwgAEMYAADGBgwoHkaHNKp+xRzO4EBDGAAAxjAAAYwgIHPYEDzpHlyy4ABDGAAAxjAAAYwgAEMDBjQPA0OyU3CZ9wkeM6eMwYwgAEMYAADGMDAiQHNk+bJLQMGMIABDGAAAxjAAAYwMGBA8zQ4pFP3KeZ2AgMYwAAGMIABDGAAA5/BgOZJ8+SWAQMYwAAGMIABDGAAAxgYMKB5GhySm4TPuEnwnD1nDGAAAxjAAAYwgIETA5onzZNbBgxgAAMYwAAGMIABDGBgwIDmaXBIp+5TzO0EBjCAAQxgAAMYwAAGPoMBzZPmyS0DBjCAAQxgAAMYwAAGMDBgQPM0OCQ3CZ9xk+A5e84YwAAGMIABDGAAAycGNE+aJ7cMGMAABjCAAQxgAAMYwMCAAc3T4JBO3aeY2wkMYAADGMAABjCAAQx8BgOaJ82TWwYMYAADGMAABjCAAQxgYMCA5mlwSG4SPuMmwXP2nDGAAQxgAAMYwAAGTgxonjRPbhkwgAEMYAADGMAABjCAgQEDmqfBIZ26TzG3ExjAAAYwgAEMYAADGPgMBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3CR8xk2C5+w5YwADGMAABjCAAQycGNA8aZ7cMmAAAxjAAAYwgAEMYAADAwY0T4NDOnWfYm4nMIABDGAAAxjAAAYw8BkMaJ40T24ZMIABDGAAAxjAAAYwgIEBA5qnwSG5SfiMmwTP2XPGAAYwgAEMYAADGDgxoHnSPLllwAAGMIABDGAAAxjAAAYGDGieBod06j7F3E5gAAMYwAAGMIABDGDgMxjQPGme3DJgAAMYwAAGMIABDGAAAwMGNE+DQ3KT8Bk3CZ6z54wBDGAAAxjAAAYwcGJA86R5csuAAQxgAAMYwAAGMIABDAwY0DwNDunUfYq5ncAABjCAAQxgAAMYwMBnMKB50jy5ZcAABjCAAQxgAAMYwAAGBgxongaH5CbhM24SPGfPGQMYwAAGMIABDGDgxIDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qn7FHM7gQEMYAADGMAABjCAgc9gQPOkeXLLgAEMYAADGMAABjCAAQwMGNA8DQ7JTcJn3CR4zp4zBjCAAQxgAAMYwMCJAc2T5sktAwYwgAEMYAADGMAABjAwYEDzNDikU/cp5nYCAxjAAAYwgAEMYAADn8GA5knz5JYBAxjAAAYwgAEMYAADGBgwoHkaHJKbhM+4SfCcPWcMYAADGMAABjCAgRMDmifNk1sGDGAAAxjAAAYwgAEMYGDAgOZpcEin7lPM7QQGMIABDGAAAxjAAAY+gwHNk+bJLQMGMIABDGAAAxjAAAYwMGBA8zQ4JDcJn3GT4Dl7zhjAAAYwgAEMYAADJwY0T5ontwwYeIaBv/76yw/Z0w9ZMXxgAAMYwAAG3ocBzZMvzs98cZaLH80TBvwcwAAGMIABDHwMA6fmaX0p6l7vejjT99rpwhdnE/OTzdoYZ7ty67zWy/EY17wrf8Sv7K7uVd5Pi3/X+3jXdb/rff00ruzHFwcMYAADGMDABzBw1Tx1ELzrl6XufU193TllX1cn4rtY9df5yt/5dv5Y8xHb1XykznfnfNf7eNd1v+t9fTdH1v+AX5D+ms0/LvAwj3kMYAAD/+fv9b+//ud//ufv//znP//6Ibn7UtT5s2+N49UdcsTCTjRL+4yuy62+bo2pr9aq865OaHax6q/zlX/y1Vidx/pXduXtXl1u1nbxu75ab827GlnXaWo8z7t6E1+uEeOaF/7OXmlrPOarVh5H7fAtG77OZl2Mqy781Wbdiq151Zj7BYsBDGAAAxjAwFsy8OrmKX+RyuM4vImv00R+tlNdzjmNu3pT36nuinV1ImcXq/4639UNXdirdSJ+ZWu9Tl81dd7lnHw1f82rb+VPfTvtaQ+7WLfmTvvours1wh/2VD9rdvvrNBPf0nS63Tr8fpFiAAMYwAAGMPCrGbjbPO2+KHVfoqq2zuPgqr/OQ1ftVFfzdvNar84jb+ePeGdPObtY9V/NY92s241De8fmWl3eLr7zdzWyb5dX/XUeNe76I29qd/V3+Xf1q84uZ/lrrM5jHzv/Vbzm1flVfsRZvyQxgAEMYAADGHgbBq6ap/WFKb92b3z3xSrrc506zro1jnj11/lUV/O6edQK22mWL+LV7vSRs4uvOl2s+qfr5bzduFvvypdrddpdfOfvamTfLq/613z3yvViXPPD/4iNdSe503WjZtiu9rTWyr3SxjqdzWvv6uz8OdfYL00MYAADGMAABt6CgavmafomJ1+gJpq63sqZ5E11tX6e53XyOGvW+BSr2pifcnax6s/zPI41wtZYzMOG7q69yt/Fd/6r9Xd51V/nj9a9yjvF1x6u9nEVX/Wrps5jDzt/xLO90l7Fo9ZOt/NHHuuXJQYwgAEMYAADb8PAT2+e4qCnX9Cmuqibbc2t89Du/BHv7ClnF6v+q3msu9NVf+in9ip/F9/5r9bd5VV/nT9a9ypvEj/t5RRbtbt459tpd/vb1Qj9VfxKN82POqxfoBjAAAYwgAEM/FoGvrJ5Woc0+aLVaZ7xTR/On1yjq533VeN1vju7O7pOm/dwNZ7kV02dX61R4zV/zatv5XS+Wivmd7SR09muTueL3FNsaWp8zatvWit0Xd0ci/FunYiHrbqrPVZ91GH90sQABjCAAQxg4Fcy8NXN0zqk+MKVbT687I9xjsc4YtlG7BG76nR51Z/Xq+Muf/lqjaqb1NnVqP46j7V2/ohP7KqRX13OVbzL2flyrTVeurA1p2p3uqiR9bXWZJ7zY3yVF7qwVR/+ZVcs5p2u+k7zqBO200Ys26rLsTVe8bA7bfWb+2WJAQxgAAMYwMCvZeDUPP3aN+X/2LBtAt/lee6+rL/L+/M+/ELBAAYwgAEMYAADP5QBzdMPfTAawLYB1Djh1S8TDGAAAxjAAAYw8G0MaJ7A923wDRrE1Szl10/eq735LGEAAxjAAAYwgIE3Z0Dz9OYPeNCg+JBjAAMYwAAGMIABDGAAAwMGNE+DQ9KAtH+FzgcMOxjAAAYwgAEMYAADH8WA5gnwHwW8RlgjjAEMYAADGMAABjDwKAOaJ82T5gkDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQ3Ba8z22BZ+lZYgADGMAABjCAAQw8yoDmSfPklgEDGMAABjCAAQxgAAMYGDCgeRoc0qOdqTy3GhjAAAYwgAEMYAADGHgfBjRPmqfvumX466+//l6v6fqhD1vzdv6q+675T9/fd52Ldf0MwgAGMIABDGDg1zCgeQLrd8E6bSZerfvp7/e79mddPwswgAEMYAADGMDABQOn5ml9ae0OcOfvtD/N95v3/sqznJzDRPPKPe1q/ZR9/Nb97fbNf/HD0V+xaH/+4wY3GMAABjDw0Qx8UvO0voTH66Mf+n+/FJ6aklPsq8/uJ+2le+8/fX/dnvn84sMABjCAAQxgAAMPMPCq5ml9gayv3QOZ6PIX0qzf1Zz4o2bYXU5eL8adNmLZTnQTzar5jK7Lrb7dGkvXxfL77OI1L+vz2tm/qxO1qjbPo2b2nert9F3OpGbV5Hms1b2PHOvGuzqhXfE8Dn342Ad+EPpTpv/LFH7wgwEMYAADGDgw8IrmKX+ZuzrsTnvy5VgeX63TxXN+Hmftzp81a/yMrubWeV0r5lNd6Ce2q/kKX66Rx3VPp1hoJ5qp9k6tqLnsKe8UyzWu6nTxrvbyxSvX77Q5bnz4Qah50jxhAAMYwAAGMDBh4Cubp92Xu87/6i+HdY0677647r5sdrmddqer/jrvat3Z3y6/83drV1+dR53Ov3zVX+eRv+wpFrqJZqK9UyfqhT3lnmKRH/ak3cWqf82rb9XvfLEuq3HCAAYwgAEMYAADL2DgFc3TehC7L3T5IYWms1kX9arvmXn3xbL66ny33h3d0navWjs01V/nU13N281XvRyr8xWLNTubc0Nbfad5t17VTzSRc9KeYpGf7dLnV47l8Z26J+0uVv11HnvZ+SPOvuAH5uRGiuYfP1NwhzsMYAADGHgrBl7VPMWhrC9wuy9xO3/kZntHm/O6ceyps1k/XfPVurqHSf14Lzn30XFeL4+jXueLWLV3tCt3op9oYh8n7SkW+WGrts5Dt+wplnVX2l2d6q/zWGPnjzjrlxcGMIABDGAAAxh4koFXN0/xQLovcp0v9NXe0dbcOj/VyrE8rjXy/NW6XDvGX7FGt1a3bueL3GrvaFfuRD/RxD5O2lMs8nd7OuWeYrnurnZodnWqv86v8iPOPvnD0p8o+RMlDGAAAxjAAAZOzdP6slW/qNV5p9n5Tv4Vy69unRy/Mz7VqrE6363zSl1X6xnfbs8n/1qvWzNyTrHQLDvVRc5EP9FM601qVc2aV1+sd/c9n+p0tTp95+ty8x6N//nzxXk4DwxgAAMYwAAGHmJg0jytL2vx6haJWLadLnxZF+OIhV3+GD9jJ3WqJvaUbbeHHI/xI7rIzfaROl3O1Bdrn/ShybbqV6z6TvOJfqKJNSbapamvyA+b48sX84hXG/GwNR7zFY/xzkaNnfauf7cOv18aGMAABjCAAQxg4CYDV82TA715oOVP0Jyf88MABjCAAQxgAAMYwMCbMKB5epMHqWm7/BMdP7SwjgEMYAADGMAABjDwFAOaJwA9BZCmTdOGAQxgAAMYwAAGMPApDGieNE+aJwxgAAMYwAAGMIABDGBgwIDmaXBIn9JJe59ujTCAAQxgAAMYwAAGMLBnQPOkeXLLgAEMYAADGMAABjCAAQwMGNA8DQ5J973vvp2Ns8EABjCAAQxgAAMY+BQGNE+aJ7cMGMAABjCAAQxgAAMYwMCAAc3T4JA+pZP2Pt0aYQADGMAABjCAAQxgYM+A5knz5JYBAxjAAAYwgAEMYAADGBgwoHkaHJLue999OxtngwEMYAADGMAABjDwKQxonjRPbhkwgAEMYAADGMAABjCAgQEDmqfBIX1KJ+19ujXCAAYwgAEMYAADGMDAngHNk+bJLQMGMIABDGAAAxjAAAYwMGBA8zQ4JN33vvt2Ns4GAxjAAAYwgAEMYOBTGNA8aZ7cMmAAAxjAAAYwgAEMYAADAwY0T4ND+pRO2vt0a4QBDGAAAxjAAAYwgIE9A5onzZNbBgxgAAMYwAAGMIABDGBgwIDmaXBIuu999+1snA0GMIABDGAAAxjAwKcwoHnSPLllwAAGMIABDGAAAxjAAAYGDGieBof0Jp30X3/99dStyMp/toYP5efw5ll71hjAAAYwgAEMvB0DmqfPgfrZxkfz9DmsvN0Puje5APFcfAYxgAEMYAAD38zAqXnafdne+T3Mb36YF18QPbef/Xx8fjwfDGAAAxjAAAYw8MMZ0Dz98Ad00RDd+YBpnj7nWd/hghYXGMAABjCAAQxgYMjAq5qn9cW8vnYPYaLLX/SzPtecaEKfa+S8HF/j0GV/p8/amhO5Ya/ioZvYqBX2lBOaZZcubB6HJurUeWjDn2tETtgcm+gjjx1+WF/YSDtzZ44BDGAAAxjAAAYeYOAVzVP+0nz1EDrtyZdjebzWWfN45XWrLsdiXDW1TjeP3GVr/s4X/k6f6z063tWt/jXPvsm821OuUeNRs2rqvOaZP/DB1Ug99Y+fYA5zGMAABjCAAQw8xMBXNk+7L9Gdf/mqv5tX3zqEzlcPp2ruzKs2au/8Ef8Ttluz8621sz+Pa6ybx95rXvgjp4t3vpxn7IcXBjCAAQxgAAMYwMCvYOAVzdN6o+sL8tWX5NB0th7WVa1Ys+Zd+fPaObeud5rnGnWca/6p8dWade+xj+zP4xW/mnc1whe21rjyR5z1wxIDGMAABjCAAQxg4Fcw8KrmKd7s+gL9ii/RuxqxzrI7TeevvmfmNTfv6U+P69p1Pj2Xmnc1j/dVdeGfrpv1xn5IYgADGMAABjCAAQz8KgZe3TzFm+++ZHe+0Fc70e401V/na63quzOv2rr3PzXv1p366nuueVfzeE9VF/5af+LPGmM/ODGAAQxgAAMYwAAGfjwDp+Zpbb5+Wa7zTrPznfwrll/dOjl+qlVzu3nny/XvxnNuHa9atV7VTOa1xqnulbaL5z3UeMR2/hXfxXb+qMn+k33n4TwwgAEMYAADGMDAD2Vg0jytL7/x6h5kxLLtdOHLuhhHLOzyx3hnd5rOH+tELOZRO/zT+dJFjWwjP9uIZ9+j46i17KoR81ov/GFDG7rIn853uvAvW2tGbOePOPtDfziUCw3PyXPCAAYwgAEMYODjGbhqnj7+gHyBvGxiMeIHKQYwgAEMYAADGMDARzCgeQL6R4CuCdYEYwADGMAABjCAAQw8y4DmSfOkecIABjCAAQxgAAMYwAAGBgxongaH9GyHKt8tBwYwgAEMYAADGMAABn4/A5qn1zVP/mGE152lmw9niQEMYAADGMAABjDw4xjQPL0OSs3T687yx31Q3BT9/psiz9AzxAAGMIABDGDgWS4wBjgAACAASURBVAZOzdNqBrqXL7Z9k6B56s8FL84FAxjAAAYwgAEMYOAtGLhqnro3qUno4Xcu/bl0DPE5KwxgAAMYwAAGMICBX8fAq5qn+idUu4Ooul3DcaXb5eV1qybXzLo8zjlX+hrPubXmLpZ1xn6AYAADGMAABjCAAQxg4Acz8KrmqT7krlnofDVvzSe6qqnzWqfG6zz2Ef6wtU7V5XnOCX/k72JZZ/yDPyjP/v1Y+f6ONQYwgAEMYAADGPj9DNxtnqZNQKfrfF3D8Ihu5eS83TivlzXhr3WWv+rqPOfGmNUIYQADGMAABjCAAQxg4M0YuGqeopkIewIgNGE77SmW9RPd0kRO1ddY6LLNmvB3voiF3Wl2/shj3+zD4/bo/37+sI1tDGAAAxjAAAY+goGr5ml6CLVxqPNaZ8WvNCvnpIv8sKHPto7XPF457+SLWNgub8V2/shj/9/ZOwtngQEMYAADGMAABjDw6xh4RfPUNQ2drzucZ3SRG3bVj3HY7KvrZ03EOl/Ewu40O3/ksX5AYAADGMAABjCAAQxg4Bcz8Ceap9VEdI3Eq30LvLpWnQecde063+nCX23N36278k6xWtf8F3+Y0p9qeo6eIwYwgAEMYAADGHhDBl7RPC0wokGIpiLmGZrwZZvjMc7xGEes2hWf+JYmanU5UeMUC02tFTlhsy5rq9/8DT9QGqh/fR5xjnMMYAADGMAABt6GgVPz9DZv0hdaX2gxgAEMYAADGMAABjCAgWcZ0Dy5CdAkYwADGMAABjCAAQxgAAMDBjRPg0N6tkOV75YDAxjAAAYwgAEMYAADv58BzZPmyS0DBjCAAQxgAAMYwAAGMDBgQPM0OCS3BL//lsAz9AwxgAEMYAADGMAABp5lQPOkeXLLgAEMYAADGMAABjCAAQwMGNA8DQ7p2Q5VvlsODGAAAxjAAAYwgAEM/H4GNE+aJ7cMGMAABjCAAQxgAAMYwMCAAc3T4JDcEvz+WwLP0DPEAAYwgAEMYAADGHiWAc2T5sktAwYwgAEMYAADGMAABjAwYEDzNDikZztU+W45MIABDGAAAxjAAAYw8PsZ0DxpntwyYAADGMAABjCAAQxgAAMDBjRPg0NyS/D7bwk8Q88QAxjAAAYwgAEMYOBZBjRPmie3DBjAAAYwgAEMYAADGMDAgAHN0+CQnu1Q5bvlwAAGMIABDGAAAxjAwO9nQPOkeXLLgAEMYAADGMAABjCAAQwMGNA8DQ7JLcHvvyXwDD1DDGAAAxjAAAYwgIFnGdA8aZ7cMmAAAxjAAAYwgAEMYAADAwY0T4NDerZDle+WAwMYwAAGMIABDGAAA7+fAc2T5sktAwYwgAEMYAADGMAABjAwYEDzNDgktwS//5bAM/QMMYABDGAAAxjAAAaeZUDzpHlyy4ABDGAAAxjAAAYwgAEMDBg4NU9//fXX3/X1lYe61v7K9aw1AObZbl0+pjGAAQxgAAMYwAAGfisDV81TbSi+sqH5yrXq+zTXSGEAAxjAAAYwgAEMYAAD/2Dglc1T/lOqfyzy386ya4Z2vlwrj3d1J5rI3WmXPzSsDwoGMIABDGAAAxjAAAYw8A8GXtU81cajzteiU19ssNNHLGynOflyLI9zvc4fcdYHCAMYwAAGMIABDGAAAx/KwJ3maddUTP2drvMFjKfY0uzinX/5qr/OY92ofYpnrfGHfnh+69/VtW9/wowBDGAAAxjAAAYeY+CqeYqm49RI7GLVX+fRpOyaj06ftSu+e2Xd1TpVm+dRP/uMNUsYwAAGMIABDGAAAxj4QAaumqeA4tTI7GLVX+erduebrHmVGzXCntYJTWdX3qO5XT2+D/yQudl57GbHuTk3DGAAAxjAAAZ+GgPT5ml96d81EVN/p+t80WCcYqf9RH62V7WyNmrfzak1zDVKGMAABjCAAQxgAAMYeCMG7jRP68HvGorqr/Mud2k6XQB2it3RdGtHfrVXe6p68zf6MPy0mw37cduGAQxgAAMYwAAGfhYDd5un1SzsmppoPHbxyA1dzE8NSGjDdtqIZVt1K1Z9dT7R1BxzzRMGMIABDGAAAxjAAAY+hIFT8wSCD4HAjcZlY+2z4LOAAQxgAAMYwAAGMPC35gkEfhBgAAMYwAAGMIABDGAAAwMGNE+DQ/InM/5kBgMYwAAGMIABDGAAAxjQPGme3DJgAAMYwAAGMIABDGAAAwMGps3Tb/7HFPI/JBHjCRyvfM9XtWJf2U72eKW5Wnflv2rNXCfGp/2FZtmTbhqb1pvosuZV+7t6H3nNTvtV++jW5jv/MM3PLsbO7Hxmzuezzsfn4nc+73hu2frsPv4s1zk+c37xHJ6psXKjTrbP1vyTdV+xt5fW+JTmqR7aFcABVM27M48aYXe5u73s/Ls64Y/1woa/s3WNOu9ydr4ut/Ot/Oqv890aO3/Nr/PIq/46D121U13Nm85r/av5tC7d47/k7pxdfV53cmm/5hk55+895/UZ8Tn53mfwyGfAM3vtM3v2PP/U5+jZfQVbr6oT9X6sPTVP+SHFgWTfelN1Hm9054/4d9t4P90+Iha209z1nWrtYjv/nbVPNXaxnf/OuqHd1ar+Oo/8id3ldv7qq/PdelPdLv/KX+vneR5HneXrXhFftouHL+tiHLFsI3bHrvy7+umaWRfjWCvmnQ3Nsiue5zHe+SN+ss/k1rp3ay19ftV6eZ51MY54zDsbmmVXPM9jvPNH/GS7NWu9Oo96J3+tGznZVk2t18XDl+uscfirfVRX856Zrz09k/8bc+tziPlvfC/ftedP5OZPnvVPPc9X7WtSZ2m6158895fXPjVPa7F4g3UcG8nx8O20Of7d47Xv3R4iFnanu+M/1drFdv7fsG7ssXsPnW/pd/6otbO7vOqv86i380d82Ykm6++Oa/2Yh831Ol+3x50u14q8Ttv5am43v5PXaXe+nf/uHladO7W6+tXX1aua6fxOrU678+383b46behWrIt3vsg52V1e9dd51Kz+Na++pa2+O7pY62Rr/dBWf53vdOF/ld2t+6r6P63O7v3u/D9t/z9lP87rZ/3J05/i4lXP+arOLr7z/6n3+3Tdq+ZpLRBvKmxedPni1fmzL2qFflev5tR5l1c1V/NdjezP46t6V/GrWjm+xnlea1/Fs/6qTtbGeJdzZ91TrVP9yLtjp/Wmum7tXe7Srtgp3tXrfFEn18rjyOl8Ecv21bpc+zR+xbq1Rp2f1l+xkz5iYaNWnYd/YlduvCb6k2a6j5Ouxur8tP6KnfQRCxu16jz8V3aat9NVf53v1v/putj32ud0r5HT2bs1Yt2rvKqr+hyvsbzPHMs5WXNnnOud8jpd54saeW8xjli2Ecs2x2Oc42sc/myr5lldrn013q0VeV288y398tdX1Kl2osvrZH2tldfuYnd9ea28h65O1sY+Qhe5ocn+iFVf1UY8bM4LbfaFrtqJpuZ086s6V/Fac+njVWNr3tXrfFUbNU/arPmXbto8RZG6+SgYNm8w+2pezDtN5zvpIza1u/rVX+fT+p1uUmtpXqlb+zjV28VO/l3sznve1dj5u9rZt8ur/jqPGif/iu3iOf9KE9o7dldzsqe1zi4/72GiyfrJeFrzpMuxPJ6svzSnnIiFjZp1Hv679tk60/yTLsfyePpeTjkRCxs16zz8V3blTXJ3muzP49O6U92qMdUu3UQ71cX+7+ojr9rJ3iKnauv8pNtpV85VbMWrps5j7Svb1epyuvqd72r/ufYuP2t29WpundcaMZ/qQj+1V3W7+NS328M0P3RhV708zvWXfxfLukfGu7rVX/cwmXf7qXWzJmpWTZ3nnDW+ilf9bn5VZ8WvNFG76up8t+9Ol7U5nse7dcP/DzttnvLCuUAsHDbrsi/n5HGn6XyRc4qF5srualR/nV/VPcWvauX4Guf5qe5V7KpOjX/F2nXNeA87f8RPtuZ276Nqot7OH/FlJ5qsf3Y8WW9pTrpTLPY30YR2aqc1T7ocy+NX7CHX242n6+x0ue5Os/NPc0+6HMvj3ZrVf8rJsd241pvMV61cr+bsYtmfxzU/z6e6lXNHG/pJztJMdHnfz4yna+101V/nsbedP84mdNWuvC6389Xc03xXN3K6+lNf1Mi2y83xGO901V/nkV/tVFfzruZXdbv41Net3eUuXedfvuqv826NV/u6NTtffR9VczWPfVdd+KN+F+98NS/PHx1frRN1l+6k3cWqv85X/c4X/hq7msd+/2UnzdO/ktL/QVgsvGwex0a73NCG3WmqP+pX/535rkbn73x31sraU60u1vlyvel4Umdp4rXqTnKu1j/V2MV2/qu1Ir7y49W9j139nT/qdrVy7NXjvJ94P9lX1wvNzh/xsFl3qpt1d8bTmiddjuVx7GP54hW+bLuciOfYbpy1sU62Ed/ZXDdrco08rpo83413ayx9juVx1NqtneMxrjbX241rzp157K3m5LVyLPvzOGvqeKpbeUvbvWrNOo+c6q/zqa7m3Z2vdSY5O13113nU3vlX/JHYKSfWnNhVp6v1jK9bt6u308Weqq36iFd/nU91Ne80XzXvxnc5k/2FprN1H7t1qu5PzOv+6hq7vWV/Hq/8q3msUXXh72pE7JRzyov8qb1ap9ZZ+i6n83X77HSdr8ute5lq/jfvVc1TLJo3ncexyeqr86zLsTwOzV17qrFip9fdtar+au2qX/NTTqfvfI/UeCQnr32Vv4vv/Ln2nXGtV+dRa+eP+LITTdY/M461wkatOg9/2Bqv89BlO9Fk/WQ8rXnS5Vge1/V3sZ1/5ddYzMPWNR6ZP1NrmnvS5Vge1/eyi+38X3V+p3VO7+G075w31XX7yHUm4+laU91kzU4zrb/TVX+dx5o7/4o/EjvlxJp3bK1X57t9drpu3Vfr8hqr9qT+VJdr78ZX63Xxzpfrn/Z3lVvr5PlXjese63zto/NVf9VczeP9VV34a/2JPzSnmqGZ2Efr1Lw6j7Wrv86XrvOd/FF7qvlf/Vc2T90b6nzxRnIsjyN+xz6S/0jObk+nWrvYzr9bo/PfrXFXX9ec5lddnde6d+e7etVf57t1prpd/tSf18njlV/ntWaN13nVx3yqC/2VndY76WqszmMPd/0rr+bEPGzUfsY+U2uae9LVWJ3He7vr/6rzO60Tew9b30Odh67aV+tq/Zh/1Tqx3s4+u4+aX+ex7s6/4o/ETjmx5h1b69X5bp+drlv31brvWiPWvXo/XbzzRb1sO13nyzl5fEeb854Zd2tOfWvdrM3jGuvmse+aF/5Hc055ufZkfNrbKb/m1XnkVn+dL13nO/mj9lTzv/pXNk95A90m6hta8+rralxpak6dP5r/aF5df81PtbpY54u6K3aKh+5q3ayL8anu1bqn3KgftmrrPHTLXq2btTHe1av+Oo/8ak+6FTvFa63dvNbYzat/1Vu+6q/z07pT7a5G9t+p1Wl3vp0/rx3jTnuKLf0pJ3In9tk6d/I77c6383fvqdOGrostX+ePnJPt8nb1qrbO1zq73LqHO7qa282ne5nqYo3pPkO/s926U+0ut/qv9lr1ef1dbOfPud24y1u+6u/m1Rf1d/6Ih32lrqv1jC/2OLXdWjm3xte8+pZ+6ttp85ox7mpGrNrdvqrual7XPNW90nbxvH6NR2znX/FdbOef1AzNxD6yzsrp8qqvzrv3u6vVaXfvp1vnX9qvbJ5i8/nN5fG/NnfjF2GXG75Yo9qI7+zS72ITf10vz2t+jl2tG9paI+YR72xowlZN+Dsb2i62fBGvdqLfaXLdiSbWnmp3uqgTdqdb/onmlB81Ok3UXjbi2RfjiGUbsc5mXYynutDvbFcnfF1OxMJ2mvCFJttTLHShWXb58jzGO3/ETzbWeaZG1M+16jg02U40oa/aNT/FQh+aZXPOxJ813TjWyLbTLV/W7PYRuVW701/punj4Yq1ub4+ul2vmutV/dx577mxXK+u6+PJlzRqH76S/G4u6u7ydv+7tVCdrV72pNvK6PUQs20d0OT/Gj9Tpcia+teaVLvYV2rA5L2tinON1HJpsO0317eZRZxe/449ay668mNca4Q8b2tBF/nS+04V/2VozYjv/NB66KztZZ2ny61RzoquaNe9q7vw7ba77r9xnm6du0Vf6/rXh9I9VvHIdtV77fwTnPN/rPOsPkd3cc3+v5/7o89zxUf2P1pf3czlbz9jz+bnP5+6z8Tzf51menv2rnvOr6pz2+iNiP7l5+piHoCH0yxYDGMAABn45A35nv98X7fVM6+tHfHn95Z+V7z7D+kxf9dn9U3W/+7z+tf5Pa57ywf9rsz4svlxgAAMYwAAGfgQD+ff1q758+b3/fg2YZ+qZvh0DP615ersD9kv+R/ySx5Uf3hjAAAYwgAEMYAADTzOgefpzENVbuVfdzE3qVs3ToLy4Cfzp+/vO88pn0+0jx2Pc6X6Tb72P037jfWZ70k9jV+uuOq9aM9eJ8WmfoVn2pBP7cz/Df8PZZk5iPNn3s1zFWtme1r3S5XiMn6l3yhX77M+M5+/5P82A5unrIFq/EJ5+YId/TWVX+1Xr7uo/6//p+3v2/d3Jr2dR512tiabL+27f2nd+7faze387/65O+POaVzVqvM6j5sR2uZ1v1ar+Op+sR/N1P9u/86w7Njpf3uOKX2myvht3+Z1v5VZ/nXeana/zd/WWzssZYAADf4SBn9g83f1BuPT5tTuorInxSftIbJez/GvNU3wau1vnrn66j1fpfur+vmNfdc067858ounyHvX9ifVONXexnf/O+zrV2MV2/jvrhnZXq/rrPPIndpeb/Wt89aprdfqqmc67Wss3zf9TuthXrb/zV913zU9nF7Gwr9zjrmb11/luDztd9df5rh6/L9IYwMBLGPjtzVP3Q7P61rz61uF1vvDvciL+yOHv1rtb626du/q7+3lW/1P399X72q2388e5X8VD9yr7J9Y71dzFdv477/NUYxfb+e+sG9quVudb+p0/au3sLm/nv1pr5XW5nW+3p+zf5e38OfdPj9ceun3s/H96P9P63Z4jN2Jhw/8K29XsfGutnT/vo9N0vmm9XNvYl2gMYOBhBibN0/phlV+7xUKzi0/9ux+ONf+ky7E8rjW6eejDVs3OX3V1/mjes3Wu1l3xeNW18jw02eb4GufYGtd4N9/pwj+tmXXdOrG/iO302V/HkZttaLLvkfGq0+Xt/KG9iofuZOM9hO20Eetsp7/jWzVP+hyP9Xf6q3jOy3Wzf413sZN/F6u1Y97pO99pP1FrZx+pt8t5Zh9391f13Z6ufCser1pvMo/cuk74a43wh+3i1Vfnda0an8x3NbI/jyc1J5quZudbtXb+vE6n6XzTerm2sS/OGMDAwwxcNU/dD6rOtzaw/LvYnQ1Oa5x0EQv76Ppdfueb1H80r9a+W+ekr7E6j7V3/ojv7CRvp1n+GqvzWLf667zqcjyPQ7fszp81oZtqa26e72rs/JF7FQ/dHXuqeYrdWSNrJzWX5pW6tf6p3i528u9i+b3GeKe96496O/tIvUdydutf+ddau/VybqfZ+bqanTbX78aRE3ZpYhy2ywtfp+l8J33EpnZXv/rrfFp/p9vVu+uP+nfzdvqox/qijAEMvIyBU/O0+2G0879qU9P6J13Ewk73VvV1vup0vkn9R/Nq7bt1dvqpf6er++rmk9ydZuqf6tb+lrbq6zzex84f8Vfb3Xo7f6x/FQ/dHXuqeYrdWSNrr2rm+Brnea5zd3xVp8a/Yu26ZrynnT/iO7vL2/lXnV1s59+tfce/ap/qd7Gdb+e/s598DrlejMOeanaazhc1TrHQXNldjeqv86u6V/Fdvbv+WOdu3k4f9VhfnDGAgZcxcNU8rR9I3etlG2j+RZzpD8GTLmJhp/vt9NVX58/UnuZm3d31d/qpf6fLe8rjpc+vHOvGu/pT/1S31t5p7+yr077Ct9vbzh9rXsVDd2VXnfza6V+1Xq5/qtnFOl+uNx1P6ixNvFbdSc7V+qcau9jO/+hap3q72M5/tYc78bVGt84zvrV+l3+1r8hZNo9P9UIbtlsjauVY58vxyXhXo/N3vskaneZUaxfb+Vf9R2KnnG7PfL5IYwADDzNw1Tw9XLhpiqa1pj8ET7qIhZ2svbS7V86/U/MVebnGGt9df6ef+ne6uq9ub5PcnWbqn+q6/XXvIXy7uhF/td2tt/PH+lfx0J1srVHnOfcUy7o741PNXWznf9W6uzrPrnuVv4vv/Lt9hn+Xt/OvvF1s54+1XmnrWnW+22en22mv9ptrrXGd1/wcP605qVVrX83r2lkf6+1s1t4dn9ZdtXbxu/7Y16N5kc/6wowBDDzNwLs3T+uAdj9s6+GddDmWx7XGaf5oXq15t85OP/XvdJN9TXJ3mql/qlv73Wnre7mr7fIf8dX91XlXc6Lp8sLX5Xe+kz5ij9pH1jvlTPdxt8Zdfd3HNL/q6rzWPc13uTv/qvVo7LSPu7G6hzrf7bPT7bRXe8q11rjOc36Ohb/zdbGTLvQn+0j+Izl1D9MaVVfnUXfnj3jYqqvz0LG+JGMAA3+EgVPztBa880Npae/od2/oTo1OW31rXn3d2idNjuVxV2fnezSv1rtb56SvsTqPtXf+iC9bNWtefVkf452myz9po163l4jt8iOe7VTb7TPXuTOua9Z5V2ui6fLCV/PXvPpCu+wplnV3xqeaXazzxXordoqHbtmpLnJO+qt1T7lRP2zV1nnoprbm13mtc4qv2Clea13Nu1rdGlXXadZaVRfr7/wR7+wpp8a6efXVNVb8SlNz6vzR/EfzYv07+VVb56tm54u1qq3aOq96c1+gMYCBlzJw1TytxdYPpvrqNhGaLnbHF3U629Wpuk6zfFW35qHN4/BVG5quTvhqTp5HfvY9Mr5b50ofe7+ji5y6//BHrZhXXZ6HNvvWOPxRI+ZVF/OJ7qpG1Aqba+5yQxM5z9qot1uv1p/qal6e1zVjnjV5HPGwOTYdR25na42qqfE8D2325XHEO5t1a1w1NZ7noc2+PI54tVmTx1mX/Y+Mc601vqox1dyt261ba5zWztpVq9N2vp2220/27Wrt6nX7u6pxiue97MZ5zTze6cP/1ete7S3H8zj2W+1EU3PMfYHGAAZewsCkeXrJQk/8N1Dvsv76Yf+K9/KqOq/Yy5+s8Snv89kzdE5+GTzLkPzvYchn93vOHe/OHQMYeIoBzdOfA2j9Yqyvpx7WfxvQWvNdfwG/6/t6loFPef7PnpP8P/ezzdk+f7Z+vj1/hjh0hhjAwLcwoHkC3reAN/iTSF8usPlT2bQvbD7CQL74eCRfDu4wgAEM/AAGNE8/4CEMGgkfFs8JAxjAAAYwgAEMYAAD38yA5umbH4DG6SX/HZgfJDjGAAYwgAEMYAADGPjjDGieQPbHIdMgahAxgAEMYAADGMAABt6BgVPzlP9+doy/8ou2/+ZFY/eVvFkLbxjAAAYwgAEMYAADRwaumqea/JUNzVeuVd+nuQ8OBjCAAQxgAAMYwAAGMPAPBl7ZPMWfTu2ans6/8+VaefyPzf/3j/5yvKu3crI/63O9rMl+Yx8aDGAAAxjAAAYwgAEMYODvVzVPtfGo8wXb1BdgdvqIhe00J1+O5XGu1/kjzvrQYAADGMAABjCAAQxg4EMZuNM87ZqKqb/Tdb6A8RRbml288y9f9dd5rBu1T/GsNf7QD887/EeP3oP/eBcDGMAABjCAAQzMGbhqnqLpODUSu1j113k0Kbvmo9Nn7YrvXll3tU7V5nnUzz5jzRIGMIABDGAAAxjAAAY+kIGr5imgODUyu1j11/mq3fkma17lRo2wp3VC09mV92huV4/vAz9kbnPmtznOyllhAAMYwAAGMPCTGZg2T+tL/66JmPo7XeeLBuMUO+0n8rO9qpW1UftuTq1hrlHCAAYwgAEMYAADGMDAGzFwp3laD37XUFR/nXe5S9PpArBT7I6mWzvyq73aU9Wbv9GH4SffctibWzgMYAADGMAABjDw/QzcbZ5Ws7BraqLx2MUjN3QxPzUgoQ3baSOWbdWtWPXV+URTc8w1TxjAAAYwgAEMYAADGPgQBk7NEwg+BAK3GJeNtc+CzwIGMIABDGAAAxjAwPH/5wkgAMEABjCAAQxgAAMYwAAGMPBfBvzJkw+DDwMGMIABDGAAAxjAAAYwMGBA8zQ4JH+tzV9rwwAGMIABDGAAAxjAAAY0T5ontwwYwAAGMIABDGAAAxjAwIABzdPgkNwyuGXAAAYwgAEMYAADGMAABk7NU/6nv2P8lR2pfzpcY/eVvFkLbxjAAAYwgAEMYAADRwaumqea/JUNzVeuVd+nuQ8OBjCAAQxgAAMYwAAGMPAPBl7ZPMWfTu2ans6/8+VaefyPzf/3j05zvKu3crI/63O9rMl+Yx8aDGAAAxjAAAYwgAEMYOD4//PUNROdb4FU/XXeaXa+ALOrEbGwnebky7E8zvU6f8RZHxoMYAADGMAABjCAAQx8KAN3/uRp11RM/Z2u8wWMp9jS7OKdf/mqv85j3ah9imet8Yd+ePxHo/6jUQxgAAMYwAAGMPBZDFw1T9F0nBqJXaz66zyalF3z0emzdsV3r6y7Wqdq8zzqZ5+xZgkDGMAABjCAAQxgAAMfyMBV8xRQnBqZXaz663zV7nyTNa9yo0bY0zqh6ezKezS3q8f3gR8yN1KfdSPleXveGMAABjCAgfdlYNo8rS/9uyZi6u90nS8ajFPstJ/Iz/aqVtZG7bs5tYa5RgkDGMAABjCAAQxgAANvxMCd5mk9+F1DUf113uUuTacLwE6xO5pu7civ9mpPVW/+Rh8Gt0Tve0vk2Xq2GMAABjCAAQy8goG7zdNqFnZNTTQeu3jkhi7mpwYktGE7bcSyrboVq746n2hqjrnmCQMYwAAGMIABDGAAAx/CwKl5AsGHQPCKLlyNy+bc58nnCQMYkIkLfwAAAHJJREFUwAAGMIABDPxyBjRPv/wBalo0LRjAAAYwgAEMYAADGPgaBjRPmic3IBjAAAYwgAEMYAADGMDAgAHN0+CQdPJf08k7Z+eMAQxgAAMYwAAGMPCTGdA8aZ7cMmAAAxjAAAYwgAEMYAADAwb+/vvv/x8bDq45rCX0JgAAAABJRU5ErkJggg==" width="640" /><br />
<br />
After login, you may use the following commands to double confirm it's in controller mode:<br />
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAa0AAAC3CAYAAAChbAF+AAAgAElEQVR4Ae1dwbYbO47L7+av8omzn0XmMD3oh4eQFGWXy1U2Fj4UQRBUSXTRNz3d8+PXr1+/f/78+fv3//6PPz4D94B7wD3gHrh0D/zw0Pp7WP/48eO/l8ZrD/a/z8pn4jNxD7gHzuwBD63kVxUPKl6feTGu5ReBe8A94B74uwfKoRUva/2ceYDvGhZcl9dnPrtr/d2oPhOfiXvAPRA90A4tbZIzX+Jn1uLn5Lq8Zo7X/vK4B9wD7oH39MBhQyte8Phkl5kNgAqDjtpKl3kVB3jFZTxbI9/2PY3qc/e5uwfcA9EDhwyteMlzQ6n/p5BwKgw6mQZisBmnwzjGa+iFZZzXzPHaXx73gHvAPfCeHhgPreoFPsUzXoahEbpYcKp4hgemuPqqmcWxN9v3NKvP3efuHnAPtEMLL/vuBV7FFFc/mi/D0JRdDLnByT7QgH1GC/rQsvWXxj3gHnAPvK8H2qGFi+le+lVMcfVDO8MmNVe50IDt6oCjmtMczvf6fY3ss/fZuwe+owdGQyuaoXqJT/GMl2FovC7W7Qf5bFda4DKP14jbfseXwvfse3YPXLcHxkMrLrF6kSuufpYbnIyHZuliO5ysNvLZcj1eM8fr6zay78Z34x74jh7YGlrRFNULPXB8quZBHBqwE37FZU2sVa/KZR5zeM0cr7/jS+F79j27B67bA+XQ8qVd99J8N74b94B74Ft7wEMr+d8e/NZm8HP7RegecA9cvQc8tDy0/vVfDL96w3p/fqm6B767Bzy0PLQ8tNwD7gH3wG16wEMraVb+P8Tg9c4vvEfzdmp8AzfO8epneeT+7vC8V+47n9/n/xXmoeWhdelfWHd4CXloXedFeYd+ufLQv8PeyqGFy2d75gMd+SLY2TfX5fWORnCfyd2tZf57X5q+69efv8/49Wd8l/dIO7T0Ic5snDNr8XNyXV4zZ7J+Jneib851vsS+69ffhc/49Wd8l3fKYUMrmgqf7OGzpqsw6KitdJlXcYBXXMazNfLDruLgIIf5wNR2nIgpX/0JBzkrbhYPjD/QYst5HZdjWLNOrIHDalx98MJqDHrAV1zwpraqOc0PHu/pCD3UZl1gbFGLecCYh/WEx/nMhwYsxzgH8bDKYb/jcYzXXKfSUj54gXM+87w+b6geMrT0ItWvLjvj4fK7WMfJ8oDBVvtRnPldTcTYIhcWMfUDV2zXzzRQr7JaA7wM38WYz+tH9jnJmdQIDj541ok2c6u11q94U/woPdVRP/YTmOLqY98Z3mEc4zX01HacLrarE1qqp35oKpblaW37rx9e46GlF4jLmeIZL8NWuqt4phmY4uqHLmO8Rk3lMK7ryM80FFMfOoqzH2v1kTe1nM85iqsPboYHpvjKh15nVYO5VUzx8BULnQxj/cn6CA2uc4RepaG4+tiH4upXvMCDq3z1kc+243Qx1kB9xeCHTqalmPqcj7Xt6wdUdsbt0MIFVxcYglVMcfW73FUM8dDMPhHnT1Zb45kOYxmfMV1XNRVXHzqKsx9r9ZE3tZyPnApDPbXIg83yEWMLHca6dadbxRRXH/UqHPGJPUKD6xyhV2korj72oXj41Qc5sJoLPLOqmXEC29Xc1VF99aFX4Yjb/vvd+4rzaIcWCnYXVcUUVz+0M2xSc5ULDdiuDjiqOckJTsWb4rs85mMNy88yWWue+nomK80sv8sJ/iSn41QxxdXHvioc8Yk9QoPrHKFXaSiuPvahuPrgZXbKVZ76rN3FmBfrjlvFFFcfNSoccduLDK2uEapLVFz9TnMVm8SDg09WGzG2zOM1c7J1xs2wyFVcfegrDh+WtRhD/sRyHq85t8KZg/UOFzlhV3ldvIoprj7qVzjiE3uEBtc5Qq/SUFx97ENx9cHL7ISbcTIM+l0MHNiOW8UUV3+iDY7tP+/eV5zF6C8tFJ5eZMZTLHzFUCdsFwNvwnlEq9PNYlOs2ovmq8/Py7FYsw/ejkU+bJbbxZg/4WWcDNvR1Xz1QyvDOpzrr9aV9iqvih+lpzrqR/3AFFcf+6xwxGEnPOWErxj0wnYx5q24lU6GKxa+Ylrb/msH1p/7/fXr1++fP3/+968SHHp1OR2+ulTEoQGLmmqZX3GVk/EyLKsFrONP6oVOpdHh0MY+1Ga5GaZ5nb+qiVzw2CIGO9kL52ON/Mru6mY6lUaFZxoVdoQGax+pF1r4cA2sUQsc+IirZR7WGUexzEc+asLPuIEhDtvxdmPYA+ehDiz2wByvXz+k9IzLv7SUaP/8y/GZ3+PMsxfeXe7uznt/xxn7vN7/nfTQov/s6x1fAtd8/5fg2Tu484vsznt/9t52831W1/iuemh5aP31T8O7X2bzr/FlfuQe/CKu7y7Ohj+PnK9z6vN99Gw8tDy0PLTcA+4B98BtesBDy806alb84nz019Hd8/wXyfG/mKc9gd6DrfIQh614xt97l8+ev4eWh5aH1qAH4kX47JfN+c+/LKf3MOX5Tp6/k50zPOJeyqEV4vrZ2dyz3CMe7tk9fEO+z3n2pb3aOel386z9nVWn+u5N6095VZ0j8dhLtp8KP7L21bSyc9jdYzu0VOyIgqpZ+WfWqvbwDbjP+V5DK+4ru7MMe0X/nlWn2vu0/pRX1TkSj71k+6nwI2tfTSs7h909Hja0cAHVpjK8wliL19nDcTzTixzGmZ/pTbGVDmoyD1hWY8LjfOarHsc4h3nKYb/jcYzXXKfSUj54gXM+87o1clgHWohpPrhVHHzlVXzmVZzVnlBzYrsaWT7vr4oD77gc0zXyYSPOa/CBsUWMcziu66N4XLfSZJz5uqeVX+UC13zgsBoPP2LAwWMMMXBXHPCV96zmVA/1J/aQoaUPpj4OTjeU8cDpYh0nywMGW+0HuivLOpVWcCa8Ll/3AT3YKrfKU3yajzyuCww2YvgAC5vlKJblsUa11rzM59ysLsexzniKBXeKgZvxUXNid/OVrz7vS2PqY38Vjjg02eoaXNVSHzy2E05VDzqZRodxjNfQW1nkwPL+GKt0Mk5g+HBexuU4117hmX6Vn9VVrNLTfaz88dDSDUB4ime8DFvpruKZZmCKqw/dla3yFFcfuoqrX/ECD67y1Uc+247TxVgD9RWDHzqZlmLqcz7WU6tana8x1FBc/Wd5yD/CVnvLtCuu4uErFnoZ1uG8h0xT9dRHfoVP4ytepZ/hgSmuPup1FjmwwcUadpLPnMjLcjOM87g241We4upDQ3H1Kx7wHdsOrSiMTyU63VzGyzDU6WLBiXj1gQbsSgu8ia20FFcf2oqHX32QA6u5wDOrmhknsF3NXR3VVx96FY54ZjWn8zUGPcXV73jBzT7IOdpWe8vqVFzF1YfWLo68sFXuhLPKXcVRo+IFXn2QC1tpIA670oMOeJHHGHTYggvLMc7fwaGF2pybYVkd1tD1I3qcM123Qwsi1QNFvIoprn6Xu4pN4sHBJ6uN2K6ttBRXH3UUVx+8zE65ylOftbsY82LdcauY4uqjRoUjnlnN6XyNQU9x9Xd54L/CVnvLalVcxdWH1i6OvLBV7oSzyl3FUaPiVTjy2O5wOU/XrBNr9Tt+xJgPboZNuVluhmV6FQ/7gq14FY68iR0NrRCqik3xjJdh2HQX6/aDfLYrLeau1pWW4upDV3H1wcvshJtxMgz6XQwc2I5bxRRXf6INjlrV6nyNQUtx9Xd54L/KVvvTehVPcfWhs4sjL2yVO+Gscldx1Kh4FY48tjtcztM168RafeZzDPgUC75y1c84FZbhmV7w9FPxKlzzO388tEKkKqi4+llucDIeNtvFdjhZbeQ/anVv6qOm4uqjfoUjDjvhKSd8xaAXtosxb8WtdDJcsfAV09qZrznP+qiR6Si2Og9owUZ+poH41O7oaD31o2aGPYLz/itN5mQ1JnkTTqbNtY/QYL3VuqunscxXrHs+5Wa+Yti/4uEr1tWGDqzmVnrgT+3W0ApR3QgKYUNVHLngwUd+ZsGFnXCy+hmWae1g2FOlDXzFQ03mYY0YLDThVxb54MOf8JGTcR+JZTnYD2zUynjZHhjTnJWPOlyX9bBGHBZ5iLMFhy3HsUYc/rMWemwzzUm8ysvwwFgz1srLMOXAZy1gnZ1qr3hcF2utu9JQfuV3OlkM+0EMPusjxlisMxz5iMHPchFjrvJQh7ngMzeLZzzOmazLoTVJNufvP4txJkdcDrS+wfq86l76hvv3M17z/q/4vfTQSv499ogv0BUv+4jneoWGz+qaL6xX3LU173PXV/1eemh5aP31zzuvfrHEl4E/r65n/fu8KH1X77sr/k5edWBFf3hovWho+cv3vi+fz95n7x743B7w0EqGFv/K4LW/CJ/7RfDd+m7dA/foAQ8tD63T/3nQL4d7vBx8T76nK/ZAObT03zfP/ovj7Hq4HK7La8Rt/UV2D7gH3APv64F2aOnFnPkSP7MWPyfX5TVzvH5fw/rsffbuge/ugcOGVrzg8cmaKhsAFQYdtZUu8yoO8IrLeLZGvu13f2F8/75/98B7e+CQoRUveb5I9SM2xaCT8RGDzTgdxjFeQy8s47xmjtfvbVqfv8/fPfC9PTAeWtULfIpnvAxDM3ax4FTxDA9McfVVM4tjb7bf+4Xx3fvu3QPv7YF2aOFl373Aq5ji6sfFZxgaooshNzjZBxqwz2hBH1q2721Yn7/P3z3w3T3QDi00R/fSr2KKqx/aGTapucqFBmxXBxzVnOZwvtff/WXy/fv+3QOv74HR0IqLqF7iUzzjZRguvYt1+0E+25UWuMzjNeK2r29In7HP2D3gHuh6YDy0QqR6kSuufpYbnIyHzXaxHU5WG/lsuR6vmeO1v0zuAfeAe+C9PbA1tOKyqhd64PhUl4o4NGAn/IrLmlirXpXLPObwmjlev7dZff4+f/eAe6AcWm4ON4d7wD3gHnAPXK0HPLSS/+3Bq12S9+MXh3vAPeAe+E8PeGh5aP3rvxjuL4Zfju4B98CVe8BDy0PLQ8s94B5wD9ymBzy0kmbl/0MMXu/8+ng0b6fGWdx4Fv6cVZfrcP1POlt+xkfWPpf+r6KzegX38MgdfkLOWeccZ+Wh5aG19QvrzOb806CL/2rEJ3zhH3mGb39JTs/srH799vs465z/vBN+/fr1++fPn3+9uHAJbKeNcgTvzEPg/XJdXjNnsn4md6L/Ls5RzzXVmfLedR7vqjs9lynvXc/x6rrf/vyvPl/on3nO5V9a2SYyDJs+2p5Zi/fOdXnNnMn6mdyJ/rs4Rz3XVGfKe9d5vKvu9FymvHc9x6vrfvvzv/p8oX/mOR82tGLT+OBB2GYPVWHQUct6WE85GR9YWNVRf8XlOPSAsRYwtR0nYspXf8LhHPC5LjDm6brjTLSUwz7XYjxbMzfWzNEY/ODwGjmMxTrDORf8qYUe2yp3xeF4toZuFgPGHKwrGzmIIR8WuNoqR3nhQws24+xg0MEeYFWDecpRP8sF1umAw1b5VS3lscZ0DW1oIU994GERQy7HeK28is+8isO6k/UhQ0s3o35sZIph0xkfMdiM02Ec4zX0wjLOa3AyDDG24MEipn7giu36mQbqVTZqrOpkuZqTcYB13C6G/LATnnLUhx5wWNUPXGPqQ2tqOX+Vo1z1Ob+LTXmqoX7oZBj0qxhw2EqH4ytNxDureuErNt1LllflYk9VzjTe8VbayGUbOZyX+crvfMRYMzDVrXjgIv6oHQ8t3SgKTvGMl2Er3VU80wxMcfVDlzFeo6ZyGNd15GcaiqkPHcXZj7X6yJtazuecCgdnFQcvbMftYlONrkamH5ji7PM609Y477NaT3Mq3i6u+6jyweN4rNUHL7PM5bjqREy56iO/whGvbJWnuPrQU1z9igc8bJWzik00Om3O57XmdL7GoKO4+s/ykL9j26EVG8SnEn3mIarcqNXFEMfe1Open9GCNmtmGMexP8UyvNqb4uxrfY5lNTOsyqlwaEziwcEHeWpXOuCveFU8wzMMdcJqfOVzbrcOHdVSfhXfxae64LF+rNUHDxYcWOBsWYNxXiM/s8ybrquaimf1gHEtzYtYhq1yEF/lMg/7UQsOrMbhcxzrsBGvfI2Bp7j6HS+42Qc5j9p2aEG02mjEq5ji6ne5q9gkHhx8stqIsWUer5nD6+BUvCm+y2M+1rC8t9W6yqlw6HVxjakPjbBdbIdX6WR4hnW1lK8+507WkV9pHIXrPipd8BCHDRxrWOVW/gpHPKxqc+yRdaWnuPpdLeWqr7ldvIuxzpTHOdVatTpfY9BUXP1dHvjP2NHQigLTzWIzyle/01zFJnHsY4fLe+Q1a2XrjJth2V52eczHGjbbW4VVORUOnSqe4Rm20kEcttMIThXP8AxDnUxL+epz7s4608mwbE+oU/ERh13xEIflmhkGXeYx1uHMY23GH11Xeoqr39VjLq+rnI7TxVhvyuOcaq1ana8xaCqu/i4P/GfseGhFkWc2rLnhK8YP0sXAm3C6fUNHOZ1uFptiWgf1NV995nEs1uyDN7FZ7kSr4iie6fO+lM8xXk94ylEfehVexZWvPvI6m+VkWGgorj7X6WK7vNBiPfWrvXHObs1MkzUeWet+sufYrQtN2G5fK84qDu0pD/zKqs6zPupkOooFN8Og8YzdGlrdRmKD+FQbQhwPAzvhV1zWxFr1qlzmMYfXzIk1arBVDni7ODSzvEqz22ulw1qoOdXpeKoFv9oH4rAZL2IZrhg0On4XCz2Nr3zdQ+aHhn4yHjDmAsus7i3jAGPNLG8Hg1Zo8xq1gLPfraHBtuN3MdaIdXBhNU+5K57mZ36lwdzdusxnncla97PyQ3NSjznQhNV9KbfiaV7nl0OrS3Lsn/+87K5ncUTz3PXZve/796/v8Hvv0EOL/g82vumL4KH1vV/6b+pzP+vn9bmHlofW6J/f/OX/vC+/79R3esce8ND60qF1x2b1nv2SdQ+4By47tPAf4LlJr9Gk334f/ufU9/Uheg+2eicgDlvxjL/3Lp89fw8t/6U1+ufBb38RxPM/+2Vz/vMvy+k9THm+k+fvZOcMj7iXcmiFuH52Nvfp3E85myOa6NPvOp7vauek/XfW/s6qU/XUtP6UV9U5Eo+9ZPup8CNrX00rO4fdPbZDS8WOKKiad/Szc8iwOzzbXfd99tle5ZxiH9leMuwVZ3RWnWrv0/pTXlXnSDz2ku2nwo+sfTWt7Bx297g1tEK8KooLgOWNVDngcBz5sOBUFjy2GZfjsc44E6zL5RjWYflT1WAOcpXLOPMzXhcPPsd1zXpdTHnwOQeYWuWEr5yVjxxoga8+8LCIIZdjvFZexWdexeG6XOORdVcj0+P9VXHgHZdjukY+bMR5DT4wtohxDsd1fRSP61aajDNf97Tyq1zgmg8cVuPhRww4eIwhBu6KA77yntWc6qH+xB4ytLIHU0x9bK7CI97FJvGuxkobuWq7PI7Fmv1uv8qruODBVrxH96x56nPdLBZx5agfeYpleaqf+ZqX+ZyX1eU41hlPseBOMXAzPmpO7G6+8tXnfWlMfeyvwhGHJltdg6ta6oPHdsKp6kEn0+gwjvEaeiuLHFjeH2OVTsYJDB/Oy7gc59orPNOv8rO6ilV6uo+V//TQ0o2hoOLqVzzgYaucVWyi0Wlzvq67PI7xmjUUVx/cDA9McfWRz7bjdDHWiHXHjVgWV0x91KhwxDOrOZ2vMegprv6zPOQfYau9ZdoVV/HwFQu9DOtw3kOmqXrqI7/Cp/EVr9LP8MAUVx/1Oosc2OBiDTvJZ07kZbkZxnlcm/EqT3H1oaG4+hUP+I49ZGjFBrMPbyR7iAxb5SC+ymVetrdpPnRguzyO8Rq5YRUPv/pwXparcfZVk2O81v1wTNcdt4oprj5qZHhg2afKUQ32eY38sIqrD67i4Vcf5BxtdQ+dfsVVXH1o7uLIC1vlTjir3FUcNSpe4NUHubCVBuKwKz3ogBd5jEGHLbiwHOP8HRxaqM25GZbVYQ1dP6LHOdP1IUNrXIz+HTZyqoOCXhfvYsif1GDuZN3V5RivWVdx9Zmr6ylXeeqzbhdjXqw7bhVTXH3UqHDEM6s5na8x6Cmu/i4P/FfYam9ZrYqruPrQ2sWRF7bKnXBWuas4alS8Ckce2x0u5+madWKtfsePGPPBzbApN8vNsEyv4mFfsBWvwpE3sW8bWpPNd5wuxg8+5XFOt+70OMZr1lNcfebqesLNOBkG7S4GDmzHrWKKqz/RBketanW+xqCluPq7PPBfZav9ab2Kp7j60NnFkRe2yp1wVrmrOGpUvApHHtsdLufpmnVirT7zOQZ8igVfuepnnArL8EwvePqpeBWu+Z2/NbSqghWeFQYXNuMAW3FW8akOeFOb1VUs/AzLaigv4wQ24SknfMVYv4sxb1W/0slwxcJXTGtnvuY866NGpqPY6jygBRv5mQbiU7ujo/XUj5oZ9gjO+680mZPVmORNOJk21z5Cg/VW666exjJfse75lJv5imH/ioevWFcbOrCaW+mBP7Xt0EIR2E4UHLYZH/EsplhwFVMfemyVEz7Hsc54UwwasJoXuNZVDvvQYctxaCmW+aoBP+NCF5ywHW83lulxLcRhK/0M15yVHxrBwSfTVA40YTUHWmyVw5pZ7BGM62Gd6SAWtorv4MFlzUw3w7IaqlVxGJ9qr3gR1w/Xwd4Ue8Tv9pLFeF/Yh/LUx74yfKLHdcAHBm224LDlOHI1Hr7ydv1yaO0Kmf/vP5GPuJxvOlOf17/755vu3s963bu/4vfSQyv599gjvkRXvOwjnusVGj6r6760XnHf1rzHfV/1e+mh5aH19J/ruy+h+DLwZzff/Hu89HxP97on/k5edWBFT3lovWho+Qt7ry+s78v35R64Rw94aHlonf6Xll8O93g5+J58T1fsAQ8tDy0PLfeAe8A9cJse8NBys96mWa/4q8978l8j7oFze8BDy0PLQ8s94B5wD9ymBzy03Ky3aVb/oj33F63P2+d9xR7w0PLQ8tByD7gH3AO36QEPLTfrbZr1ir/6vCf/NeIeOLcHPLQ8tDy03APuAffAbXrAQ8vNeptm9S/ac3/R+rx93lfsAQ8tDy0PLfeAe8A9cJse8NBys96mWa/4q8978l8j7oFze8BDy0PLQ8s94B5wD9ymBzy03Ky3aVb/oj33F63P2+d9xR7w0PLQ8tByD7gH3AO36QEPLTfrbZr1ir/6vCf/NeIeOLcHPLQ8tDy03APuAffAbXrgskML/180v/VXzKv/P4e+Wv9b783Pfe6vbp/39523h9ZFf2G9eqi8Wt8vk+97mfjOfedn9EA5tOKlpp8zNuQa/2n8Vw+VV+uv7vHd9Vf7m8aPfo6j9abPYZ4Hzl16oB1a+hD+Qp3X2K8+61fra++o/+76up9H/aOf42i9R5/Leed9133We2e9NbTicKsvVeD84YuocsDhOGswDq5a5Vc5ylOdiQ9taCFHfeBhEUMux3itvIrPvIrDutUauVM95lWaga94HNc160aMfWhXWKelOStftaq9ZLwJN6tfaame+qGVYcBVN6vN3CpufO/F6vN63XkdMrSyL41i6uNSKzziXWwS72qstJHLNnI4L/OV3/mIsWZgqlvxwEV8x2Y1dB/QU1z9XV7wK41Kq8oJHdVSH5oTu5u7y6+eA3tb6WXxKYYamQ2NTCfjGnvdC9lnuz7bp4dW1eiKq4/LqfCIPxqDdqfRaXM+rzWn8zUGHcXVf5aH/JU9uu5UD/uq+F08y8mw0Khw6Fd2N2+Xv9rbSi+LT7HqmY2vX5Q+o+uc0SFDK7402Ycv+pEvVpYDzS4GTthsX8CY13HB05qdr7GpRsfDvtUiZ8e+Yn9Z/Wkdzc3yplhoZVytUfmRO83f4UG3y+li1XNVOahXPafx67yIfRfzuzhkaE0PXL9c6qtOF+9irDPlcU61Vq3O1xg0FVd/lwf+rn22ruarj/3s4l1eppVhoVHh0J/Y0FjprOLZXrqcLpZpVRg/X2iudJnv9fwF6rM6/6zeNrQmX6KO08W4kaY8zqnWqtX5GoOm4urv8sDftc/W1Xz1sZ9dvMvLtDIsNCoc+ju20+pi1T66nC72iB4/50qbuV6f/zL2mc/OfGtoVU1f4dklgAubcYCtOKv4VAe8ldV6z/qol+koFtwMg8auDS3VUx+aiqu/ywt+pdFpZTmBKa4+NCc2y80waHWx4Gg8fMWglfE5lsUrvaxGhkG/0kHcdvZC9Tm9/pzaoYVGhu0uBBy2GR/xLKZYcBVTH3pslRM+x7HOeB0WeRxf+VqXc3mN/cAijzlYg8MWsR0b+cGf6hzN09rYDz+D1qw4qsUau2uuifVKAzxY5QMPGzH4yoOPOCxwWOBhA4NFHBjzMk7GZ8zr17+Afcb7Z1wOLR/m/mH6zM4/s9XL2Hdy/p34zH3mr+wBD62L/m8PvvLSP0nbQ8svyE/qZz/Lup89tDy0/vVPnnf70nhorb/kd7tT79d32vWAh5aH1q2HVtfcjvnl5x74vB44dWjFr2L97DQV/6pWHY51mlNep4FYp5XtDxjyn7G7tZ+pFbnYe1WX47p+trbz/37x4Ix9Nn+fjc/ks8/k9KH1aEPpy1L90M0wrnfEFx0asKw/Wa/2ONXodLrYRF85qqe+8tnf4XKe1/2LJ87VZ9ufkXvoM8/ntkMra8juS4wYbJa/i+1q7fKz/UADtuNksUcwraV+pTnldfmhoZ+KfyT+7N6P3Iu1PvPl63t97F5vMbSmL5COhxjsEQ2zo7XD7fYGHdiM28UyfodVWhUOrVUcvMpW+RVe6TyKn1Xn0f0577EXns/t/ud2+tCKl8HuC2HKr3iM8/rZBt7RWnEjPuFgzx0XWh2HdTpeFatw1sX6EbvSD81dTvD1o3vTOPvKxR4qTuDMQT748HcscmG7XHDYdvxJTLXC1zzGlJ9xV5zIYQ7rQ48x5iJue/9hhTs8dWihaFhuMsZ1/SxP83PmsGoAAAbsSURBVNXXejv+VGvCC07H05j61b5XvIh3nCpW4bGPLlbtU/HQmOh0HI7xWmtl/oSfcRiL9crPak8x1tacLqbcqa+a4SsWWsBgGeNaHAf+KBZ5+ECrqstxr+83zN42tKYNlTVx1mgVT3H1M60pNtWa8rq6qqH+Tm7H1VhVp8Ijv4up/soPrU5vGut42R5W/CrOOK+zc9F4to8O6/K7WKdZxSq9DA9M8ZWPus/wNDc0Mwy1bO83sP7c6a9fv37//Pnzrz/xz7jQVUOt4thjxcvwDIPOrp1oTTiruplGhlU6O1zVqHJ3cdXd9aPeTs2M22nofrJ85kArs+CpxspH3tSqnuZhb4o/4le1MjzDtCb2llnmZnFgymMf6+BibXvPIaX3dum/tCYN13HQ3JXVw9j1u9rQmnDArWy1f+BVHvBn9lDl7uLYy7M2qxsY47zO6im/4mQ4sFWN4Cln5UN7alWvygvelNtpZLFMN8M0d8KJnGd503zdn/3rDrjLDq1Js0042nyP5KgG/InWhAO9Hbuju8PN9qD56nNOF2Peo+tKn3Fed3U6XhcLzVU842iO+t1es9hu/i6fa1a5GZ5hrBXrCecI3rSO7s++h9Zff6KvmunZeNV0K90qL8NXWqs4awZ3l8/51XqlOamrGuqjdoUjvmMzrcAyHLpdPMvLMNbCurJdfuRofOVXdSpc9ZiXxTKMc1ZrzQ9fsdDIsEz7SF6lVeHZfoxdd1Dx3Zz6l1Y0ED68CV1PGg06alVL/Ym25rCv9dhnXqx3akFHNSq/04ZWx4EuuPArC16n2cUq3QrnelhXXOAdDzG2yKssc2Od8ZTDPF5H7srP9DtM9ZgbMf1w/JF1ppftIcOqeqpZ5a54XV5V2/g9hpTe06lDS4tXftWAFd/4PZvv6Htz35zfBz7z88/86O/N3fQuN7T8JfCX4JEvkfvm/L7xmZ9/5o98Nz4t53JD69MO2M/zui92vDTx8Tm/7pxxtjhrWOC2rz97n/E/Z+yh5f9/Wul/VuMvyT9fEp+Fz8I9cJ0e8NDy0PLQcg+4B9wDt+kBDy03622a1b92r/Nr13fhu3hXD3hoeWh5aLkH3APugdv0gIeWm/U2zfquX3au678q3APX6QEPLQ8tDy33gHvAPXCbHvDQcrPepln9a/c6v3Z9F76Ld/WAh5aHloeWe8A94B64TQ94aLlZb9Os7/pl57r+q8I9cJ0e8NDy0PLQcg+4B9wDt+kBDy03622a1b92r/Nr13fhu3hXD3hoeWh5aLkH3APugdv0gIeWm/U2zfquX3au678q3APX6QEPLQ8tDy33gHvAPXCbHvDQcrPepln9a/c6v3Z9F76Ld/WAh5aHloeWe8A94B64TQ94aLlZb9Os7/pl57r+q8I9cJ0e8NDy0PLQcg+4B9wDt+kBDy03622a1b92r/Nr13fhu3hXD5w2tH78+PE7+5z14FH7rFq7dbJzufJ+d5/PfL/g3APugaN64NShlW36rJfzWXWyZ+ywal8V3mk55heDe8A98Ok9cNmhFS9tfLpLAKd6yXNc16yb5XdYp8W6q3VWI8vJeBmGXN1fxX2UhzpsH9Wq9sbaXvtl7B5wD0QPvHVoVS8rxdVH8yquPnh/HnTxz4NZboUprj7XXa0jd5KfcTJs8qzYU5WPOGzGU0x95Kqd8jTPvl9Y7gH3QPTAqUMrXlj8yZqweqkprj60dvEuL9PKsD8HuRiKqFPZ0K20K/2Mn2FZzWd5mq9+VrN6jopr3C8p94B7QHvg1KH1V/HkRV+9/BRXH9q7eJeXaWVYaFQ49Kc2dDKtZ7CsdqZX8bAntcpHXHH1pzzNs+8XmHvAPfDWoRUNGC8wbkT1EVNc/Yq3wrt4ViPDQqPCob9rVU/9qmbGy2ofzeMaoT3Rn/JY22u/tNwD390DHlr//9/Tyl6yUyy+RBn3mS+X6qlf1cx42T6O5r2rRlbX2He/1Hz/n33/lxta0XD6QlUfTam4+uBlmhzL4qGV6WV4xlP9ys9yJzUyDmpkmoixPZKXaT2D8T69/uyXkO/X97vTA6cOrXiJ6afaLPMqTuBTnnIjT3VVq+Kolurs+FwT6yofcewLNuMzF+tX8lCD7TP1slxjfrm5B9wDpw2tT2m2eCl/yrP4OfwCcA+4B+7WAx5am//bgx5a/pLf7Uvu/bpnP6kHPLQ8tPyX42YPfNILwM/igXa3HvDQ8gvLQ8s94B5wD9ymBzy03Ky3ada7/SL0fv1XjHvg+B7w0PLQ8tByD7gH3AO36QEPLTfrbZrVv1qP/9XqM/WZ3q0HPLQ8tDy03APuAffAbXrAQ8vNeptmvdsvQu/Xf8W4B47vAQ8tDy0PLfeAe8A9cJse+D9vfwS5mFKg4QAAAABJRU5ErkJggg==" /><br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-63525930798457196972020-05-06T15:41:00.000-07:002020-05-06T15:54:18.644-07:00Cisco SD-WAN with GNS3To avoid turning this blog into a book, I assume the following:<br />
<ul>
<li>You are already using GNS3 and know how to build basic routing/switching lab.</li>
<li>You understand the concept of GNS3 appliance.</li>
<li>You know how to download software from Cisco (sorry I cannot provide any Cisco software images or licenses)</li>
</ul>
<br />
This blog is based on the following software:<br />
<ul>
<li>Windows 10</li>
<li>VMware Workstation Pro for Windows</li>
<li>GNS3 2.2.7 for Windows (with GNS3 VM)</li>
</ul>
<br />
<b>Cisco software images</b> (download from cisco.com):<br />
<ul>
<li>vManage: viptela-vmanage-19.2.2-genericx86-64.qcow2</li>
<li>vSmart: viptela-smart-19.2.2-genericx86-64.qcow2</li>
<li>vEdge: viptela-edge-19.2.2-genericx86-64.qcow2</li>
<li>vBond (same image as vEdge)</li>
<li>CSRv with SD-WAN: csr1000v-universalk9.17.02.01r-serial.qcow2. This file is optional. It is a Cisco version of vEdge (a.k.a. cEdge). Some customers prefer using Cisco routers as SD-WAN edge because they already have them purchased. In your lab, you may use vEdge, cEdge or both.</li>
</ul>
<br />
<b>GNS3 Appliance Templates</b> (download from gns3.com):<br />
<ul>
<li>vManage: viptela-vmanage-genericx86-64.gns3a</li>
<li>vSmart: viptela-smart-genericx86-64.gns3a</li>
<li>vEdge: viptela-edge-genericx86-64.gns3a</li>
<li>vBond: Make a copy of the vEdge file above, name it viptela-bond-genericx86-64.gns3a, change line 2, 4 and 8 to indicate a vBond template. It's just cosmetic. Example as below:</li>
</ul>
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;">{<br /> "name": "<b>vBond</b>",<br /> "category": "router",<br /> "description": "<b>vBond</b>",<br /> "vendor_name": "Cisco",<br /> "vendor_url": "https://www.cisco.com",<br /> "documentation_url": "http://www.cisco.com/",<br /> "product_name": "<b>VIPtela Bond</b>",</span></blockquote>
<div>
<b><br /></b>
<b>Empty QEMU disk file</b> (download from <a href="https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/">https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/</a>):</div>
<div>
<ul>
<li>empty30G.qcow2</li>
</ul>
</div>
<div>
<b><br /></b>
<b>License file</b> (generate from cisco.com. See <a href="https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-1/">https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-1/</a> for details):</div>
<div>
<ul>
<li>serialFile.viptela</li>
</ul>
</div>
<div>
<b><br /></b>
<b>SD-WAN icons</b> (png format, download from below):</div>
<div>
<ul>
<li>vManage <div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCqG4GmxqHOOXNkW915xk1kauLLrkLA1fm3xGwMSf5q385kXW59L83b6J0yQoCzHN8qUE7auT-0t4TTUWWLwyCZQRXqU14D6DWwBhBHqqAk2Go3zZOAnhqG7__reom5aw3CENpswlL8oG2/s1600/vManage.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="105" data-original-width="102" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCqG4GmxqHOOXNkW915xk1kauLLrkLA1fm3xGwMSf5q385kXW59L83b6J0yQoCzHN8qUE7auT-0t4TTUWWLwyCZQRXqU14D6DWwBhBHqqAk2Go3zZOAnhqG7__reom5aw3CENpswlL8oG2/s1600/vManage.png" /></a></div>
</li>
<li>vSmart<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGfeoaDKYParb4SxExzRbxE3coKowicTjJYv_PMgswqeXLaEqcniRKM3YxpWlEy56AaP50oGAiVHve1vpGrtTZ3OdhGWwNjJVP4aJjgtyOclrfx_bUKml1KrJWoZ8hBR1EydkHK4Skoaor/s1600/vSmart.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="105" data-original-width="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGfeoaDKYParb4SxExzRbxE3coKowicTjJYv_PMgswqeXLaEqcniRKM3YxpWlEy56AaP50oGAiVHve1vpGrtTZ3OdhGWwNjJVP4aJjgtyOclrfx_bUKml1KrJWoZ8hBR1EydkHK4Skoaor/s1600/vSmart.png" /></a></div>
</li>
<li>vBond<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipxRP087v4oBqgfG_waHI8Wdm7XB-v1j-mbmYFHWGPsdbNDKKNBQCuC_gXv49QoQ79YiP5h0Fftyh8-AW-MaS2CMA43pNuVvCcMB0SG0JEqHpY_Y7KPft_HVaMs3vHQECl4ovQSNoFVPmK/s1600/vBond.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="108" data-original-width="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipxRP087v4oBqgfG_waHI8Wdm7XB-v1j-mbmYFHWGPsdbNDKKNBQCuC_gXv49QoQ79YiP5h0Fftyh8-AW-MaS2CMA43pNuVvCcMB0SG0JEqHpY_Y7KPft_HVaMs3vHQECl4ovQSNoFVPmK/s1600/vBond.png" /></a></div>
</li>
<li>vEdge<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIeRUkjnDoFoLrowhQgCL8N4Fuy0DbLlgD5sEZgpkCLPsKmcUlsG8d_hAyaeTs_iNHSojvkRGW_DldSqyw7IugHLB7xVzrJ2MPo5R7C1qMBezVMjfsHvYJqCFTk_O6NxaWFlM-RbL_RgbK/s1600/vEdge.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="88" data-original-width="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIeRUkjnDoFoLrowhQgCL8N4Fuy0DbLlgD5sEZgpkCLPsKmcUlsG8d_hAyaeTs_iNHSojvkRGW_DldSqyw7IugHLB7xVzrJ2MPo5R7C1qMBezVMjfsHvYJqCFTk_O6NxaWFlM-RbL_RgbK/s1600/vEdge.png" /></a></div>
</li>
</ul>
</div>
<div>
<br /></div>
<h2>
Steps to import SD-WAN appliances into GNS3</h2>
<div>
1. From GNS3 > File > Import Appliance.</div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9kf416JFu9xPPUx2p2B82PHCQbh5y03J3fuOWuT_d332O8QBKDSo6XSCR_0H6m4oRU0WRATNGFL6h44mpFAB_jc0uhn4XB_0t3MGUrd1kPNjqOBWigmoFIWatr_EgyW8-3-MqVsQA38P/s1600/Import.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="452" data-original-width="416" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9kf416JFu9xPPUx2p2B82PHCQbh5y03J3fuOWuT_d332O8QBKDSo6XSCR_0H6m4oRU0WRATNGFL6h44mpFAB_jc0uhn4XB_0t3MGUrd1kPNjqOBWigmoFIWatr_EgyW8-3-MqVsQA38P/s320/Import.png" width="294" /></a></div>
<div>
<br /></div>
<div>
2. Choose the GNS3 Appliance file (.gns3a) from your hard drive. e.g viptela-smart-genericx86-64.gns3a</div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsmRPG2zachzylf2A9DMrqPj8vf5XhyphenhyphenJsS-Q1UyEea_xBgkQOh6-UpyzLiNDRouosVAOfcKVuyIp47cDE32P3BNcIR0vOTO4MzTCI6vx7xRjmfJJc5koUc4x6iGOkyjInIH8aP0BmYhZZ_/s1600/Import2.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="448" data-original-width="807" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsmRPG2zachzylf2A9DMrqPj8vf5XhyphenhyphenJsS-Q1UyEea_xBgkQOh6-UpyzLiNDRouosVAOfcKVuyIp47cDE32P3BNcIR0vOTO4MzTCI6vx7xRjmfJJc5koUc4x6iGOkyjInIH8aP0BmYhZZ_/s320/Import2.png" width="320" /></a></div>
<div>
<br /></div>
<div>
3. Install the appliance on GNS3 VM</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwYuuXqafpsiMNUyYtwfzp5bjevx0JlRzWnwg6uI8o8oIrBszczk9FBymmOhb0UL3Eik17uPawdPAouvPuBgJ8Z-YNQ7XZKS2JdGZcZ6-i0VJTGcRAEN4I7jzL_HzSQZsPeJY771Hb-M3Q/s1600/Import3.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="632" data-original-width="902" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwYuuXqafpsiMNUyYtwfzp5bjevx0JlRzWnwg6uI8o8oIrBszczk9FBymmOhb0UL3Eik17uPawdPAouvPuBgJ8Z-YNQ7XZKS2JdGZcZ6-i0VJTGcRAEN4I7jzL_HzSQZsPeJY771Hb-M3Q/s320/Import3.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
4. QENU V3.1.0 is chosen by default</div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7LOP4ZjwUyAsdRfll6F0CrqoAcfRum4Pc5Jo2jv2L6wBNuqMPeuvP3_RF2Q29YtG9SS3nX-XkQcxk7XhNyrlQH849ccLWJO9ef4SUxFXoARh41YFNpwhdwiH5vKr439KTlKBV42erCmsJ/s1600/Import4.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="631" data-original-width="898" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7LOP4ZjwUyAsdRfll6F0CrqoAcfRum4Pc5Jo2jv2L6wBNuqMPeuvP3_RF2Q29YtG9SS3nX-XkQcxk7XhNyrlQH849ccLWJO9ef4SUxFXoARh41YFNpwhdwiH5vKr439KTlKBV42erCmsJ/s320/Import4.png" width="320" /></a></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
5. Cisco software image we use here is version 19.2.2, which is not on the list. We may choose "Create a new version".</div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-fklMThCicFnLg5ppoeT4OI9XibNNfd5zhmGfFnDD_bSbTYxc8QdpeVp2qzTT0BsCuMHqpL7nykG-CBrQ06iUpweJP-pSeq7wvm_ID9b6EClSB4Jl1i_wmN-fq-cb6ZKfzhbnGvqsVglY/s1600/Import5.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="632" data-original-width="897" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-fklMThCicFnLg5ppoeT4OI9XibNNfd5zhmGfFnDD_bSbTYxc8QdpeVp2qzTT0BsCuMHqpL7nykG-CBrQ06iUpweJP-pSeq7wvm_ID9b6EClSB4Jl1i_wmN-fq-cb6ZKfzhbnGvqsVglY/s320/Import5.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div>
6. Type in 19.2.2. Again, this is cosmetic only. You may upload 19.2.2 image under the label 19.2.0 and it still works. But it is a good idea always be accurate.</div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjakt2H-U0TT5VEKHrazJXa8Uu44wpejaEId85zAKPeYEmmE0EDG8vwEt3LBSz4BejMZlFUmhhMpx_nU2GRvaCHywa59jwn06dmVNh6B2vhgaBB-sSUIKdfzAm2J5_Sry55ldewF3Pb5YEz/s1600/Import6.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="631" data-original-width="898" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjakt2H-U0TT5VEKHrazJXa8Uu44wpejaEId85zAKPeYEmmE0EDG8vwEt3LBSz4BejMZlFUmhhMpx_nU2GRvaCHywa59jwn06dmVNh6B2vhgaBB-sSUIKdfzAm2J5_Sry55ldewF3Pb5YEz/s320/Import6.png" width="320" /></a></div>
<div>
<br /></div>
<div>
7. Highlight the missing file under the newly created 19.2.2 version, and click "import"</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQzKVSKlGxyxzjSF-3l_V4HxLveYXm5oDBaxXrZ2UwP1Lvp0O_a3GuL36yJkPRRff6J4EAqig4A2qemIG8fkyVX1SHnhAQqnwi7pSz7moUuTKMIp2H4bw0PH3YFdHPbDtpQm4YNocMw3RJ/s1600/Import7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="894" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQzKVSKlGxyxzjSF-3l_V4HxLveYXm5oDBaxXrZ2UwP1Lvp0O_a3GuL36yJkPRRff6J4EAqig4A2qemIG8fkyVX1SHnhAQqnwi7pSz7moUuTKMIp2H4bw0PH3YFdHPbDtpQm4YNocMw3RJ/s320/Import7.png" width="320" /></a></div>
<div>
<br /></div>
<div>
8. Locate the Cisco SD-WAN image file (.qcow2 file) on your hard drive. It will start uploading to GNS3 VM once you choose the file. For some appliances (such as vManage), you will need a secondary qcow2 file (empty30G.qcow2). Repeat the same steps to import the second file.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRDBhOPRMrBAWUic7_8FbGkMouuwmEqOb-rAwXJGfAQAJ7Kjij-uYF2-onJM6hv982T0DUr1XPIxLYWLCwo48NW17vbwt01sea1LxY4e4J_rDAADuK2Pe4A5fznvuAT3MndVdSlwPVy9SL/s1600/Import8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="631" data-original-width="901" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRDBhOPRMrBAWUic7_8FbGkMouuwmEqOb-rAwXJGfAQAJ7Kjij-uYF2-onJM6hv982T0DUr1XPIxLYWLCwo48NW17vbwt01sea1LxY4e4J_rDAADuK2Pe4A5fznvuAT3MndVdSlwPVy9SL/s320/Import8.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
9. Once it finish uploading, you will see "ready to install" message.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-x4-v5hSMjhKs-L01PJSIBwgHJz1JlXu7Bjl1JKDVkpgK5db-Q2351FWhukJs2OwP6Dm8-mPcg_Z4ZOIa2y8dXp-9zAiTq8gpmkKHHZdAGuX7sKagg5xkyOmzWO7t7Ik63YfG6dFM9USg/s1600/Import9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="629" data-original-width="897" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-x4-v5hSMjhKs-L01PJSIBwgHJz1JlXu7Bjl1JKDVkpgK5db-Q2351FWhukJs2OwP6Dm8-mPcg_Z4ZOIa2y8dXp-9zAiTq8gpmkKHHZdAGuX7sKagg5xkyOmzWO7t7Ik63YfG6dFM9USg/s320/Import9.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
10. Click "Next" to continue install. Click "Yes" to confirm.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCjLWsefEgLod_A-NViBiL1BMKg2flM49NscbOwzWx1ragOcQLCqLQpjp18segr_9w7lhAi5i1S5y-dpIQh0OpVew0GPGTt7t20XbiibgbFVbFcj2SRiJT3vyFCH5-8oUFoRAF0qc_20xJ/s1600/importa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="899" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCjLWsefEgLod_A-NViBiL1BMKg2flM49NscbOwzWx1ragOcQLCqLQpjp18segr_9w7lhAi5i1S5y-dpIQh0OpVew0GPGTt7t20XbiibgbFVbFcj2SRiJT3vyFCH5-8oUFoRAF0qc_20xJ/s320/importa.png" width="320" /></a></div>
<div>
<br /></div>
<div>
11. Here is the completion screen.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9pbamklpEL4zGha7H3MFcT2CuiCepQkP2Fr_VXD0IFDpuLMh018Sio236LxiG4931dGJHRvZTdES_OTZ8kyeRWgvQdE_cOWgLuQpOs3K3zqIVY39-Yj_wZj_2jKhn2I2gtPgWk2gfBoth/s1600/Importc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="630" data-original-width="897" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9pbamklpEL4zGha7H3MFcT2CuiCepQkP2Fr_VXD0IFDpuLMh018Sio236LxiG4931dGJHRvZTdES_OTZ8kyeRWgvQdE_cOWgLuQpOs3K3zqIVY39-Yj_wZj_2jKhn2I2gtPgWk2gfBoth/s320/Importc.png" width="320" /></a></div>
<div>
<br /></div>
<div>
12. SD-WAN appliances are put into "Router" category in GNS3. By default, router appliances are given the dark green hockey puck icon. Optionally, you may change that to more distinguishable SD-WAN icons. Right-click on the newly added template, then choose "Configure Template".</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6j1k268sPjLrMwm57NQQKxc1-_jLtcv2p80YseincERUJ-QFZ_eN4vHLVWDObeI0F1CU8QHT-YACpMdYQM_WxHCp6Pm9oQ4uSHYAvPK32B9VMeE9sGyvQtyYRbmvTzBwYh7OCUZm1a4H3/s1600/ConfigureTemplate.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="627" data-original-width="375" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6j1k268sPjLrMwm57NQQKxc1-_jLtcv2p80YseincERUJ-QFZ_eN4vHLVWDObeI0F1CU8QHT-YACpMdYQM_WxHCp6Pm9oQ4uSHYAvPK32B9VMeE9sGyvQtyYRbmvTzBwYh7OCUZm1a4H3/s320/ConfigureTemplate.png" width="191" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
13. In "General Settings" tab, click "Browse" button on the "Symbol" line.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4TDIoafMQZBsT-eRJzv6QL-4B6varPO0A68hSW21kkye6CEV7X4Y3RY6uYooHkotPXYI_XxjOOetRw_gRjVxO17F-V_HgKC1lKpiDI1Gt7KGdLGF3ZZ89xcVO0PYSDByJ8GTz5acrmmQX/s1600/Symbol.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="587" data-original-width="583" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4TDIoafMQZBsT-eRJzv6QL-4B6varPO0A68hSW21kkye6CEV7X4Y3RY6uYooHkotPXYI_XxjOOetRw_gRjVxO17F-V_HgKC1lKpiDI1Gt7KGdLGF3ZZ89xcVO0PYSDByJ8GTz5acrmmQX/s320/Symbol.png" width="317" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
14. You may either choose from a set of pre-installed symbols(icons), or choose to upload a custom one. Here we choose to upload a PNG file. You should already downloaded the SD-WAN icons in previous steps. Use "Browse" button to locate the PNG file on your hard drive.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBpDlxGv7Yc48RVhiLPbDmJIg8DAMDXUFJPO8zl3dfFsOYk6SGoKnOpJtr976Cn9CtT4U88XwutO6IIGdkmnt40_EiyC0UDkZZWfLprTicyakUucqUG3llDWrPxfImfR3AV1v6zVMbjm9W/s1600/Custom.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="172" data-original-width="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBpDlxGv7Yc48RVhiLPbDmJIg8DAMDXUFJPO8zl3dfFsOYk6SGoKnOpJtr976Cn9CtT4U88XwutO6IIGdkmnt40_EiyC0UDkZZWfLprTicyakUucqUG3llDWrPxfImfR3AV1v6zVMbjm9W/s1600/Custom.png" /></a></div>
<div>
<br /></div>
<div>
15. Now you have the beautiful light blue SD-WAN icons for each appliance templates.</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyowCF-Ypo80IJ2C_8Nxg0zQtKhssmyp3PN-CL59je2M8H-m3oLm1mzjBsG0SzMgrEQAWCfffFnh1f4nLNPv9mKFDUlnxnPLfgPJxpco3L1MAWMxipxKTXOoRfUQQlxWF-BuQ04eMHmwz4/s1600/Templates.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="361" data-original-width="333" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyowCF-Ypo80IJ2C_8Nxg0zQtKhssmyp3PN-CL59je2M8H-m3oLm1mzjBsG0SzMgrEQAWCfffFnh1f4nLNPv9mKFDUlnxnPLfgPJxpco3L1MAWMxipxKTXOoRfUQQlxWF-BuQ04eMHmwz4/s320/Templates.png" width="295" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-24860318769484690362020-05-06T10:23:00.002-07:002020-05-06T10:23:54.498-07:00Network Virtualization - OVA or QCOW2?20 years ago, when I was working on my CCIE R/S, I had to borrow a Cisco 2501 router from a friend's company during the weekend and return it before Monday. Routers were too expensive for me (and they still are) to build a lab.<br />
<br />
Virtualization changes everything. IOU(IOS on Unix) was a well-known secret on Sun Sparc platform. And then Cisco 7200/3600 on dynamics. Then IOL(IOS on Linux) with various front ends including famous GNS3 and EVE-NG. Then Cisco's official network simulator VIRL.<br />
<br />
More and more manufacturers offer virtual appliances of their network products. Virtual appliances are offered in various formats to support VMware, KVM, MS Hypervisor, etc. Two of the popular formats are ova (for VMware) and qcow2 (for KVM).<br />
<br />
It's pretty straight forward if you plan to run the virtual appliance on physical host. For example, if you have VMware Workstation/ESXi you'll choose ova. If you have KVM, you'll choose qcow2. However, it's not so straight forward if you plan to use them with GNS3.<br />
<br />
GNS3, along the time has evolved a lot. GNS3 is a client/server application suite. The best practice is to use GNS3 VM, which is a Linux virtual machine with GNS3 server preinstalled. With GNS3 VM, you may have all kinds of software images (IOS, IOS-XR, NX-OS, Viptela, etc.) contained in a VM. Makes it easier to package, distribute and share your labs.<br />
<br />
If you already have VMware (either Workstation or ESXi), you probably want the GSN3 VM run on VMware. How about those Cisco appliances? Shall you download the OVA file so that you may run them on VMware as well? Not exactly. In order to take advantage of GNS3's user friendly GUI front end, You'll have to run Cisco appliances inside GNS3 VM. You'll have to use qcow2 (KVM format).<br />
<br />
In theory, you COULD use OVA format. If you do so, you'll run Cisco appliances outside of the GNS3 VM. You could still connect those appliances to your GNS3 virtual routers. But it would be very cumbersome.<br />
<br />
<b>In short, if you plan to use GNS3, always download the qcow2 format.</b><br />
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoWVi9XDCfbAC0y4m_MHua3BEnJ2Tw-1sVmRvl8Vge-duvZl2GeT80kJZILBVaJGlGCNJ9KIZXeW2hPCi2ka6Ga5DYj-YfjorwzIHdwJYmtJk6DLCjKW1iuiVD35U-JTgE_uhry_0wjeDy/s1600/1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="414" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoWVi9XDCfbAC0y4m_MHua3BEnJ2Tw-1sVmRvl8Vge-duvZl2GeT80kJZILBVaJGlGCNJ9KIZXeW2hPCi2ka6Ga5DYj-YfjorwzIHdwJYmtJk6DLCjKW1iuiVD35U-JTgE_uhry_0wjeDy/s320/1.png" width="320" /></a></div>
<b><br /></b>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-45957671220817525792018-08-22T09:04:00.004-07:002022-12-29T17:09:29.222-08:00Excel, AXL, and Cisco CUCM<h2>
Introduction </h2>
Cisco CUCM (CallManager)'s clumsy web GUI has earned its reputation. :) It might be OK for a small-to-medium business to perform daily operation on the infamous CCMAdmin GUI. But it's a nightmare for large organization, especially service providers that need to perform MACD(Move, Add, Change, Delete) on hundreds or thousands of entries.<br />
<br />
DevOps is the trend. No exception on CUCM. All CUCM configuration is stored in database. You could view or change the database if you know a little bit about SQL query language. You either do it from CUCM CLI (command line), or via web calls (SOAP/AXL).<br />
<br />
Though database is the most powerful and flexible way to view and change CUCM configuration, it requires you understand the database structure. You'll have to read the "Database Dictionary" on cisco.com to figure out which table is for what function. Some of the functions require more than one table, which makes things more complicated.<br />
<br />
AXL (Administrative XML Web Service) is another option to manipulate CUCM configuration in a relatively easy way. Instead of having to know database tables, fields, keys, etc., you may just tell AXL that "I want to list all users with first name Michael". Then AXL will do the leg work to query database and return desired results.<br />
<br />
Obviously, we need to have AXL service running on CUCM. We also need a user account that has AXL privilege. Using admin account is the lazy way, but you should create a dedicate AXL account. To verify AXL service is running and the account has proper privilege, you may put the following URL into a web browser, where "cucm.domain-name.com" is the FQDN of your CallManager server.<br />
<br />
https://cucm.domain-name.com:8443/axl/<br />
<br />
You should see the following displayed on the web page:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg94bvYmb8RSMPLaYvz8Wiqtw6LBbgUbT5uBrryNCqaTKYe1I0WC_uTvoMaaPqWBv8giSs1wq3RBpueRwb8OjbQ7jH5vKmFeILXySB6OYmq_lQCpLICvKtYRf01Z_tVNwwckzaSLnvBZAye/s1600/7.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="188" data-original-width="597" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg94bvYmb8RSMPLaYvz8Wiqtw6LBbgUbT5uBrryNCqaTKYe1I0WC_uTvoMaaPqWBv8giSs1wq3RBpueRwb8OjbQ7jH5vKmFeILXySB6OYmq_lQCpLICvKtYRf01Z_tVNwwckzaSLnvBZAye/s400/7.jpg" width="400" /></a></div>
I'm not going to turn this article into an AXL tutorial. For details, please refer to <a href="https://developer.cisco.com/docs/axl/">https://developer.cisco.com/docs/axl/</a><br />
<br />
<h2>
Excel and VBA</h2>
"Why VBA? It's so old-school! You should be using Python!"<br />
<br />
I'm not a big fan of VBA. However, Excel's dominance makes it the most common tool across industries. Office clerks, field engineers, end users, almost everyone has Excel installed on their computers. Almost everyone knows how to use Excel with no (or very little) training. In network integration or migration projects, we're still seeing a lot of data being stored in Excel (or CSV) format.<br />
<br />
Thus we need to use the data already there to program network gears including CUCM. VBA is the only built-in script language for MS office suite. Which means, end users don't have to install any additional software to run the script.<br />
<br />
Unfortunately, VBA is not as popular as Python or PHP from developer perspective, especially when it comes to network programming. There is very little information online to show you how to get things done (concerning network programming). That doesn't mean it can't be done. You'll just have to spend more time on research and test.<br />
<br />
I did quite a lot of research online. Couldn't find a complete example of how to make AXL calls to Cisco CUCM from Excel spreadsheet. I'm sharing my script here so you don't have to reinvent the wheel.<br />
<br />
<h2>
AXL, SOAP, and SoapUI</h2>
I assume you know how to code with VBA scripting. I assume you spent your time reading AXL, SOAP (basically XML). And of course, I assume you know how to do administrative work on CUCM Admin GUI. We're not going to cover those topics here.<br />
<br />
You may think AXL as programming API. Before using the API, you need to know what functions are available in the API. And you also want an easy way to test the API (without involving language-specific coding). I recommend you download a free version of SoapUI (<a href="https://www.soapui.org/downloads/latest-release.html">https://www.soapui.org/downloads/latest-release.html</a>). Use SoapUI to open the AXLAPI.wsdl downloaded from Cisco (<a href="https://developer.cisco.com/docs/axl/#!download-the-axl-wsdl/download-the-axl-wsdl">https://developer.cisco.com/docs/axl/#!download-the-axl-wsdl/download-the-axl-wsdl</a>). Then you may test the AXL calls and examine the SOAP/XML being sent and received.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj28zs41n8U9zjthDe5vejl9YMbhR0m3StdrVHemiGowGRVnsNWmfsrfEth3AhW9XtzgEWppCXbEswEDASmGb__HPwxs6EPXDSUnpm9IBNL3QUnd-dfHgL_IHBm-LDTSJo4966dREZsW3sz/s1600/1.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="968" data-original-width="1464" height="263" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj28zs41n8U9zjthDe5vejl9YMbhR0m3StdrVHemiGowGRVnsNWmfsrfEth3AhW9XtzgEWppCXbEswEDASmGb__HPwxs6EPXDSUnpm9IBNL3QUnd-dfHgL_IHBm-LDTSJo4966dREZsW3sz/s400/1.jpg" width="400" /></a></div>
<br />
In the screen above, the XML code on left hand side is the request, the XML code on right is the response from CUCM. It is a example of querying a Calling Search Space (CSS) and get all partitions in that CSS.<br />
<br />
<h2>
Excel and VBA Script</h2>
Now we build an Excel spreadsheet like below:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhys_2u167MMkc0LRVVPmyFo11IoVyZJ7tOLndETNO6xZ2NW_0cRclzfYww9iC-r8SQ7_4lHr1S48aGP5Ub7TYTn4L-0XsdGIwIGrc0ikwVLRm5dPsaJ-uBuKIEYdW5fEXet2fCcJc_Fvuh/s1600/2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="472" data-original-width="819" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhys_2u167MMkc0LRVVPmyFo11IoVyZJ7tOLndETNO6xZ2NW_0cRclzfYww9iC-r8SQ7_4lHr1S48aGP5Ub7TYTn4L-0XsdGIwIGrc0ikwVLRm5dPsaJ-uBuKIEYdW5fEXet2fCcJc_Fvuh/s400/2.jpg" width="400" /></a></div>
<br />
There are a few cells in the spreadsheet need to be filled out:<br />
1) The FQDN of CUCM publisher (AXL server)<br />
2) Username<br />
3) Password<br />
4) Calling Search Space (CSS) name<br />
<br />
When click on the 'Execute' button, the script will reach out to CUCM and retrieve all partitions in that CSS. Then it'll fill the partition names in cell B8, B9, B10, ... so on so forth.<br />
<br />
You see another benefit of using Excel is that:<br />
1) You have a place to store the data input<br />
2) You have a place to store the data output<br />
<br />
This is what it looks like on CCMAdmin:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXbArqJlFN4EFFqjm5DjhUoQJnVBZlZnBmKjzFlVqSvWmFndO_CShClv28zuxSqmzA9PZDxC1NIbhE1PDtFDWZ4R2V3MsB4pbBreo8fWGwR05Dfu1VQ196QLKjykOlbnQG0JcA5hDq_kbV/s1600/3.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="565" data-original-width="570" height="396" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXbArqJlFN4EFFqjm5DjhUoQJnVBZlZnBmKjzFlVqSvWmFndO_CShClv28zuxSqmzA9PZDxC1NIbhE1PDtFDWZ4R2V3MsB4pbBreo8fWGwR05Dfu1VQ196QLKjykOlbnQG0JcA5hDq_kbV/s400/3.jpg" width="400" /></a></div>
<br />
This is what it looks like after clicking the 'Execute' button in spreadsheet:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY-obrTJhgxwdsWrCYD84fUWcgmvoD88n3U_Mk9GLiFAWb_H8ULvP42RrvS7flrGSG8qSo7DFElgBXZBGDxqQso5HZjS4sOTCgf8uIz3WSsLe8ueysh1uKiHd4R-hoxXS3uO06Px_upjhT/s1600/4.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="418" data-original-width="811" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY-obrTJhgxwdsWrCYD84fUWcgmvoD88n3U_Mk9GLiFAWb_H8ULvP42RrvS7flrGSG8qSo7DFElgBXZBGDxqQso5HZjS4sOTCgf8uIz3WSsLe8ueysh1uKiHd4R-hoxXS3uO06Px_upjhT/s400/4.jpg" width="400" /></a></div>
<br />
This is the script:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQVwgYb0TTqgi40i0u0tzbVOv0fVCkI1-SerlvQxP7jCiRwdNIg3fP8FQs5SkvBzW91DL4oNk_6D73rmtCP28wH0Zy3sHyFdgxBd1ZxxLgglLQ8Z40K-dMcNbVN_x9fmKgTuET2-JOmBXL/s1600/5.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1000" data-original-width="1155" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQVwgYb0TTqgi40i0u0tzbVOv0fVCkI1-SerlvQxP7jCiRwdNIg3fP8FQs5SkvBzW91DL4oNk_6D73rmtCP28wH0Zy3sHyFdgxBd1ZxxLgglLQ8Z40K-dMcNbVN_x9fmKgTuET2-JOmBXL/s400/5.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
By the way, in order to use the XML objects, you need to enable the reference to "Microsoft XML v6.0".<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpAByZHpaIjhtRUdtKwZHNWLaZYNhVMIEj8fQ1n_Mdpo1woVVXkVkvwem8FLoEGaqTNXqZ2014JtQzriBSixIJ7ln_NR6nvSEVQ-mRSdDa82xLE7u3UGk_HeLa_iuF5Ci_Sl3F9c3cspii/s1600/6.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="364" data-original-width="445" height="326" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpAByZHpaIjhtRUdtKwZHNWLaZYNhVMIEj8fQ1n_Mdpo1woVVXkVkvwem8FLoEGaqTNXqZ2014JtQzriBSixIJ7ln_NR6nvSEVQ-mRSdDa82xLE7u3UGk_HeLa_iuF5Ci_Sl3F9c3cspii/s400/6.jpg" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com5tag:blogger.com,1999:blog-5691248957365391455.post-35996116569817943112018-04-06T19:23:00.001-07:002018-04-06T19:44:50.352-07:00Network Automation with TCLMy company has a large (and not very well managed) network. Different VLANs have different "ip helper-address" (DHCP) settings. Some of them are pointing to development DHCP, some of them pointing to production DHCP, some of them are pointing to VDI environment.<br />
<br />
For the production environment, there are two DHCP servers (A and B). They are supposed to back up each other. However some of the VLANs might be configured to use one of them but not both.<br />
<br />
The DHCP administrator wanted to perform a DR test, which he would shut down one of the DHCP servers and see if the clients still be able to get IP address from the other server.<br />
<br />
Before he can perform the DR test, he needs to make sure that DHCP server A and B are referenced in pairs, which means a interface either references both servers, or reference neither server. If the interface references only one of the two, it'd be a problem. We need to fix this problem before the DR test.<br />
<br />
So the workflow is pretty straight forward:<br />
1) SSH into a switch (where the IP interfaces are configured).<br />
2) Use "show ip interface brief | exclude unassigned" to display the interfaces with IP configured.<br />
3) Use "show run interface xxx" command to review the configuration. If one of the DHCP servers (A or B) was referenced but the other one of missing, we need to add the other one to the configuration.<br />
<br />
* If both are present, it's fine. If none of them present, that's fine.<br />
<br />
This is a simple but tedious work. Because we have a bunch of switches. Some of the switches have more than 50 SVIs. Visual inspection would be time consuming and prone to human errors.<br />
<br />
This is where automation should kick in. You may use other program languages. I chose TCL because it was built in on IOS.<br />
<br />
In privilege (enable) mode, type "tclsh" to get into TCL shell. Copy and paste the script into the command line. It will create a procedure called "check". Then type "check" (without quotation marks). Below are some sample outputs:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Example 1: No problem found.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFvdJ_TwtsJsdV0lt2DnP4rOqWdKahiBdfBAqafMEprGgi9l-nV3h5s8jLJtVJMTz5HQZMKNB5Reu5r-sRX4372UlEFXpYfAmo6vwqf38kdhaQ9_S1EkGBSDAS-2vFPdZ96g-2xCQS98AM/s1600/1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="535" data-original-width="646" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFvdJ_TwtsJsdV0lt2DnP4rOqWdKahiBdfBAqafMEprGgi9l-nV3h5s8jLJtVJMTz5HQZMKNB5Reu5r-sRX4372UlEFXpYfAmo6vwqf38kdhaQ9_S1EkGBSDAS-2vFPdZ96g-2xCQS98AM/s400/1.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Example 2: Found some interfaces missing one of the helpers.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifl9OoMK795kn-pnhyQz2ZyUk3099EuJ8dU19Ydv-ruBq8kpyIKvbQ6eyFFjqhNOw5BMWj7pOGLVIYN9-pdVsP2rSZDnZZo94Y_8rA5Spx5WkPjiEgVS0IgbHT9y2YFYAPdndsFzFbOsz5/s1600/2.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="276" data-original-width="642" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifl9OoMK795kn-pnhyQz2ZyUk3099EuJ8dU19Ydv-ruBq8kpyIKvbQ6eyFFjqhNOw5BMWj7pOGLVIYN9-pdVsP2rSZDnZZo94Y_8rA5Spx5WkPjiEgVS0IgbHT9y2YFYAPdndsFzFbOsz5/s400/2.jpg" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Script is as below.<br />
<span style="font-family: "courier new" , "courier" , monospace;">proc check {} {<br /><br /># Define the two commands we want to check<br />set str_helper1 "ip helper-address 10.50.23.27"<br />set str_helper2 "ip helper-address 10.202.32.30"<br /><br /># Define missing_commands string<br />set str_missing_cmds ""<br /><br /># List all the interfaces with IP address.<br />set str_sh_ip_int [exec sh ip int br | ex una]<br /><br /># Break the output into individual lines and put them in a list. First two lines are headers.<br />set list_int [split $str_sh_ip_int \n]<br /><br /># Get the number of lines<br />set num_num_of_lines [llength $list_int]<br /><br /># Skip headers, start from 1st interface<br />set num_current_line 2<br /><br /># Process each each line (each IP interface).<br />while { $num_current_line < $num_num_of_lines } {<br /><br /> # Get the interface name from each line.<br /> set str_int_name [lindex [split [lindex $list_int $num_current_line]] 0]<br /><br /> # Do a "show run interface" againt the interface name.<br /> set str_sh_run_int [exec sh run int $str_int_name]<br /><br /> # See if helper1 exists but not helper2<br /> if { [string match "*$str_helper1*" $str_sh_run_int] && ![string match "*$str_helper2*" $str_sh_run_int] } {<br /> append str_missing_cmds "interface $str_int_name\n $str_helper2\n"<br /><br /> # See if helper2 exists but not helper1<br /> } elseif { [string match "*$str_helper2*" $str_sh_run_int] && ![string match "*$str_helper1*" $str_sh_run_int] } {<br /> append str_missing_cmds "interface $str_int_name\n $str_helper1\n"<br /> }<br /><br /> # Move to next line (next IP interface)<br /> incr num_current_line<br />}<br /><br /># Missing helper on some of the interfaces<br />if {[string length $str_missing_cmds]} {<br /> puts "\n\nIP Interface(s):"<br /> puts "----------------"<br /> puts $str_sh_ip_int<br /> puts "\n[expr $num_num_of_lines-2] interface(s) checked. The following commands are missing:\n"<br /> puts $str_missing_cmds<br /><br /># All interfaces are good<br />} else {<br /> puts "\n\nIP Interface(s):"<br /> puts "----------------"<br /> puts $str_sh_ip_int<br /> puts "\n[expr $num_num_of_lines-2] interface(s) checked. No Problem Found."<br />}<br /><br />}</span><br />
<br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-1059248613434651902017-02-20T11:00:00.000-08:002017-02-20T11:04:09.541-08:00IP Calculator Functions for SpreadsheetSpreadsheet (e.g. Microsoft Excel) is a very powerful tool for network engineers. I use spreadsheet to build network configuration scripts, especially for large scale deployment/migration. For example, how about crating 100 VLANs and their corresponding SVIs with HSRP?<br />
<br />
Due to the format of IP address we're accustomed to, it's not very easy to build configuration scripts with native spreadsheet functions. For example:<br />
<br />
Given a IP subnet "10.2.0.0/22", what is the last host IP in the subnet? Or what is the wildcard of the subnet?<br />
<br />
I've tried different tools and add-ons and settled for "IP Calculator for Excel" (<a href="http://trk.free.fr/ipcalc/">http://trk.free.fr/ipcalc/</a>) due to the following reasons:<br />
<br />
1) Integrated and Unified - it was built with VBA macros. You may use the functions just the same way as the native Excel functions. e.g. "=ipAdd(A1,2)" takes the IP address from cell A1 and returns an IP address with addition 2. Thus you may build formulas the same way you do in any regular Excel spreadsheet.<br />
<br />
2) Light weighted - the macro is less than 40k. Thus it won't add too much weigh on your spreadsheet.<br />
<br />
3) No EXE. It is embedded into spreadsheet as macro. Thus it doesn't trigger any security or policy alerts. Of course, you still have to enable macros from Excel though.<br />
<br />
4) IPv4 and IPv6 support.<br />
<br />
If you're a network engineer who works on large scale network, take a look at this tool. It'll save you tons of time and human errors. Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-34712497295382015682016-05-13T18:52:00.001-07:002016-05-13T19:03:29.751-07:00QoS Test Tool on Windows 7 (or above)<h2>
The Hunt</h2>
<br />
I was trying to find a packet generator for my customer. Customer wants to run the packet generator on Windows 7 (or Windows 10) to mark DSCP on outgoing packets. So he can test QoS policies on Cisco routers.<br />
<br />
This would be an easy task if we were to generate packets from a Cisco router. We just use extended ping and specify TOS values. See <a href="http://routerric.blogspot.com/2010/05/dscp-to-tos-conversion.html">http://routerric.blogspot.com/2010/05/dscp-to-tos-conversion.html</a><br />
<br />
This is also an easy task on Windows XP with the "ping -v" option or Linux with the "ping -Q" option. See <a href="http://robert.penz.name/654/howto-to-quick-test-a-dscp-based-qos-system/">http://robert.penz.name/654/howto-to-quick-test-a-dscp-based-qos-system/</a><br />
<br />
However, this is a not so easy task on Windows 7 (or newer version of Windows) for two reasons:<br />
<br />
1) The "-v" option has been deprecated since Windows 7. It has no effect on the type of service field in the IP header.<br />
<br />
2) Microsoft changed the IP stack in Windows. Packet generators used to work on Windows XP no longer work on Windows 7. ("No longer work" meaning lose some functionality, such as DSCP marking).<br />
<br />
Due to historical reasons, most of the packet generator apps were originally built on Linux and "ported" to Windows later (e.g. iPerf). The developers didn't build the Windows variant from scratch and didn't follow Microsoft's recommendation (i.e. use Microsoft APIs). Thus when MS changed the IP stack, it broke quite many apps.<br />
<br />
Microsoft's "Policy Based QoS" makes things more confusing. There are many misleading and incorrect articles on Internet.<br />
<br />
I spent the last couple days researching this and tested many different software. I'd like to share my experience so you know where to look at.<br />
<br />
If you could generate the packets from Cisco router or Linux, it'll be the best choice. If Windows is your only option, read on.<br />
<br />
If you're still running Windows XP, there are quite many software out there that can mark DSCP in IP headers. Just Google it and you'll find a bunch. No tricks here.<br />
<br />
If you're running Windows 7 or later version, things get complicated.<br />
<br />
<h2>
Software that works and doesn't work</h2>
<br />
First of all, not all packet generators can mark DSCP on Windows 7, even if they claimed so. For example: iPerf, "iPerf For Windows" (commercial ware), D-ITG, TamoSoft all claimed to be able to mark DSCP on Windows 7 but they are not.<br />
<br />
I haven't tested every software out there. But here are the two tested to work: PingPlotter and Ostinato.<br />
<br />
<h2>
Policy Based QoS and Application QoS</h2>
What's interesting is - regardless working or not, many of them have wrong information regarding Microsoft registry keys and Policy Based QoS. For example the following URLs have wrong info and has no effect on their applications:<br />
<br />
<a href="http://www.iperfwindows.com/IPERF-QoS-tests2.html">http://www.iperfwindows.com/IPERF-QoS-tests2.html</a><br />
<a href="https://www.pingman.com/kb/article/setting-dscp-qos-byte-on-packets-with-windows-7-8-95.html">https://www.pingman.com/kb/article/setting-dscp-qos-byte-on-packets-with-windows-7-8-95.html</a><br />
<br />
On Windows, there are two places DSCP can be marked:<br />
1) By applictions<br />
2) By Windows<br />
<br />
<h3>
Policy Based QoS</h3>
If application doesn't have the function to mark DSCP, we may have Windows to mark it. Even if application is capable of marking DSCP, we may have Windows to override it. If Windows marking was involved, it is called "Policy Based QoS".<br />
<br />
<h3>
Application QoS</h3>
Some applications are capable to mark DSCP. We call this "Application QoS" (or "QoS aware applications"). From packet generator perspective, we'd prefer Application QoS. It's easier to set different DSCP values from application than configuring policies in Windows.<br />
<br />
There are many untrue myths regarding Windows registry keys and group policies.<br />
<br />
<h4>
1. "<span class="sbody-userinput">DisableUserTOSSetting</span>" </h4>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters<br />
<br />
Here is the official document regarding this key: <a href="https://support.microsoft.com/en-us/kb/248611">https://support.microsoft.com/en-us/kb/248611</a><br />
<br />
This key applies to Windows 2000, Windows XP, or Windows Server 2003. It enables the Winsock <b><span class="text-base">setsockopt</span></b> function (which is disabled by default).<br />
<br />
This registry is to provide backward compatibility with Windows NT 4.0 and Windows 9x. This registry is disabled by default because it bypasses GQOS (Generic QoS Implementation). GQOS is recommended by Microsoft on Windows 2000, Windows XP, or Windows Server 2003.<br />
<br />
Unless your packet generator is calling the <b>setsockopt</b> function, you don't need to set this registry key. For example, PingPlotter and Ostinato work without this key.<br />
<br />
Here's the history of QoS on Windows: <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ff459285%28v=vs.85%29.aspx">https://msdn.microsoft.com/en-us/library/windows/desktop/ff459285%28v=vs.85%29.aspx</a><br />
<br />
<h4>
2. "Do not use NLA"</h4>
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\QoS<br />
<br />
This key is relevant to Policy Based QoS only. If you use application QoS(which happens to be my goal) instead of Policy Based QoS, you don't need this key.<br />
<br />
Policy Based QoS is a set of rules that instruct Windows set specific DSCP markings or shape traffic based on IP address, protocol or application. If Policy Based QoS was configured, Windows overrides DSCP set by the application (you may changed this behavior by changing the "<a href="https://technet.microsoft.com/en-us/library/dd759108%28v=ws.11%29.aspx" target="_blank">Advanced QoS Settings</a>" under "Policy Based Qos").<br />
<br />
Here's the official explanation of this key: <a href="https://support.microsoft.com/en-us/kb/2733528">https://support.microsoft.com/en-us/kb/2733528</a><br />
Here's the document about Policy Based QoS: <a href="https://technet.microsoft.com/en-us/library/dd759093%28v=ws.11%29.aspx">https://technet.microsoft.com/en-us/library/dd759093%28v=ws.11%29.aspx</a><br />
<br />
<br />
<br />
<h2>
Conclusion</h2>
<br />
If your goal was to get packet generator on Windows 7 (or later) to set DSCP value on outgoing packets,<br />
<br />
1) Don't create any Policy Based QoS rules on Windows. Doing so will make Windows override the DSCP markings. Any DSCP set by application is in vain.<br />
<br />
2) Don't mess with the "Do not use NLA" key. That key is to enable not domain-joined PC to use Policy Based QoS.<br />
<br />
3) You may or may not need to set the "DisableUserTOSSetting" key, depending on the packet generator you use. However, I haven't found any packet generator relying on this key. They either not work regardless (such as iPerf) or work regardless (such as PingPlotter or Ostinato).Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com3tag:blogger.com,1999:blog-5691248957365391455.post-53770503004586490152015-11-08T19:06:00.001-08:002015-12-08T10:29:38.083-08:00Finally TACACS on ISE<br />
<div class="post-header">
</div>
Cisco has been persuading people migrate ACS to ISE. However one of the
hold-backs is ISE's lack of TACACS support. ISE 2.0 finally supports
TACACS. This article is to demonstrate a "barebone" configuration of
TACACS with ISE 2.0.<br />
<br />
One of the important features of TACACS is "per command authorization",
which means you can customize which commands users are allowed to
execute. For example, you'd like to allow HelpDesk users use most of
the "show" commands. So they can show interface status, show routing
table, etc. However, you don't want them be able to "show
running-config" as the configuration file contains sensitive information
(such as SNMP RW community string). This is the most popular use case
of TACACS. This article will show you how to do it with ISE 2.0.<br />
<br />
Before diving into configuration, let's review the AAA authorization flow chart.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGR0wYwaiAmiaUiT2OTyOO03SC7iQ-fya9kzhy86qn-SXplySqax_tyS2Zo1B6wGXx2I4yO1iF1LFhWg4F29R0_td76aQETSb-9N81vq8RioIBG5SdLHqQhRTLE9U0H2e6fhh8ir1FKqpp/s1600/AAA+Flow.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGR0wYwaiAmiaUiT2OTyOO03SC7iQ-fya9kzhy86qn-SXplySqax_tyS2Zo1B6wGXx2I4yO1iF1LFhWg4F29R0_td76aQETSb-9N81vq8RioIBG5SdLHqQhRTLE9U0H2e6fhh8ir1FKqpp/s1600/AAA+Flow.gif" /></a></div>
As seen from the flow chart above, "priv_level" takes precedence over
"User Profile"(in ISE it is called "Command Set"). Let say, if the
logged in user was put into priv_level 1, it doesn't matter if the
"Command Set" allows "show run" or not. Because "show run" is not
available in priv_level 1.<br />
<br />
In our example, we'll put the user in priv_level 15. Then we'll restrict the commands with "Command Set".<br />
<br />
<h2>
ISE Configuration</h2>
ISE configuration is as simple as 1, 2, 3 as shown below:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjilkJCYiR0s1tYexbGVcK0NNHFtRB1TYWbB5tM1r2wz0NEJYbFr2IWT020MBdpXKx6ySRjJTzHAHKYxCWjbvcfZtcMWug7uBlssI1zETnLMhNMZpMjT1Esn4Q82j8l5-6KvZAbu6jaglEe/s1600/Config+Flow.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjilkJCYiR0s1tYexbGVcK0NNHFtRB1TYWbB5tM1r2wz0NEJYbFr2IWT020MBdpXKx6ySRjJTzHAHKYxCWjbvcfZtcMWug7uBlssI1zETnLMhNMZpMjT1Esn4Q82j8l5-6KvZAbu6jaglEe/s400/Config+Flow.jpg" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div style="text-align: left;">
</div>
<h3>
1. Enable Device Admin Service</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ0kPhu_QykIueIQ0Nyzi-Z6eHb7Q7JIfAKBO62sWpTJVTjG5WkAyQ81-3t0oG_IiuTBSJLoMASg0l6JctOphtTSkvOI3fOTWaB_inpbUfVxYd8OMJBuX6VVVviVC_qhMLOBuru_9Quke6/s1600/1.+Enable+Device+Admin+Service.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ0kPhu_QykIueIQ0Nyzi-Z6eHb7Q7JIfAKBO62sWpTJVTjG5WkAyQ81-3t0oG_IiuTBSJLoMASg0l6JctOphtTSkvOI3fOTWaB_inpbUfVxYd8OMJBuX6VVVviVC_qhMLOBuru_9Quke6/s320/1.+Enable+Device+Admin+Service.jpg" width="320" /></a></div>
Go to "Administration > System > Deployment > <i>Your ISE node (server)</i>". Check the "Enable Device Admin Service" check box and Save.<br />
<br />
<h3>
2. Enable TACACS for Network Devices</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiESeEJyFgkC_v05nHGKXo78Jitb_3EMCN0r8p69AGlqYKWrQ9Uf_LEAJiUommL5PVZWtD_TitQFrPRJu80uZgdA3rLk7o93eu1lmxyVfjbPSpv4kTGNYcd2ZeFs7TVoI5Kj5V8iL9RBTK5/s1600/2.+Enable+TACACS+for+Default+Devices.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiESeEJyFgkC_v05nHGKXo78Jitb_3EMCN0r8p69AGlqYKWrQ9Uf_LEAJiUommL5PVZWtD_TitQFrPRJu80uZgdA3rLk7o93eu1lmxyVfjbPSpv4kTGNYcd2ZeFs7TVoI5Kj5V8iL9RBTK5/s320/2.+Enable+TACACS+for+Default+Devices.jpg" width="320" /></a></div>
Go to "Administration > Network Resource > Network Devices".
Please note that you may create specific network devices here so they
can have different settings. For simplicity, I choose "Default
Device". Check the "TACACS+ Authentication Settings" checkbox and enter
a "Shared Secret". You will configure the same "shared secret" phrase
in router config later on. (a.k.a. TACACS key)<br />
<br />
<h3>
3. Configure "Device Admin Policy Set"</h3>
"Device Admin Policy Set" is a set of rules to customize the user
access. Before you can configure "Device Admin Policy Set", you'll have
to configure the following first:<br />
<ul>
<li>Identity/Identity Group (user/user group)</li>
<li>TACACS Command Set</li>
<li>TACACS Profile</li>
</ul>
<h4>
3.1 Configure Identity/Identity Group</h4>
It is the best practice to put users into groups. Then assign permissions to groups.<br />
<br />
To create an identity group (user group), go to "Administration >
Identity Management > Groups > User Identity Groups". Click the
"Add" button to add a group called "HelpDesk_Group".<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiO5aCbsc2JYqGk2fhYvQSxZnLbOOtl5OA2VLIkptnHn2GbMGJXWpOAZC18MoSCA7T1_pEqQu4cJ-9iBn8VoFR9hbgASJgy3nZQRfZtgwozRDhyphenhyphenKi1l-oWfPzsPOjHAI9ELJ44iRvWreUY/s1600/Add+Identity+Group.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="119" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiO5aCbsc2JYqGk2fhYvQSxZnLbOOtl5OA2VLIkptnHn2GbMGJXWpOAZC18MoSCA7T1_pEqQu4cJ-9iBn8VoFR9hbgASJgy3nZQRfZtgwozRDhyphenhyphenKi1l-oWfPzsPOjHAI9ELJ44iRvWreUY/s320/Add+Identity+Group.jpg" width="320" /></a></div>
To create an identity (user), go to "Administration > Identity
Management > Identities > Users". Click the "Add" button to add
an identity (user) called "jdoe". Put the user into "HelpDesk_Group".<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTOfd4eHSeicRbAN8-uky7EtJ0a0w_M_6ptqbBcN2XiVb3T-yqtBVVbW5bYtVw0keR3H6uxuV5ajdtua2smSYz7gMc_IUrig8t77MxN0xD_uJyKXzlQC6bYkD0BQEr1oQs16hVjuv8CAme/s1600/Add+Identity.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTOfd4eHSeicRbAN8-uky7EtJ0a0w_M_6ptqbBcN2XiVb3T-yqtBVVbW5bYtVw0keR3H6uxuV5ajdtua2smSYz7gMc_IUrig8t77MxN0xD_uJyKXzlQC6bYkD0BQEr1oQs16hVjuv8CAme/s320/Add+Identity.jpg" width="320" /></a></div>
<br />
<h4>
3.2 Configure "Command Set"</h4>
"Command Set" define which command the user can or cannot execute.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_I7T_q_n2r5VUkhZW7Rhz_ocFbNu8agKdd7oGKWw0UjDNmA-w3v-1ngvMD8xMXDMhhK50SJN_5h9RaNMWBqVNLwzqL2WxCVD8lCThZxTtWYK1YzBTsasz8P9ro3DZxJNTy6jPInCnuW53/s1600/3.+CommandSet.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_I7T_q_n2r5VUkhZW7Rhz_ocFbNu8agKdd7oGKWw0UjDNmA-w3v-1ngvMD8xMXDMhhK50SJN_5h9RaNMWBqVNLwzqL2WxCVD8lCThZxTtWYK1YzBTsasz8P9ro3DZxJNTy6jPInCnuW53/s320/3.+CommandSet.jpg" width="320" /></a></div>
Go to "Work Centers > Policy Results > TACACS Command Sets". Add a
new command set called "HelpDesk_CommandSet". As show in the picture
above, we'll add three command rules:<br />
1) PERMIT, show, .*<br />
This rule allow all the commands begin with "show", such as "show interface", "show ip route", etc.<br />
However, we don't want the HelpDesk users to be able to see the full
configuration (either running-config or startup-config"). Thus we'll
have to exclude the "show running-config" and "show startup-config"
commands.<br />
2) DENY_ALWAYS, show, running-config<br />
3) DENY_ALWAYS, show, startup-config<br />
Rule #2 and #3 above exclude the corresponding commands.<br />
You might wonder what's the difference between "DENY" and
"DENY_ALWAYS". ISE examines the rules from top to bottom. Once it
found a matching rule, it'll stop examining the remaining rules. Thus
the order of the rules is very important. "DENY_ALWAYS" rules are
always examined first regardless of their position on the list. This is
to make sure the ones you want to deny will definitely be denied. Of
course, you may use "DENY" instead. Just to make sure the DENY rules
are on top of the PERMIT rules.<br />
<br />
<h4>
3.3 Configure TACACS Profile</h4>
Go to "Work Centers > Policy Results > TACACS Profiles". Add a
new profile called "HelpDesk_Profile". Set the default priviledge and
maximum privilege to 15.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLHuR8b8-w-mmSFn09YcaiPXbtDRvGOx1NEChipWUxPFeAJvUttRkFVBK1c2_gpMDWMr7oCipAlPQZpqiWiO30l8BgZu-RQTX09w__Q9L8xciEco-epf8BeN2H0UDKLdY4wif1TA8ZpZfw/s1600/4.+Profile.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLHuR8b8-w-mmSFn09YcaiPXbtDRvGOx1NEChipWUxPFeAJvUttRkFVBK1c2_gpMDWMr7oCipAlPQZpqiWiO30l8BgZu-RQTX09w__Q9L8xciEco-epf8BeN2H0UDKLdY4wif1TA8ZpZfw/s320/4.+Profile.jpg" width="320" /></a></div>
Depending on the use case, you may set different privilege levels. But
in our example, we want to control the access with Command Set instead
of Privilege Level. That's why we set the privilege level to 15
(highest).<br />
<h4>
3.4 Configure Device Admin Policy Set</h4>
Now with all prerequisite ready, go to "Work Centers > Device
Administration > Device Admin Policy Sets". Click "Add" button to
add a policy set called "IOS" above the "Default" policy set.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBL5Ad2ZP80O_xq52Kc2nBMW32hEWgnouo1Xq1zgDe1adjrBOKUfdwNLHzrBq95jpVkw055ThTrCDLxsgdVQIGHC-xTl17reY1nrxK1UCbv7UERfnrI7TPnKLC7dfuzQtZF2KH1eLnVxGU/s1600/5.+Device+Admin+Policy+Set.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBL5Ad2ZP80O_xq52Kc2nBMW32hEWgnouo1Xq1zgDe1adjrBOKUfdwNLHzrBq95jpVkw055ThTrCDLxsgdVQIGHC-xTl17reY1nrxK1UCbv7UERfnrI7TPnKLC7dfuzQtZF2KH1eLnVxGU/s320/5.+Device+Admin+Policy+Set.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib0GTeP1wjV_2toCBUJoIfWRWGhyphenhyphenzPa_NCnFlYRjnjy-F-ZRC26HV63CjN5m1-vKzio2unHRKEXdnCsq271RQz-EcCBrBchLTLvpaEFQFzEUp8kxaq7KHCAW3iYAHSN0N-MgYrSNnn6FhE/s1600/5.+Device+Admin+Policy+Set.jpg" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
Three attributes need to be configured:<br />
1) Name<br />
2) Condition - in our example, condition doesn't matter but it cannot be
blank. Thus we add a condition "Device Type=All", which is a "always
true" condition.<br />
3) Authorization Rule - in our example, we want to control what the user
can do. This is called "per command authorization". The rule says:<br />
IF the logged in user is within "HelpDesk_Group" do the following:<br />
A) Apply shell profile "HelpDesk_Profile" (in our example, the whole purpose of the profile is to set priv_level to 15).<br />
B) For each command user entered, check against "HelpDesk_CommandSet" to permit or deny.<br />
<br />
<br />
<h2>
IOS Configuration</h2>
<blockquote class="tr_bq">
<span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace;">! -- Have to enter this first, otherwise some commands are not available<br />aaa new-model</span></span></span></span> </blockquote>
<blockquote class="tr_bq">
<span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-size: xx-small;"><span style="font-family: "courier new" , "courier" , monospace;"></span></span>! -- Define TACACS server<br />tacacs server ISE<br /> address ipv4 192.168.21.10<br /> key Cisco123<br />!<br />! -- Define TACACS server group 'ISE_GROUP'<br />aaa group server tacacs+ ISE_GROUP<br /> server name ISE<br />!<br />! -- Define a local user in case TACACS is not available<br />username cisco privilege 15 password 0 cisco<br />! -- Default method is no authentication or authorization <br />aaa authentication login default none<br />aaa authorization exec default none<br />!<br />! -- Define method 'ABC' for authentication and authorization<br />aaa authentication login ABC group ISE_GROUP local<br />aaa authorization exec ABC group ISE_GROUP local <br />aaa authorization commands 15 ABC group ISE_GROUP local<br />aaa authorization config-commands<br />!<br />! -- Use method ABC on VTY authentication and authorization<br /><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: "courier new" , "courier" , monospace;">line vty 0 4<br /> login authentication ABC<br /> authorization exec ABC<br /> authorization commands 15 ABC<br /> transport input all</span></span></span></span></blockquote>
<h2>
Test</h2>
Telnet to the router. Log in with user 'jdoe'. Try some commands. We
see that the user can run all the show commands except for "show run"
and "show start". The user cannot run any other commands (such as "conf
t").<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF3-I34lip3_vdM55bnbhSG5u3vGbj9AJBRUFWBZNVMcwtDUELcXenXjpv1seazukRHwKdWGDVv5o3GqLykOJQR5f7bsCjtgTO_E0iSwCCzWgKCO8MusMVe12q04ydX0Mj06M4OyjtQM7d/s1600/telnet+test.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF3-I34lip3_vdM55bnbhSG5u3vGbj9AJBRUFWBZNVMcwtDUELcXenXjpv1seazukRHwKdWGDVv5o3GqLykOJQR5f7bsCjtgTO_E0iSwCCzWgKCO8MusMVe12q04ydX0Mj06M4OyjtQM7d/s320/telnet+test.jpg" width="320" /></a></div>
<h2>
Troubleshooting</h2>
On ISE there is a "Operation > TACACS Livelog" screen. We may see realtime authentication and authorization events.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEEvleJHwdFrjx4f6Ik4gPdabr1RMy-ywNNWH4f4d0G6llJGDKlaOCqeREwWHyqls3lahs_RdGwOVhNeKzzsf5Pnys7Vms9QhsIKGUBrkayYYlJ3YRUD5eDRLDKXQJMfhFH7WPldTs8efn/s1600/LiveLog.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEEvleJHwdFrjx4f6Ik4gPdabr1RMy-ywNNWH4f4d0G6llJGDKlaOCqeREwWHyqls3lahs_RdGwOVhNeKzzsf5Pnys7Vms9QhsIKGUBrkayYYlJ3YRUD5eDRLDKXQJMfhFH7WPldTs8efn/s400/LiveLog.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Click on the "Details" icon to view detailed TACACS authorization report.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikMLh6yaqjD_sDjVFwGjF4AFpmyh3Z4uefVXUC6kC_mRAt1ukaeABu6ovJqazU0_SrwfZ6RzopFp20w27_4wLOXmOSlTl6Ja1n2lewFbMDU_AI9v3pAEXdGe2qni5G7_wCoqvXR3UDtxGS/s1600/Authorization_Failed.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikMLh6yaqjD_sDjVFwGjF4AFpmyh3Z4uefVXUC6kC_mRAt1ukaeABu6ovJqazU0_SrwfZ6RzopFp20w27_4wLOXmOSlTl6Ja1n2lewFbMDU_AI9v3pAEXdGe2qni5G7_wCoqvXR3UDtxGS/s320/Authorization_Failed.jpg" width="320" /></a></div>
<br />
<br />
<h2>
Another Example of Command Set</h2>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrNmJJmn08yRnUuZOjYfKKuTE-QC8PQGEOhmt7_TTBMcagQQLiz4r3Wioc6BFgmlf2a6dUmktE7s1U-ABjKukxu9CenSrTf6SFXM5OTe6vcuTuD4K-fNQymTBwcu9LlofERu6sdezybAOD/s1600/CommandSet2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrNmJJmn08yRnUuZOjYfKKuTE-QC8PQGEOhmt7_TTBMcagQQLiz4r3Wioc6BFgmlf2a6dUmktE7s1U-ABjKukxu9CenSrTf6SFXM5OTe6vcuTuD4K-fNQymTBwcu9LlofERu6sdezybAOD/s320/CommandSet2.jpg" width="320" /></a></div>
The above command set will do the following:<br />
1) Allow all "show" commands except for "show running-config" and "show startup-config" (to view the full configuration file)<br />
2) However, it allows "show running-config interface" to view the configuration of a specific interface.<br />
3) Allow "clear counters" command.<br />
<br />
Please note the order of the rules. With the same command, more
specific arguments should be on the top. Less specific arguments should
be at the bottom.Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-81414566109776444372015-06-18T20:35:00.000-07:002015-06-18T20:40:38.387-07:00Cisco IOS AAA Configuration with ISEI was trying to set up a POC (Proof Of Concept) lab to use Cisco ISE as AAA server.<br />
<br />
IMHO, a good configuration example should meet the following:<br />
<br />
1) Minimal<br />
No one wants to read a 300-line example. A minimal configuration is easy to understand. If needed, we may add features on top of the minimal configuration.<br />
<br />
2) Typical<br />
The example should represent the most popular use case.<br />
<br />
3) No Ambiguity<br />
Though not affecting functionality, names should be picked carefully to avoid any potential confusion for readers (especially beginners).<br />
<br />
My goal was to set up AAA on a Cisco router with Cisco ISE for IOS CLI. Based on the username, IOS privilege level 7 or level 15 will be assigned after login.<br />
<br />
This is a typical use case as RBAC (Role Based Access Control) is widely used. Users with privilege 7 can run most of the "show" commands but not the "conf t" command. Users with privilege 15 can run all commands.<br />
<br />
I have ISE 1.4 and UNL 0.9.0-40 running on VMware Workstation. The topology is like below:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnkpn8zWJ1p0-o8Z1JTVI4aiOx_c6k-ceo2LiMulNXPJFvTFuSjUry7CaocXqHVKfnbYS4mOZ8Rt_mWn1SbwLmr-dOQFV57uhDTqlzyD0g8F_4vLp3AJFcYRiBRgn-8ytU_zILzai2LnN4/s1600/UNL.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnkpn8zWJ1p0-o8Z1JTVI4aiOx_c6k-ceo2LiMulNXPJFvTFuSjUry7CaocXqHVKfnbYS4mOZ8Rt_mWn1SbwLmr-dOQFV57uhDTqlzyD0g8F_4vLp3AJFcYRiBRgn-8ytU_zILzai2LnN4/s320/UNL.jpg" width="320" /></a></div>
ISE IP = 192.168.21.131<br />
Router IP = 192.168.21.201<br />
<br />
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>ZH-CN</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<br />
<h1>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--></h1>
<h1>
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>ZH-CN</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
</h1>
<h1>
<span style="font-size: large;">Router configuration:</span></h1>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- encrypt passwords in config file</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">service password-encryption</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- fallback user account in the event of
RADIUS failing</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">username admin password cisco</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">enable password cisco</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- define RADIUS server</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">radius server <b style="mso-bidi-font-weight: normal;">RADIUS-ISE</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>address
ipv4 192.168.21.131</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>key <span style="background: yellow; mso-highlight: yellow;">secret123</span><span style="color: black; mso-themecolor: text1;"></span></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- create AAA server group</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa group server radius <b style="mso-bidi-font-weight: normal;">RADIUS-ISE-GROUP</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>server
name <b style="mso-bidi-font-weight: normal;">RADIUS-ISE</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- creaate new AAA model</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa new-model</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- Configure the default login method to
'none' (no authentication)</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- This method applies to the console by
default </span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa authentication login default none</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa authorization exec default none</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- Configure Authentication and Authorization methods for VTY lines</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa authentication login <b style="mso-bidi-font-weight: normal;">VTY_authen</b> group <b style="mso-bidi-font-weight: normal;">RADIUS-ISE-GROUP</b>
local</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa authorization exec <b style="mso-bidi-font-weight: normal;">VTY_author</b> group <b style="mso-bidi-font-weight: normal;">RADIUS-ISE-GROUP</b>
local</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- Configure default Accounting method, which applies to both console and VTY lines</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">aaa accounting exec default start-stop group <b style="mso-bidi-font-weight: normal;">RADIUS-ISE-GROUP</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">!</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">! -- Apply </span><span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="font-family: "Courier New"; font-size: 9.0pt;">Authentication and Authorization methods to VTY lines</span> </span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;">line vty 0 4</span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>authorization exec <b style="mso-bidi-font-weight: normal;">VTY_author</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>login
authentication <b style="mso-bidi-font-weight: normal;">VTY_authen</b></span></div>
<div class="MsoNoSpacing" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0in;">
<span style="font-family: "Courier New"; font-size: 9.0pt;"><span style="mso-spacerun: yes;"> </span>transport
input all</span></div>
</div>
<br />
<br />
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<br />
<h1>
<span style="font-size: large;">ISE configuration:</span></h1>
<div class="MsoNoSpacing">
<br /></div>
<h2 style="margin-left: 0.5in; text-indent: -0.25in;">
<span style="font-size: small;">1.<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-language-override: normal; font-size-adjust: none; font-stretch: normal; font-style: normal; font-synthesis: weight style; font-variant: normal; font-weight: normal; line-height: normal;">
</span>Administration > Network Resources >
Network Devices > Default Device</span></h2>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
For simplicity, we use “Default Device” here.<span style="mso-spacerun: yes;"> </span>You may create device group to have more
granular control.</div>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
Enable “Default Network Device Status”.</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
</div>
Enter “secret123” into “Shared Secret” field.</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<span style="mso-no-proof: yes;"></span></div>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy-3kYXZ06dvweqAbV1qupHnlWIx6oEJi0aB_qCcUIHnJQahf-t3G1oVrMQ-GL1pxbylwRHMjWJTRO849xf_iUoNHkOX05C_DVS1v4TmPdai8fQdIcYfisCc_wTBFCszO45uTfJkC2O6gb/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy-3kYXZ06dvweqAbV1qupHnlWIx6oEJi0aB_qCcUIHnJQahf-t3G1oVrMQ-GL1pxbylwRHMjWJTRO849xf_iUoNHkOX05C_DVS1v4TmPdai8fQdIcYfisCc_wTBFCszO45uTfJkC2O6gb/s640/1.png" width="640" /></a></div>
<a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a><br /></div>
<h2 style="margin-left: 0.5in; text-indent: -0.25in;">
<span style="font-size: small;">2.<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-language-override: normal; font-size-adjust: none; font-stretch: normal; font-style: normal; font-synthesis: weight style; font-variant: normal; font-weight: normal; line-height: normal;">
</span>Policy > Policy Elements - Results >
Authorization > Authorization Profiles</span></h2>
<div class="MsoNoSpacing">
Create two authorization profiles:</div>
<ul>
<li><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";"></span></span></span>Shell_priv_15</li>
<li>Shell_priv_7</li>
</ul>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
Attribute settings for profile “Shell_priv_15”:</div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Cisco:cisco-av-pair</div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Shell:priv-lvl=15</div>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Radius:Service-Type</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Login</div>
</td>
</tr>
</tbody></table>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
Attribute settings for profile “Shell_priv_7”:</div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Cisco:cisco-av-pair</div>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Shell:priv-lvl=7</div>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Radius:Service-Type</div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top"><div class="MsoNoSpacing">
Login</div>
</td>
</tr>
</tbody></table>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5jFzHNhkA296Zbh5pI-Ilc7x0aDRbf9mkiNjVEKpcIW2qU3ZYI-qvOKZZ44y4DzcI05Fxj63bjZEqdIBU25LyEYh_sZtFocE3arH0wYGaZsjfpktMpxA-53fipkTsUj25eKnwcKlatHET/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="468" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5jFzHNhkA296Zbh5pI-Ilc7x0aDRbf9mkiNjVEKpcIW2qU3ZYI-qvOKZZ44y4DzcI05Fxj63bjZEqdIBU25LyEYh_sZtFocE3arH0wYGaZsjfpktMpxA-53fipkTsUj25eKnwcKlatHET/s640/2.png" width="640" /></a></div>
<br /></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<br /></div>
<h2 style="margin-left: 0.5in; text-indent: -0.25in;">
<span style="font-size: small;">3.<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-language-override: normal; font-size-adjust: none; font-stretch: normal; font-style: normal; font-synthesis: weight style; font-variant: normal; font-weight: normal; line-height: normal;">
</span>Administration > Identity Management >
Groups</span></h2>
<div class="MsoNoSpacing">
Create two User Identify groups:</div>
<ul>
<li>CLI-users-15</li>
<li>CLI-users-7</li>
</ul>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLQlFO-CawcP26haqpCLSbLn51wHUHpT9byRmJXnNrGxf6mjKg9r5hqicBC0u9Mwo8ANhKlQfQojTMm5tL30eDQq3Xu6KWuyHJq3sWYQUbJxeuwGkXFRcHZo2HZOBb-2NMpxBrbHZXMnS5/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLQlFO-CawcP26haqpCLSbLn51wHUHpT9byRmJXnNrGxf6mjKg9r5hqicBC0u9Mwo8ANhKlQfQojTMm5tL30eDQq3Xu6KWuyHJq3sWYQUbJxeuwGkXFRcHZo2HZOBb-2NMpxBrbHZXMnS5/s640/3.png" width="640" /></a></div>
<span style="mso-no-proof: yes;"><br /></span></div>
<div class="MsoNoSpacing">
</div>
<h2 style="margin-left: 0.5in; text-indent: -0.25in;">
<span style="font-size: small;">4.<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-language-override: normal; font-size-adjust: none; font-stretch: normal; font-style: normal; font-synthesis: weight style; font-variant: normal; font-weight: normal; line-height: normal;">
</span>Administration > Identity Management -
Identities > Users</span></h2>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
Create users and put into desired group</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkKanXcMBfGlNjLhzU9jYntsIFJSQLQukAblxIsjjTQ1cmaBWvDVnjVNP8XQoBj0rZdR5Y0rTbvuOJSV2OoMLcHgZx5eJRBBc31OTtBS_tc8pILAr6qaGFI76QwoporPKijlXaw8Y3MGZx/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkKanXcMBfGlNjLhzU9jYntsIFJSQLQukAblxIsjjTQ1cmaBWvDVnjVNP8XQoBj0rZdR5Y0rTbvuOJSV2OoMLcHgZx5eJRBBc31OTtBS_tc8pILAr6qaGFI76QwoporPKijlXaw8Y3MGZx/s640/4.png" width="640" /></a></div>
<span style="mso-no-proof: yes;"><br /></span></div>
<div class="MsoNoSpacing">
</div>
<h2 style="margin-left: 0.5in; text-indent: -0.25in;">
<span style="font-size: small;">5.<span style="font-family: "Times New Roman"; font-feature-settings: normal; font-kerning: auto; font-language-override: normal; font-size-adjust: none; font-stretch: normal; font-style: normal; font-synthesis: weight style; font-variant: normal; font-weight: normal; line-height: normal;">
</span>Policy > Authorization</span></h2>
<div class="MsoNoSpacing">
Create two authorization policies on the top:</div>
<ul>
<li><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";"></span></span></span>CLI-access-15</li>
<li><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";"></span></span></span>CLI-access-7</li>
</ul>
<div class="MsoNoSpacing">
<a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://www.blogger.com/blogger.g?blogID=5691248957365391455" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br /></div>
<div class="MsoNoSpacing">
Associate corresponding user group to “Conditions”
column.</div>
<div class="MsoNoSpacing">
Associate corresponding authorization (standard) profile
to “Permissions” column.</div>
<div class="MsoNoSpacing">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5l9WZFQ3YV394c-0fMa4_xKdYk85a4iCUA66dmlemnLBIAPR4U0ekXLAXT7cD-7RxaiMFUYddxJaGaQfCTRZr41k2YA5WsoxWTxQlBD-GMuG5wWwSgwR-Mi_G2tpbs5jKqXQRxYzb2O1L/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="336" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5l9WZFQ3YV394c-0fMa4_xKdYk85a4iCUA66dmlemnLBIAPR4U0ekXLAXT7cD-7RxaiMFUYddxJaGaQfCTRZr41k2YA5WsoxWTxQlBD-GMuG5wWwSgwR-Mi_G2tpbs5jKqXQRxYzb2O1L/s640/5.png" width="640" /></a></div>
<br /></div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
<br /></div>
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>ZH-CN</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
table.MsoTableGrid
{mso-style-name:"Table Grid";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-priority:59;
mso-style-unhide:no;
border:solid windowtext 1.0pt;
mso-border-alt:solid windowtext .5pt;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-border-insideh:.5pt solid windowtext;
mso-border-insidev:.5pt solid windowtext;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]--><br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-75192009341976480832015-05-25T10:04:00.000-07:002015-05-25T10:17:32.204-07:00New book - Deploying Cisco Unified Contact Center ExpressBack in 2006 I was a Cisco TAC engineer supporting Contact Center Express (a.k.a. IPCC Express, CRA, CRS, IPIVR, now known as CCX). Information is so scarce that even TAC engineers joked it was "tribal knowledge".<br />
<br />
To make things more interesting (instead of saying "worse"), CCX components were developed by different companies - CCX Engine was developed by Cisco while Desktop Suite was developed by Spanlink (now Calabrio).<br />
<br />
Cisco's documentation is "menu driven" instead of "task driven". i.e. the documentation explains what each menu does but doesn't tell you what menus you need to navigate to achieve a specific goal.<br />
<br />
Training partner classes are more focusing on scripting other than system integration.<br />
<br />
Since then I was hoping to write a book on CCX. Not a "CCX For Dummies" but a book for engineers. For engineers that are smart enough to grasp any new products or technologies with a lab and a good book.<br />
<br />
Different people have different definitions of "good book". My definition is:<br />
<br />
1) KISS - Keep It Simple Stupid.<br />
2) Tell me something new - Something that the manufacturer manual didn't tell me.<br />
<br />
I've been procrastinating due to work and family. Now it's 2015. I finally had the chance to finish something I wanted to do nine years ago. For the time being, the book is only available from LuLu.com (<a href="http://www.lulu.com/shop/michael-houtong-luo/deploying-cisco-unified-contact-center-express/paperback/product-22186750.html">http://www.lulu.com/shop/michael-houtong-luo/deploying-cisco-unified-contact-center-express/paperback/product-22186750.html</a>). It will be available on other retailers (such as Amazon, Barnes & Noble, etc.) later on. Table of content can be viewed from <a href="https://drive.google.com/file/d/0B3-smhv9GiaEZ013bEdsVEl6dDA/view?usp=sharing" target="_blank">here</a>.<br />
<br />
Same as my other book "Deploying Cisco Unified Presence", I did this with limited time and resource. I'm pretty sure there will be typos and mistakes in the book. I'd appreciate it if you can send me your feedback and suggestions to <a href="mailto:houtong@gmail.com">houtong@gmail.com</a>.<br />
<br />
By the way, I'm setting up a charitable foundation (Luo's Foundation) to support students from low-income families. All proceeds from this book will go to the foundation. I will publish the details when the foundation is fully set up.<br />
<br />
Thank you very much for your support.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.lulu.com/shop/michael-houtong-luo/deploying-cisco-unified-contact-center-express/paperback/product-22186750.html" target="_blank"><img alt="http://www.lulu.com/shop/michael-houtong-luo/deploying-cisco-unified-contact-center-express/paperback/product-22186750.html" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5oWAYoK191eZHbsxvKNtD9u-7ZiDGv5ObxDggvoi0Lj35c0TDb_a_NxebMvv1jlm6_ppBtYE92bndKJwIJLnCd9ixb0-TFfiTeITk_b_FvNu0GMIyUW5UPDiyN_WnUyGT8U-hnTYwE5V0/s1600/uccx.jpg" /></a></div>
<br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com10tag:blogger.com,1999:blog-5691248957365391455.post-62084225617511614262015-05-05T07:54:00.001-07:002015-05-05T07:57:22.286-07:00ESXi 6.0 on HP DL380 G5Just upgraded ESXi from 5.5 to 6.0 on my HP DL380 G5 with the "HP Custom Image". Thought it'd work better than the "vanilla" (generic) image.<br />
<br />
The install went well. But from time to time, it kept giving me the purple screen (system crash), usually 10 - 20 minutes after the VMs boot up.<br />
<br />
A search led me to the URL <a href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2085921">http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2085921</a><br />
<br />
But it didn't fix my problem.<br />
<br />
Finally, I decided to "upgrade" with a generic image - overwrite the HP custom version with a generic version.<br />
<br />
The installer gave me warning on the RAID controller. P400 controller was "not supported" by 6.0 any more. I ignored and continue. The install completed successfully.<br />
<br />
Now I'm living happily ever after. :)Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-65698657623925673822015-04-04T15:27:00.001-07:002015-04-04T15:27:52.161-07:00IOU, GNS3, Cisco VIRL/CMLGNS3 is a well known network emulator software. Many people compare it with IOU, which is not quite an apple-to-apple compare.<br />
<br />
GNS3 is actually a front end add-on to DynamIP - which is the real emulator. I'm not going to compare DynamIP and IOU here as this has been done many times. You may search Internet for those articles.<br />
<br />
DynamIP and IOU requires quite some command line effort to get them running. Thus some "front end" add-ons were built to make them easier to use. GNS3 is the most popular front end of DynamIP. On IOU side, it's probably IOU Web. These add-ons allow you crate network topologies, save/restore configurations, etc.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYA1wDnkx1F3JMQSGjXEe4-p815Du8Bs2mwpJ1W2T35TU5_cImlckUpVCgCESFRxA0ZBrL9QsNEtpMVxDSoJ7Imkpc9wtD3A-J8KLTjAO-GHNmC1Z6Fm9PpD1HDubt75CcnnNa2cL-Q8mL/s1600/FrontEnd.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYA1wDnkx1F3JMQSGjXEe4-p815Du8Bs2mwpJ1W2T35TU5_cImlckUpVCgCESFRxA0ZBrL9QsNEtpMVxDSoJ7Imkpc9wtD3A-J8KLTjAO-GHNmC1Z6Fm9PpD1HDubt75CcnnNa2cL-Q8mL/s1600/FrontEnd.jpg" height="176" width="320" /></a></div>
<br />
<br />
From easy-of-use perspective, GNS3 is no doubt a winner. You may drag-and-drop routers/switches in GNS3. However, I prefer IOU because it uses much less resource (CPU/memory) and I'm not afraid of writing up the NETMAP file.<br />
<br />
IOU Web doesn't have drag-and-drop. But it has quite a few neat features. For example, you may use any existing network diagram and map the elements on it to any virtual devices. It also has a very powerful configuration/lab management interface.<br />
<br />
Things become interesting now when GNS3 can act as IOU front-end.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbcob_4ljmlkqGLQdn7E4hIcisMivjrZ3olIjl1YD7X3GIp6t1biwdlLlGEWD2TEjoydAGhgGXLggWWz0hsvw0b3mdxrjbStfDztwKhiM-Hx7mCMFOJawn6lpz3RYw6b-yulLd8zQvgWcO/s1600/FrontEnd2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbcob_4ljmlkqGLQdn7E4hIcisMivjrZ3olIjl1YD7X3GIp6t1biwdlLlGEWD2TEjoydAGhgGXLggWWz0hsvw0b3mdxrjbStfDztwKhiM-Hx7mCMFOJawn6lpz3RYw6b-yulLd8zQvgWcO/s1600/FrontEnd2.jpg" height="176" width="320" /></a></div>
<br />
I tested GNS3 version 1.3 with IOU back end and it works pretty well. I think here's how I would choose between GNS3 and IOU Web:<br />
<br />
If I need to create a lab in a very short time (say 20 routers in 15 minutes), I'd use GNS3. Otherwise I'd probably use IOU Web as it gives me more flexibility on documentation and network drawings. Also, as a "minimalist", IOU Web doesn't require any front end software (as it has a http server built-in and uses web interface).<br />
<br />
How about Cisco VIRL/CML?<br />
<br />
Sigh... when I first heard about the idea two years ago, I was so excited. Finally, an official / vendor-supported network emulator! With the progress lagging on, we're getting more and more frustrated and disappointed.<br />
<br />
Yes, Cisco VIRL/CML does have some unique features such as auto-generated configuration, TAC support, etc. But aren't those features more "novice facing"? The most disappointing part was - Cisco didn't (and has no plan) to invest more on the L2 features.<br />
<br />
I had a conversation with the CML product manager lately. He admitted that the NX-OS feature on CML was "70% done" because quite a few developers in the Nexus team were laid off. Thus the most interested features such as VDC, VPC are not available on CML. I asked if there's ANY possibility that Cisco continues the development and complete the rest 30% in the future, his answer was a very definite "No". Then I asked him what's the selling point of CML? He just kept repeating "more than 15 nodes" and "TAC supported".<br />
<br />
VIRL (personal edition) is selling for $200. CML (enterprise edition)'s price structure is unknown. But price is not the point here. Even if they are free, what's the advantage they have over GNS3 and IOU? Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com1tag:blogger.com,1999:blog-5691248957365391455.post-45997212646812830632014-10-24T15:04:00.003-07:002014-10-27T07:40:32.477-07:00ESXi 5.5 support for CSR 10.5I've been testing CSR 10.5 (UCM 10.5, UCCX 10.5) on ESXi 5.5 U2.<br />
<br />
I kept running into problems I've never seen before, such as the lovely VMware "pink screen" (Pink Screen Of Dead). Consistent high CPU usage on UCM and UCCX, etc.<br />
<br />
I couldn't find the pattern of "pink screen". But it happens quite a couple time, which I've never seen in the past 8 years with Cisco UC on VMware.<br />
<br />
The other issue is high CPU on UCM and UCCX. The CPU usage was consistently at 99% that I couldn't even log into CLI.<br />
<br />
Just FYI that that server is a HP DL380 G5 with 32G of RAM and 8x146G SAS drives (a.k.a. Cisco MCS-7845-H2). <br />
<br />
Did some research online. The culprit seems to be the Cisco OVA file. Somehow the OVA works fine on ESXi 5.0 but not ESXi 5.5. The solution is NOT to use the OVA. Instead of importing the OVA, I manually created the virtual machine with the specification in OVA.<br />
<br />
CUCM:<br />
1 CPU 1 Core<br />
4G RAM<br />
80G HDD<br />
LSI Logic Parallel<br />
VMXNET 3 NIC<br />
<br />
UCCX:<br />
1 CPU 2 Core<br />
8G RAM<br />
146G HDD<br />
LSI Logic Parallel<br />
VMXNET 3 NIC<br />
<br />
Things seem to be much better now. CPU is around 10%. Maybe it's just me. But if you're running into the same issue, it's worth trying. You don't have to reinstall the VM. Just create a VM from scratch (without using OVA). Then point the hard drive to the existing VM.<br />
<br />
This is CPU utilization with fresh created OVA. After the system "warmed up" (about 30 minutes), utilization drops from 99% to 10%.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZB42_4DwdHSmKXleL3Pf7FmcEjHR8BZspDtPy0hdeGem7lF1MqapCIY43QUrEZbmjADn8EYoVphpWzVuonGfbC3Kz1q6jm22IQTXhWi65Y16OkdMT9qUOGEl9QlwRDE1DuREnspuXaLJj/s1600/uccx.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZB42_4DwdHSmKXleL3Pf7FmcEjHR8BZspDtPy0hdeGem7lF1MqapCIY43QUrEZbmjADn8EYoVphpWzVuonGfbC3Kz1q6jm22IQTXhWi65Y16OkdMT9qUOGEl9QlwRDE1DuREnspuXaLJj/s1600/uccx.jpg" height="147" width="400" /></a></div>
<br />
<br />
Some reference links:<br />
<a href="http://ciscocollab.wordpress.com/2014/01/28/esxi-5-5-support-latest-information/">http://ciscocollab.wordpress.com/2014/01/28/esxi-5-5-support-latest-information/</a><br />
<br />
<a href="http://docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment">http://docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment</a><br />
<br />
<a href="https://communities.vmware.com/thread/459962">https://communities.vmware.com/thread/459962</a><br />
<br />
<br />
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-57527859674710478782014-09-30T06:13:00.001-07:002014-09-30T06:48:46.710-07:00"Cloud" device in IOU WebI've been using IOU Web for network emulation.<br />
<br />
"Cloud" device is the bridge between internal devices (such as routers within IOU) and external devices (such as PCs, a real/virtual router outside of IOU, etc.).<br />
<br />
I'm not going to get into the details of how to set up VMware network or IOU. There are plenty of documents online about that.<br />
<br />
What I'm going to share is the solution to a weird problem.<br />
<br />
I wanted to build a simple lab as shown below. Two LAN segments are connected via two routers back-to-back.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq3fOqEYWIjhdq6RE9TcTkgSsBdrgyF3AZcqSmeQV5j5zde-sNUsYw8B_YW6wT-cgLmLKkYdiZOGP1Q5GH1huCtjZRv7CzZqKc1RLu48rb2Anb14_qFWu3iUCA7OnS1FqM2MtBb5n1emCH/s1600/Topo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq3fOqEYWIjhdq6RE9TcTkgSsBdrgyF3AZcqSmeQV5j5zde-sNUsYw8B_YW6wT-cgLmLKkYdiZOGP1Q5GH1huCtjZRv7CzZqKc1RLu48rb2Anb14_qFWu3iUCA7OnS1FqM2MtBb5n1emCH/s1600/Topo.png" height="105" width="400" /></a></div>
<br />
NETMAP file and device config as below.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijSZbtg2G5X3aahRgdXpAhwv-fO2SE6S8NOxB0P0gX0AStJugJH77KLeCSet6raTQ72GF5_gKxJjgNWiZCwnm1zyHzEmfuyVYGye59P2wrG5QPBskQJqS9r5tdguU4ABT2mew4wadnOV_V/s1600/Netmap1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijSZbtg2G5X3aahRgdXpAhwv-fO2SE6S8NOxB0P0gX0AStJugJH77KLeCSet6raTQ72GF5_gKxJjgNWiZCwnm1zyHzEmfuyVYGye59P2wrG5QPBskQJqS9r5tdguU4ABT2mew4wadnOV_V/s1600/Netmap1.png" height="117" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjQ4n5GeENYa0bAFo2CJ7KtxuxzBU42B6dbB1oW6xABarZo3QDobk5Cn3vJky7FYC2HCwvi_x5K8VsubceJjyFByikhfAlL12BJoghGgS2PBScYepMBpeVOdHL6XJD-GKzZX1mFb98uTuO/s1600/DeviceConfig.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjQ4n5GeENYa0bAFo2CJ7KtxuxzBU42B6dbB1oW6xABarZo3QDobk5Cn3vJky7FYC2HCwvi_x5K8VsubceJjyFByikhfAlL12BJoghGgS2PBScYepMBpeVOdHL6XJD-GKzZX1mFb98uTuO/s1600/DeviceConfig.png" height="161" width="640" /></a></div>
<br />
Pretty straight forward, right? But the problem is - I cannot turn on device 1 (LAN1). Notice that device "LAN1" stays in red below which means it's off.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiB-yc9sxc3TgZ0rWSzDCIjDVEVy2fGRA2qC4K8i6oLQL7LlO-0YggGjcz7EvN7BEZ5Jd7fhz84EtSm3opWVYsWKyQgMxA6RaTiOV1x0LZSf4CwTkzXeHqn3RLWQoRKcO27PGyc1banlm7r/s1600/List1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiB-yc9sxc3TgZ0rWSzDCIjDVEVy2fGRA2qC4K8i6oLQL7LlO-0YggGjcz7EvN7BEZ5Jd7fhz84EtSm3opWVYsWKyQgMxA6RaTiOV1x0LZSf4CwTkzXeHqn3RLWQoRKcO27PGyc1banlm7r/s1600/List1.png" height="154" width="640" /></a></div>
<br />
I scratched my head for quite a while. Tried to tweak the parameters, device ID, naming, IOU host, VMware Network Editor. No avail.<br />
<br />
Then I looked at the logs and noticed the following:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpgqxRiH7fz6S7CjO4O_H5kylSTwng6Sx32Q2VBQhgTZBPShDrswdGmtsgzONeILlLEFiCvpppxL7O8DtpoLU-Rk0Rqad_UDCP1z3mtJxlcMO1VqVt1neodsCsIAD_hz-5zBld-FZhx2iS/s1600/Log.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpgqxRiH7fz6S7CjO4O_H5kylSTwng6Sx32Q2VBQhgTZBPShDrswdGmtsgzONeILlLEFiCvpppxL7O8DtpoLU-Rk0Rqad_UDCP1z3mtJxlcMO1VqVt1neodsCsIAD_hz-5zBld-FZhx2iS/s1600/Log.png" height="38" width="400" /></a></div>
<br />
Why it asked me check the NETMAP file? I don't see any error there. What is "instance"? Why is it not found?<br />
<br />
After a little bit research, I realized "instance" is the same as "device". As shown in the diagram above, we have four instances - 1, 2, 3 and 4.<br />
<br />
We have problem with instance 1 (LAN1), which is connecting (referencing) instance 2 (R1). If the system was complaining about "instance not found", it can only be 1 or 2.<br />
<br />
I also noticed that instance 4 (LAN2) always works. What's the difference between 1 and 4?<br />
<br />
It turns out that in NETMAP file (connection definition), the "cloud" device cannot be the preceding one. The "correct" NETMAP should be written like this:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu91VU-3gJhpvCGkW0p7DppbL0hCIBxfuV75EkvVGFuqLuVuV1abH6iKq8xKYbkqC6iPBXR8SyoBU7zotOC_PEhJeBzx12D16rG8FDUOso5Knpe6E8D6p9u1C38an2ayMSptgRlwQrGDnz/s1600/Netmap2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu91VU-3gJhpvCGkW0p7DppbL0hCIBxfuV75EkvVGFuqLuVuV1abH6iKq8xKYbkqC6iPBXR8SyoBU7zotOC_PEhJeBzx12D16rG8FDUOso5Knpe6E8D6p9u1C38an2ayMSptgRlwQrGDnz/s1600/Netmap2.png" height="101" width="400" /></a></div>
<br />
Notice that instead of "1:0/0 2:0/0", I swap them and make it "2:0/0 1:0/0". Then try to start the LAN1 device. There we go:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVpqCkJUmP5xovb99MQ4_e7_hv4mP_g8CgRHKYPXKbe9UFfcCnUekdoAKewk9YjfAZaZYnFmUzJc36UVpO2daJWLxyBxGHysEhVv6vnY8Lp2yYwaakTKyvEHmKi78m4UH-DTA2mftjlIws/s1600/List2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVpqCkJUmP5xovb99MQ4_e7_hv4mP_g8CgRHKYPXKbe9UFfcCnUekdoAKewk9YjfAZaZYnFmUzJc36UVpO2daJWLxyBxGHysEhVv6vnY8Lp2yYwaakTKyvEHmKi78m4UH-DTA2mftjlIws/s1600/List2.png" height="153" width="640" /></a></div>
<br />
This seems to be a software bug. But the point is - a good engineer should be able to recognize the pattern from the symptom, perform deductive reasoning, and propose possible solution. :)Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com1tag:blogger.com,1999:blog-5691248957365391455.post-27639124036710782812014-09-23T09:33:00.001-07:002014-09-23T13:54:07.109-07:00UC 10.5, ESXi 5.5U2, DL380 G5My home lab has been collecting dust for a while. During the weekend, I wanted to refresh it with the latest and greatest, which means:<br />
<br />
1) Upgrade the server (MCS7845-H2 a.k.a. HP DL380 G5) BIOS and firmware.<br />
2) Upgrade VMware ESXi 5.0 to 5.5U2.<br />
3) Upgrade UC 7.0 to UC 10.5.<br />
<br />
It turned out that upgrading a system that's been collecting dust is VERY different from upgrading a system that's been up and running.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjgLIHnaKha8n7CyQ54DkgUXeg3rJ0BTyVQ2Zi2aqdXs5PQrlBifuaQ9YDDWtt2yEVU8q3Rq6UZTX_Uu6tp35979f7v9vRqFA4wWN6__jg34ochiT2D8Dn3sOcuh175QeYwcZzfQBfDq5K/s1600/7845.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjgLIHnaKha8n7CyQ54DkgUXeg3rJ0BTyVQ2Zi2aqdXs5PQrlBifuaQ9YDDWtt2yEVU8q3Rq6UZTX_Uu6tp35979f7v9vRqFA4wWN6__jg34ochiT2D8Dn3sOcuh175QeYwcZzfQBfDq5K/s1600/7845.JPG" height="265" width="400" /></a></div>
<br />
First of all, the system won't boot. Just gives me long beeps and the "Internal Health" and "External Health" LEDs are both red. Pull all memory chips out and resit them solves the problem.<br />
<br />
Then iLO configuration seems to be lost due low power level of the system battery. I can't log into iLO at all (the 'default password' is system specific with unique numbers). Set the "System Maintenance Switch" S1 to "On" bypasses the iLO password.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYpbg0KR9GkeueYlerEVAKX6ba8hODPyJ8HWJvA9Nv-GHi_MIIvE6f9wqpCMSOmwDEK4rFHWBAnXEPePX1hUY7MwVRzuzRh-UH-P8QAS9GgqOm0a9r_Uhu0wpYJVjhh1iwoEEc3nALuLdz/s1600/iLO.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYpbg0KR9GkeueYlerEVAKX6ba8hODPyJ8HWJvA9Nv-GHi_MIIvE6f9wqpCMSOmwDEK4rFHWBAnXEPePX1hUY7MwVRzuzRh-UH-P8QAS9GgqOm0a9r_Uhu0wpYJVjhh1iwoEEc3nALuLdz/s1600/iLO.jpg" height="140" width="400" /></a></div>
<br />
When trying to upgrade to ESXi 5.5 U2, I got the following error:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8tV5T6xWHYeHAm2WT2J2S8XhA_KGVBrnlPIor_qlpBnVjqcazJ8_Ycr1s6fNvodUmZqkdaKLXFW43vRGseHvBNkYQSXbL8z7Pmy1Rr9SbkfC_xLRBy7zQyk9d3K5OBe2aRlnLUAwLkPLp/s1600/Execute.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8tV5T6xWHYeHAm2WT2J2S8XhA_KGVBrnlPIor_qlpBnVjqcazJ8_Ycr1s6fNvodUmZqkdaKLXFW43vRGseHvBNkYQSXbL8z7Pmy1Rr9SbkfC_xLRBy7zQyk9d3K5OBe2aRlnLUAwLkPLp/s1600/Execute.jpg" height="37" width="400" /></a></div>
<br />
I know what it is. But how could this be not enabled while I have ESXi 5.0 on it before? Maybe it's also due to the motherboard battery? Anyway, go into BIOS and enable the "No-Execute Memory Protection".<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCHYwPp3TfQLL_CbCdiSGJxCOcCflY52tqmisQ5aLGGD1fNn-BfdCF7ClXLlsYRs9dR72_zinmIt-tQyzLUIoxVRHhbEPns9vZD5HeU39woZyCvUckSxF262FiZiic5FG_bFcjI-xgyGTn/s1600/BIOS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCHYwPp3TfQLL_CbCdiSGJxCOcCflY52tqmisQ5aLGGD1fNn-BfdCF7ClXLlsYRs9dR72_zinmIt-tQyzLUIoxVRHhbEPns9vZD5HeU39woZyCvUckSxF262FiZiic5FG_bFcjI-xgyGTn/s1600/BIOS.png" height="251" width="400" /></a></div>
After ESXi upgrade, I noticed that VMware persuade move from native VM client (based on C#) to "Web Client" (based on Adobe Flash). The initiative is to move from "fat client" to "thin client" so all new features can be hosted on the vCenter server. You may still use the "native client" but some of the features will be missing. Features as basic as editing a version 10 VM settings.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZZ5subSRcGwpcOS1rBS-NIwA7wvxoxhdpgkAZn8C30EZLdkrjadXQvSYLgoWYJ6AUhU8Dba_Zwbps_n8auMP0a7jSMXtXniHwlwMzn57FE9Bm9Mja6iRPt-EpdjIOitRZNBL-qiPLhyIy/s1600/vmclient.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZZ5subSRcGwpcOS1rBS-NIwA7wvxoxhdpgkAZn8C30EZLdkrjadXQvSYLgoWYJ6AUhU8Dba_Zwbps_n8auMP0a7jSMXtXniHwlwMzn57FE9Bm9Mja6iRPt-EpdjIOitRZNBL-qiPLhyIy/s1600/vmclient.jpg" height="320" width="258" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvlbjlyLURM_Rce3eT35RSqff-T9eYJ7JYd9irqtyzo5I8vThPcxG8JigAy-hDzmnY2zV69aB5bAdkZrLfxg6YPgpfCT9GFWjpBM5C3h27ow79m3YZdDNVpX12qPpoueF5f86Apt0NMAPJ/s1600/Restricted.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvlbjlyLURM_Rce3eT35RSqff-T9eYJ7JYd9irqtyzo5I8vThPcxG8JigAy-hDzmnY2zV69aB5bAdkZrLfxg6YPgpfCT9GFWjpBM5C3h27ow79m3YZdDNVpX12qPpoueF5f86Apt0NMAPJ/s1600/Restricted.jpg" height="178" width="400" /></a></div>
<br />
<br />
In order to use the "Web Client", you'll have to set up a vCenter server. Also, to view VM console from web browser, you'll need to install a plug-in, which doesn't work with Internet Explorer (as of today).<br />
<br />
When installing UCM 10.5, it took extremely long (> 10 hours). Further investigation revealed that the array controller battery died. Without battery, the array controller will disable cache, which makes it very, very slow on a RAID5 (slower than my laptop).<br />
<br />
I have multiple options:<br />
<br />
Option 1: Order one from eBay. It's not expensive (~ $12 a piece). The problem is - this kind of batteries are obsolete. Thus the ones on eBay are all used ones, which were manufactured a couple years ago. Who knows how long they'll last.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsoFf6CJBTM_xzd5GG5GGYJsENCLMbBKJ9kQGIy5h43KQgTle2IMd-_tjDdG2Oqt4rGy2vBN5U4_jkUu3fGCVifnp_q2VdLxgKx4KG3l_ynRsfj1S9MkgZqr7uhBI78adozfYlN55hrLBi/s1600/ArrayBattery.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsoFf6CJBTM_xzd5GG5GGYJsENCLMbBKJ9kQGIy5h43KQgTle2IMd-_tjDdG2Oqt4rGy2vBN5U4_jkUu3fGCVifnp_q2VdLxgKx4KG3l_ynRsfj1S9MkgZqr7uhBI78adozfYlN55hrLBi/s1600/ArrayBattery.jpg" height="296" width="320" /></a></div>
<br /><div class="separator" style="clear: both; text-align: center;">
</div>
Option 2: Make my own battery like this: <a href="http://opensource.wrenhill.com/?p=63">http://opensource.wrenhill.com/?p=63</a>. Then I can use cheap AA or AAA batteries instead of buying proprietary ones.<br />
<br />
Neither of the above options is quick enough for me. Thus I choose...<br />
<br />
Option 3: "Enable Cache Without Battery".<br />
<br />
To do this, you'll need ACU (Array Configuration Utility). You can do it with the ROM-based interface (BIOS).<br />
<br />
With VMware ESXi, the easiest way is to download the "offline ACU", which is a CD you boot from. Then configure the array controller from there.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpM3tsQoWctSUqLT4Pwf9T9JXQWxMlQ8iJQzfZ_r2a21-5eNoZQdl4dRCzG5iWPdXuvfOmrVR3_mqy7xP9iOkGyGJ2PBm8jmNYOlaY15UuyidU_hXv1wusyaym5WEmTXi3fbSqn8v-Rbih/s1600/EnableCache.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpM3tsQoWctSUqLT4Pwf9T9JXQWxMlQ8iJQzfZ_r2a21-5eNoZQdl4dRCzG5iWPdXuvfOmrVR3_mqy7xP9iOkGyGJ2PBm8jmNYOlaY15UuyidU_hXv1wusyaym5WEmTXi3fbSqn8v-Rbih/s1600/EnableCache.jpg" height="133" width="400" /></a></div>
<br />
For a RAID, it's the write operation that takes more time. Thus you want to make sure the write cache is not zero.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8gRLmnywU4nFJTssqGooLPSKGPCEQ48UpEuRTuz8-qwKsXjwS5e_u-i3XAY6IGe_LX_iNUzY4YJxykycXGnG49MsD7eGYB3QiE7mwLxE99bsdv_GUObzBJ900FijG919GGewCAcopN0Ld/s1600/Ratio.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8gRLmnywU4nFJTssqGooLPSKGPCEQ48UpEuRTuz8-qwKsXjwS5e_u-i3XAY6IGe_LX_iNUzY4YJxykycXGnG49MsD7eGYB3QiE7mwLxE99bsdv_GUObzBJ900FijG919GGewCAcopN0Ld/s1600/Ratio.jpg" height="240" width="400" /></a></div>
<br />
Last but not the least, download HP SPP DVD to update all firmwares and BIOS.<br />
<br />
P.S. DHCP doesn't work on UCM 10.5 in case you want to use UCM as a DHCP server. <a href="https://supportforums.cisco.com/discussion/12224526/cucm-105-dhcp-not-working">https://supportforums.cisco.com/discussion/12224526/cucm-105-dhcp-not-working</a>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-10497807404467385572014-08-11T10:21:00.002-07:002014-09-17T14:38:27.093-07:00Network Engineer Should Know A Little Bit Scripting and ExcelI was working on a network migration project for a large enterprise. They are migrating their Catalyst 6509 network to Nexus (7ks, 5ks, 2ks).<br />
<br />
Part of the migration is to move hundreds (if not thousands) of servers from 6509 switches to Nexus 2Ks.<br />
<br />
In an ideal world, it would be as easy as copy the interface configuration from 6509 and paste it into N5K (where N2K homed to). But we don't live in an ideal world.<br />
<br />
The challenge we are facing are:<br />
<br />
1) There are many local significant VLANs due to poor network design, which means, VLAN 100 on legacy switch may or may not be the same VLAN 100 on new switch. Thus you cannot just blindly copy the "switchport access vlan 100" command from legacy switch and paste it into new switch. We might have to create a L2 trunk from legacy switch to new switch. We might have to create new VLANs and SVIs.<br />
<br />
2) Even if the VLANs are perfectly fine, copy/paste the configuration for hundreds of ports are still a tedious work and prone to human errors. Some Catalyst commands need to be translated into NX-OS commands.<br />
<br />
3) Port-mapping is another process prone to human error. Cabling team might tell you the cable from Catalyst-Switch-23 port G3/27 is going to be moved to FEX-Switch-19 port 11. If the cabling team fat-fingered the FEX port number, network team could overwrite a FEX port that is currently being used and cause an outage. Sure you may review the FEX port before applying the changes. But again, reviewing hundreds of ports is a tedious work.<br />
<br />
4) Due to project schedule, cabling team has to build the port-mapping even before the FEX was online at N5K. Thus they reference the FEX by their grid location (e.g. "AB23") versus the "FEX number" in N5K (e.g. "Ethernet101"). How do we build the configuration script with mapping table referencing grid numbers?<br />
<br />
Solution:<br />
<br />
Spreadsheet is a very useful tool because:<br />
<ul>
<li>(Almost) everyone has a spreadsheet application on their computer (Microsoft Excel)</li>
<li>Spreadsheet is easy to use and format data, even the user is not very computer savvy (such as the cable guys)</li>
<li>Formulas can be used to validate data and generate desired results</li>
</ul>
<br />
I asked server team provide us a spreadsheet with servers they want to migrate in the first phase. Each row of the spreadsheet contains server IP address, subnet mask, default gateway, current switch name and switch port the server is connecting to.<br />
<br />
I wrote a VB script to format the "show run" output from switches into Excel spreadsheet with switch name, switch port, and interface configuration.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_9jnsoLE5bhl30yQhy_1-kyCZDRXRE4S7haRENHoRsUWUFZ0aHx_UOna0afGHGYlgIx_dxVyGJSdoRRQgt9tEb8lJqH12JCy0XZeHfw9UIO2ZT80SpIB9vxxGIlb54XCJCgKRJ7lf7pRu/s1600/Script.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_9jnsoLE5bhl30yQhy_1-kyCZDRXRE4S7haRENHoRsUWUFZ0aHx_UOna0afGHGYlgIx_dxVyGJSdoRRQgt9tEb8lJqH12JCy0XZeHfw9UIO2ZT80SpIB9vxxGIlb54XCJCgKRJ7lf7pRu/s1600/Script.jpg" height="368" width="400" /></a></div>
<br />
<br />
By cross-referencing server team's spreadsheet and the "show run" spreadsheet (done by computer of course), I have a new spreadsheet that tells me what VLANs and what default GWs are required by the servers. I review the configuration on new switches. If VLANs or default GWs are not ready, I submit change request to create them.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8QR_wDjRNOU01nz2aGJgnFF5SatnnNiopsWywN7eHKXeOJoLzVMsqdw8Wfc-gTQefq23hohB61IRbyG5carYKrbsYUqSqWa6yhBwgmWJUYJ5bb8z9mRY8ElrvHTwz2EvsLxDA_I0zWuZ2/s1600/Excel.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8QR_wDjRNOU01nz2aGJgnFF5SatnnNiopsWywN7eHKXeOJoLzVMsqdw8Wfc-gTQefq23hohB61IRbyG5carYKrbsYUqSqWa6yhBwgmWJUYJ5bb8z9mRY8ElrvHTwz2EvsLxDA_I0zWuZ2/s1600/Excel.jpg" height="281" width="400" /></a></div>
<br />
<br />
This is just the preparation stage. We haven't got to the FEX script stage yet.<br />
<br />
Next is to build a script that translate the Catalyst commands into NX-OS commands in the "show run" spreadsheet. (You may also do "find/replace". But IMO, scripting is more flexible).<br />
<br />
Next is to use a formula to translate the FEX grid number into N5K FEX numbers (i.e. from "AB23" to "Ethernet101"). Since we have more than one pair of N5K, this can't be done by simply "find/replace). E.g. "AB23" is corresponding to "Ethernet101" on first pair of N5Ks. However, "CD45" is corresponding to "Ethernet101" on the 2nd pair of N5Ks. Excel VLOOKUP function can achieve this.<br />
<br />
Next is to use a formula to build the FEX interface configuration. As we need to look up both switch name and port number, Excel INDEX function is used.<br />
<br />
Last but not the least, we also need to factor human errors.<br />
<br />
1) For each server on the spreadsheet, we should have old switch name, old port number, new switch name and new switch number. We cannot migrate the server if one of those was missing. I build a column to validate this. If something is missing, the value on corresponding row will be 'ERR'. Then I can filter all 'ERR' rows by this column.<br />
<br />
2) For each port we're migrating, there should be no existing config on the new switch (FEX). If there's existing config, we might have a conflict. I build another column to validate this. Again, it'll generate 'ERR' if a port was already configured. Then I can filter all 'ERR' rows by this column.<br />
<br />
In summary, with VB script and spreadsheet formulas, I save 95% of the time and lower the risk of human errors.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiRo2S1j1tT0AymneA5BgiwnBy-GfaFKrSPza5Z17WAMP5dbtepV7GTETf0E4JJe3nO0gsZZtyLJ5Rq12_7c8GF3LgOmSu5ViBJshvhESm2MczzGkJn1aF0QD3_TARcgyz1tiMW6VHVcja/s1600/N7710.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiRo2S1j1tT0AymneA5BgiwnBy-GfaFKrSPza5Z17WAMP5dbtepV7GTETf0E4JJe3nO0gsZZtyLJ5Rq12_7c8GF3LgOmSu5ViBJshvhESm2MczzGkJn1aF0QD3_TARcgyz1tiMW6VHVcja/s1600/N7710.jpg" height="342" width="400" /></a></div>
<br />Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com1tag:blogger.com,1999:blog-5691248957365391455.post-18075949723595343732014-06-09T07:53:00.001-07:002020-10-19T06:34:57.239-07:00Put a text file on router flash without file transferSay, you want to put a text-based file on a router's flash memory. It could be a license file, a config file, or some scripts.<br />
<br />
The 'regular' way is to use TFTP/FTP to transfer the file. But it could be a problem in some circumstances. For example:<br />
<br />
1) You're accessing the router through a terminal server (console port). There's no network connectivity between your PC and the router.<br />
2) Firewall/security policy prevents TFTP/FTP from happening.<br />
<br />
It would be great if Cisco IOS has a 'notepad' (or 'vi') so we can create/edit the file from IOS CLI. But it has not.<br />
<br />
Fortunately, Cisco IOS has tclsh. You may use tclsh create a file in flash memory and write some text to it.<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">Router#tclsh<br />Router(tcl)#<span style="background-color: yellow;"><b>puts [open "flash:script.txt" w+] "Some sample text"</b></span><br />Router(tcl)#tclquit<br /><br /> Router#dir flash:<br />Directory of flash:/<br /> 2 -rwx 2072 Jan 9 2014 10:24:23 -06:00 multiple-fs<br /> 3 -rwx 676 Feb 28 1993 18:01:35 -06:00 vlan.dat<br /> 4 -rwx 3570 Jan 9 2014 10:24:23 -06:00 private-config.text<br /> 5 -rwx 16 Jun 9 2014 09:34:35 -05:00 script.txt<br /> 6 drwx 192 Feb 28 1993 18:06:36 -06:00 c2960-lanbasek9-mz.122-55.SE7<br /> 562 -rwx 7340 Jan 9 2014 10:24:23 -06:00 config.text<br /><br />32514048 bytes total (18987520 bytes free)<br /><br /> Router#more flash:script.txt<br />Some sample text<br /><br /> Router#</span><br />
<br />
What if you want to create a file with multiple lines? Just escape the 'enter' with '\n'. For example:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace; font-size: small;">Router(tcl)#<span style="background-color: yellow;"><b>puts [open "flash:script.txt" w+] "Line 1 \n Line 2 \n Line 3"</b></span></span><br />
<br />
Hope this helps! <br />
<br />
Ref: <a href="https://www.cisco.com/c/en/us/support/docs/ip/telnet/116214-technote-technology-00.html">https://www.cisco.com/c/en/us/support/docs/ip/telnet/116214-technote-technology-00.html</a>Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com0tag:blogger.com,1999:blog-5691248957365391455.post-20586956359581378912014-03-06T20:55:00.000-08:002014-03-10T10:52:51.610-07:00Build a $30 Wireless LabOne of the recent project has quite a lot wireless LAN stuff. So I feel the urge to build a home lab.<br />
<br />
To build a wireless LAN lab, you need at least two things - a WLC (Wireless LAN Controller) and some compatible APs (Access Points).<br />
<br />
WLC was easy since you may download the virtual WLC (vWLC) software from cisco.com and throw it on VMware.<br />
<br />
It's not that easy when it comes to AP. There are so many different models from Cisco. I want the one that I can test most (if not all) the features with, while not costing me a fortune. After some research (both on cisco.com and eBay.com), I decided 1242AG is the one. This is a not-so-old AP that has 802.11a/b/g frequency and support many enterprise WLAN features (such as FlexConnect). Most importantly, it's pretty affordable. I got two for $30 (free shipping) from eBay. I ordered two in case I need to test the "roaming" feature.<br />
<br />
It looks like this:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjZowWOJ7KzY-TGZl4slyntnboNIPoQOZdPbnBUQk311pSL9NHA_zldhcVMBebZCQmVhw4m8dFSkqdOzOYhzrNCakshQhN8T1fpBXbZR4awOCZT5CCuLBG8_2lc9X6HLlQs4PReRCMmwvp/s1600/1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjZowWOJ7KzY-TGZl4slyntnboNIPoQOZdPbnBUQk311pSL9NHA_zldhcVMBebZCQmVhw4m8dFSkqdOzOYhzrNCakshQhN8T1fpBXbZR4awOCZT5CCuLBG8_2lc9X6HLlQs4PReRCMmwvp/s1600/1.JPG" height="240" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5iRH_tficzGXX8F5VHo0LkQqKDgL7K4l6PZTHub1VJQT4XGst1zLpFhC6gdN2IhfFZjrSdoT-ReXud4qpccxc5xCoZF3l1Cn8dXFIOsRsiSgSxRiDToOIRh4kw5VpFkIYX6ms3mcskSqo/s1600/2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5iRH_tficzGXX8F5VHo0LkQqKDgL7K4l6PZTHub1VJQT4XGst1zLpFhC6gdN2IhfFZjrSdoT-ReXud4qpccxc5xCoZF3l1Cn8dXFIOsRsiSgSxRiDToOIRh4kw5VpFkIYX6ms3mcskSqo/s1600/2.JPG" height="240" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdR4yv-n6HSscrgnB3EaULkijZspy3ur7-xIS48UptdmYTPVik-kB-TsWmD6HRyPFX_BxKs-9J_Se1IjBHDYLHdVlCfs98utnNvoeYXs1LVKehZnXxgLrQjffAPjiYyaQ14GCFt7-pm7jI/s1600/3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdR4yv-n6HSscrgnB3EaULkijZspy3ur7-xIS48UptdmYTPVik-kB-TsWmD6HRyPFX_BxKs-9J_Se1IjBHDYLHdVlCfs98utnNvoeYXs1LVKehZnXxgLrQjffAPjiYyaQ14GCFt7-pm7jI/s1600/3.JPG" height="240" width="320" /></a></div>
<br />
Two things to be aware of:<br />
1) Make sure to order one with antennas. Otherwise it'll cost you some extra bucks.<br />
2) They are mostly POE. So you'll need a POE switch or power adapter. You may get a cheap POE switch for less than $20. But those switch won't support VLAN trunking, just FYI.<br />
<br />
Luckily I still have my 3750G POE switch sitting around (from my CCIE voice lab). Now I have to design the network.<br />
<br />
In case you don't know, in real-life enterprise WLAN, they usually use DHCP option 43 to deliver the WLC IP address to APs. I'd like to do the same in my lab.<br />
<br />
But my Linksys router doesn't have the capability to configure DHCP options. Thus I need to set up a another DHCP server. How may I set up a secondary DHCP server while not interfering with the primary one? The answer is to put them into different VLAN/subnets.<br />
<br />
Here's my network design:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQGn3QY1nv_x-tzSrmTNqI3Hg5HVrt9wMqo0v1q01fMPJeTE4nAI3tKPhgzZg2MduDBaS82gEqMxJlrcq1G3Z7O31NTFGbwGvcEzAdqSk4MGHbZxsdbI9c2PgRK84fwji2KkwYQdCo1AcW/s1600/Network.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQGn3QY1nv_x-tzSrmTNqI3Hg5HVrt9wMqo0v1q01fMPJeTE4nAI3tKPhgzZg2MduDBaS82gEqMxJlrcq1G3Z7O31NTFGbwGvcEzAdqSk4MGHbZxsdbI9c2PgRK84fwji2KkwYQdCo1AcW/s1600/Network.png" height="270" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCZJlJGLULrfLbNh58Y3mIEvYy5M0gZDAQdLHBF3sR6vcUFi-DzXH6r11naY_v5oJL1_rNSXh9MSJtr99t3dyeMI-PI1sq1QMLNJFbaSBMZ1XJsN-kPtJYUVKjDAgWjPmxgGKgH_cj8u7h/s1600/Network.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
My Linksys home router connects to 3750 switch VLAN 1. The two APs connect to 3750 switch VLAN 3.<br />
<br />
3750 configuration:<br />
<blockquote class="tr_bq">
<span style="background-color: #cccccc;"><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">ip dhcp excluded-address 192.168.3.1 192.168.3.10<br />!<br />ip dhcp pool Wireless-Lab<br /> network 192.168.3.0 255.255.255.0<br /> default-router 192.168.3.1 <br /> option 43 hex f104.c0a8.0216<br />!<br />interface Vlan1<br /> ip address 192.168.2.1 255.255.255.0<br />!<br />interface Vlan3<br /> ip address 192.168.3.1 255.255.255.0<br />!<br />ip route 0.0.0.0 0.0.0.0 192.168.2.100<br />!<br />interface GigabitEthernet1/0/1<br /> description Linksys Router<br />!<br />interface GigabitEthernet1/0/2<br /> description AP-1<br /> switchport access vlan 3<br />!<br />interface GigabitEthernet1/0/3<br /> description AP-2<br /> switchport access vlan 3</span></span></span></blockquote>
Linksys configuraiton:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRA8zqaLk4oAO_coPTTh3b7Y_099lFRjuw16oVS7HwxXV9mbI7J6ZHPKD-BFLV_Y0GwmKsktcYPec0oSg8Sy5WJ6cqABMgyOXhNdjJEP5eXtH60zjnt2stxEsZ_c9QHRxdir2kCujxAh8V/s1600/LinksysRoute.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRA8zqaLk4oAO_coPTTh3b7Y_099lFRjuw16oVS7HwxXV9mbI7J6ZHPKD-BFLV_Y0GwmKsktcYPec0oSg8Sy5WJ6cqABMgyOXhNdjJEP5eXtH60zjnt2stxEsZ_c9QHRxdir2kCujxAh8V/s1600/LinksysRoute.png" height="171" width="400" /></a></div>
<br />
Now you should be able to ping from home PC (VLAN1) to VLAN 3 and vice versa.<br />
<br />
On the vWLC virtual machine, I set the NIC to bridge network so I can configure a static IP in my home network segment (I used 192.168.2.22).<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLHs3QxlT_Py7qb0hgAPQF5kjayQDaN4CUSK6ecfmBvs4YmD6GzOSLMBGh-2925cBu_okwpSl9IohG29bGXonix_Ex7d21ZyvQdYI7kfJOuwlG8u5vC_RDKZx1FkziatIzIWm5ZJH8EAcO/s1600/vm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLHs3QxlT_Py7qb0hgAPQF5kjayQDaN4CUSK6ecfmBvs4YmD6GzOSLMBGh-2925cBu_okwpSl9IohG29bGXonix_Ex7d21ZyvQdYI7kfJOuwlG8u5vC_RDKZx1FkziatIzIWm5ZJH8EAcO/s1600/vm.png" height="253" width="400" /></a></div>
<br />
Now you should be able to open a web page to the vWLC management portal. Also, you should be able to ping from the vWLC (192.168.2.22) to VLAN3 (192.168.3.1) and vice versa.<br />
<br />
In theory, when I plug the APs to the switch, they should:<br />
1) Power up<br />
2) Get their IP address and the vWLC's IP address (via option 43 from DHCP)<br />
3) Join the WLC<br />
<br />
Well, not surprisingly, they didn't work as desired. (if they did, there will be not much value for CCIEs)<br />
<br />
As a WLAN newbie, I went for documents, turned on debug, capture error messages, post questions on Cisco support forum. After spent quite some time on troubleshooting, I was advised to upgrade the IOS (does that sound familiar?)<br />
<br />
There are many different software, tools and procedures regarding AP upgrade:<br />
<ul>
<li>Autonomous vs. Lightwight vs. Recovery</li>
<li>TFTP vs. Upgrade Tool</li>
<li>etc.</li>
</ul>
After many trial and err, here are my conclusions:<br />
1) Upgrade to the latest IOS version before you troubleshoot<br />
2) All you need is a TFTP server. Don't use "upgrade tool"<br />
<br />
High-level recovery(upgrade) process:<br />
1) When the AP boots into recovery mode, it'll set its own IP address to 10.0.0.1 and search for TFTP server in the range of 10.0.0.2 - 10.0.0.30.<br />
2) If it found one, it'll try to download the "default" image. File name of the "default" image depends on the AP model. For 1242AG, the default image file name is "<span style="color: black; font-style: normal; font-weight: bold;">c1240-k9w7-tar.default</span>".<br />
3) If the above file is found on TFTP, AP will download and install it. Then reboot with that image.<br />
<br />
Now you have a high-level view, let's talk about the details and catchas.<br />
<br />
1) How to put a AP into recovery mode<br />
Power off the AP. Hold the "mode" button. Plug in the power (POE or Power Adapter). Now the status LED will be orange. Keep holding the button for about 30 seconds. You'll see the status LED turned purple. That means the AP is in recovery mode. You may release the button.<br />
<br />
2) What TFTP server to use<br />
You need a TFTP server that can customize the timeout threshold. Cisco recommends 30 seconds timeout. I set it to 60 just in case.<br />
<br />
3) What IP address to configure for the TFTP server<br />
You may use any IP in the range of 10.0.0.2 - 10.0.0.30. I normally use 10.0.0.2. If you got a "IP Conflict" message, just pick another one.<br />
<br />
4) What IOS image I should download<br />
There are three different IOS images you can download:<br />
Autonomous Image (e.g. c1240-k9w7-tar.124-25d.JA2.tar)<br />
Lightweight Image (e.g. c1240-k9w8-tar.124-25e.JAO3.tar)<br />
Recovery Image (e.g. c1240-rcvk9w8-tar.124-25e.JAO3.tar)<br />
<br />
You'll ultimate goal is to upgrade to the latest lightweight image (that's the image who can work with a WLC). But you might need to flash the AP with other images first in some situations (e.g. when your AP has a very very old firmware).<br />
<br />
When AP joins a WLC, it'll compare its IOS version and the ones on the WLC. If there's any discrepancy, it'll download and use the one from WLC. This is similar to IP phones download firmware from CallManager during registration.<br />
<br />
Because of that, it's recommended to put the recovery image on AP in recovery mode. The recovery image is a small footprint image that boot up the AP, provide network function so the AP can download the latest IOS from WLC.<br />
<br />
5) How do I make the AP take the image I specified?<br />
<br />
Remember that AP will only take a "default" image with specific file name in recovery mode. If you want AP to take the image, you'll need to rename it to the specific file name. See this link for naming conventions: <a href="http://www.cisco.com/c/en/us/td/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918">http://www.cisco.com/c/en/us/td/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918</a><br />
<br />
Be aware that Windows normally hide the file extensions. You need to configure Windows Explorer to show file extension so you can name the file correct.<br />
<br />
For example, you want to rename c1240-rcvk9w8-tar.124-25e.JAO3.tar to c1240-k9w7-tar.default. By default, Windows explorer will display "c1240-rcvk9w8-tar.124-25e.JAO3" as the file name. If you rename it to "c1240-k9w7-tar.default" in Windows Explorer, the file name actually becomes "c1240-k9w7-tar.default<span style="background-color: yellow;">.tar</span>", which is NOT correct.<br />
<br />
If AP successfully joined a WLC, you'll see something like this:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPJykc-MPzH8IfUnEnsriGpY_hjqvPqqEbKu_F_kRR7ZXo-U_AU3Xv5bl7c4FD_IcllcfJtjddgBwL_hZZiQyvgcP3kfQSOAnNjwhXTGFshPwSUvrnvvYOH4kS3PSh0BKNepLpWSO6fqvq/s1600/WLC.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPJykc-MPzH8IfUnEnsriGpY_hjqvPqqEbKu_F_kRR7ZXo-U_AU3Xv5bl7c4FD_IcllcfJtjddgBwL_hZZiQyvgcP3kfQSOAnNjwhXTGFshPwSUvrnvvYOH4kS3PSh0BKNepLpWSO6fqvq/s1600/WLC.png" height="218" width="400" /></a></div>
<br />
For troubleshooting, take a look at <a class="jive-link-external-small" href="http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html" rel="nofollow">http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html</a><br />
<br />
Enjoy your $30 wireless lab. :)Michael Luohttp://www.blogger.com/profile/11426506986724715144noreply@blogger.com1