Non SSH image:

RO user
RW secure

SSH image:

RO userpasswd
RW securepasswd

After upgrading from non-secure image the non SSH defaults apply!

Gratuitous ARP is a sort of “advance notification”, it updates the ARP cache of other systems before they ask for it (no ARP request) or to update outdated information.

When talking about gratuitous ARP, the packets are actually special ARP request packets, not ARP reply packets as one would perhaps expect. Some reasons for this are explained in RFC 5227.

The gratuitous ARP packet has the following characteristics:

Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)
This means the packet will be flooded to all ports on a switch
No reply is expected
Gratuitous ARP is used for some reasons:

Update ARP tables after a MAC address for an IP changes (failover, new NIC, etc.)
Update MAC address tables on L2 devices (switches) that a MAC address is now on a different port
Send gratuitous ARP when interface goes up to notify other hosts about new MAC/IP bindings in advance so that they don’t have to use ARP requests to find out
When a reply to a gratuitous ARP request is received you know that you have an IP address conflict in your network
HSRP, VRRP etc. use gratuitous ARP to update the MAC address tables on L2 devices (switches). Also there is the option to use the burned-in MAC address for HSRP instead of the “virtual”one. In that case the gratuitous ARP would also update the ARP tables on L3 devices/hosts.

Copying file to host:

scp SourceFile user@host:directory/TargetFile

Copying file from host:

scp user@host:directory/SourceFile TargetFile (or place . at the end instead of TargetFile)

The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the BOOTP protocol. UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client.

DHCP operations fall into four phases: server discovery, IP lease offer, IP request, and IP lease acknowledgment. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgment.

The DHCP operation begins with clients broadcasting a request. If the client and server are on different subnets, a DHCP Helper or DHCP Relay Agent may be used. Clients requesting renewal of an existing lease may communicate directly via UDP unicast, since the client already has an established IP address at that point.

ASA active/standby does not support preemption, only active/active or multicontext mode does.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1048966

From an elevated command prompt):route -p add <destination network> mask <net mask> <gateway>

The parameter -p makes the route permanent.

To see the routes already in place, just write “route print” in an elevated command prompt.

The NSRP parameters preempt and priority are used to control the preferred master.  
Having NSRP preempt properly configured can simplify firewall administration as an administrator will always know which physical firewall is master and which is backup. Please note that if NSRP preemption is configured, one should change the hold-down timer to a higher value (~120-180 seconds) to prevent NSRP failover flapping. Also note that preempt need not be configured on the backup device.
However, note that because NSRP preempt results in an additional NSRP failover event, it should not be configured in environments that seek to minimize NSRP failovers. One such environment is when the NetScreen devices participate in dynamic routing protocols. This is because an NSRP failover event will cause routing protocol reconvergence (a potentially performance-impacting event).

Mute + 27238 + #

show mac-address-table spbm i-sid x

hsrp2.group == x

ip.addr == a.b.c.d

vlan.id == x

eth.src == xx.xx.xx.xx.xx.xx

arp

bootp

arp.isgratuitous == 1