interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging static
switchport port-security mac-address 0000.1111.1111
sw1(config-if)#do sho port-s
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Fa0/1 1 1 0 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
sw1(config-if)#do sho port-s addres
Secure Mac Address Table
————————————————————————
Vlan Mac Address Type Ports Remaining Age
(mins)
—- ———– —- —– ————-
1 0000.1111.1111 SecureConfigured Fa0/1 59
————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
to test
r1
int f0/0
no mac 0000.1111.1111
sw1(config-if)#
06:57:59: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state
sw1(config-if)#
06:57:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0017.5925.f8d0 on port FastEthernet0/1.
06:58:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
sw1(config-if)#
06:58:01: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
sw1(config-if)#do sho inter status | inc err-dis
Fa0/1 err-disabled 1 auto auto 10/100BaseTX
sw1(config-if)#do sho inter status err-dis
Port Name Status Reason Err-disabled Vlans
Fa0/1 err-disabled psecure-violation
sw1(config-if)#do sho port-se
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Fa0/1 1 1 1 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
=====================================================
macro name Port-Secur
sw mo acc
sw port-s
sw port-s mac-address stick
sw port-s max 1
sw port-s vio pro
@
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5925.f8d1
macro description Port-Secur | Port-Secur
end
sw2(config-if-range)# do sho run int f0/2
Building configuration…
Current configuration : 275 bytes
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5902.9ce9
macro description Port-Secur | Port-Secur
end
etc………
====================================
to prevent two server from talking to each other in the same vlan
int range f0/15 – 16
sw mo acc
sw acc v 18
sw protected
sw2(config-if-range)#do sho int f0/15 sw
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 88 (VLAN0088)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: true <—————————<<<<
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
===========================
prevent UNKNOWN uni and mulitcast between the ports
int range f0/15 – 16
sw2(config-if-range)#switchport block unicast
sw2(config-if-range)#switchport block multicast
=======================================================
sw1(config)#do sho dot1x
Sysauthcontrol Disabled
Dot1x Protocol Version 2
Critical Recovery Delay 100
Critical EAPOL Disabled
aaa new-model
aaa authent login default none <–no radius srv– used so I’m not locked out
aaa authentication dot1x default group radius
radius-server host 192.168.1.2 key cisco
sw1(config-if)#do sh dot1x int f0/16
interface FastEthernet0/16
switchport mode access
dot1x pae authenticator
dot1x port-control auto
end
sw1(config-if)#do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
===================================
sw1(config)#do sh mac-address-table aging-time
Global Aging Time: 300
Vlan Aging Time
—- ———-
1 300
88 300
sw1(config)#mac-address-table aging-time 600
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sh mac-address-table aging-time
Global Aging Time: 600
Vlan Aging Time
—- ———-
1 600
88 600
==================================
to have the config.text and vlan.dat fiel deleted in password recoverty
no service password-recovery
sh ver
..(omitted for brevity)..
The password-recovery mechanism is disabled
…
========================================
sw1(config)# do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
sw1(config)#int f0/16
sw1(config-if)#dot1x host-mode multi-host
sw1(config-if)# do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
=============================================================
sw1(config)#mac-address-table static 0000.6666.6666 vlan 56 int f0/6
sw1(config)#do sho mac-address-table stat int f0/6
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
56 0000.6666.6666 STATIC Fa0/6
Total Mac Addresses for this criterion: 1
===================
sw1(config)#mac-address-table stat 0000.1111.2222 vlan 1 drop
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sho mac-address-table stat add 0000.1111.2222
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0000.1111.2222 STATIC Drop
Total Mac Addresses for this criterion: 1
=======================
r1(config-if)#do sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.2 0 0000.2222.2222 ARPA FastEthernet0/0
Internet 10.1.1.1 - 0000.1111.1111 ARPA FastEthernet0/0
cat1
ip arp inspection vlan 1
ip arp inspection filter TST vlan 1 static
arp access-list TST
permit ip host 10.1.1.2 mac host 0000.2222.2222
permit ip host 10.1.1.1 mac host 0000.1111.1111
testing
r2(config-if)#do pin 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
r2(config-if)#do sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.2 - 0000.2222.2222 ARPA FastEthernet0/1
Internet 10.1.1.1 0 0000.1111.1111 ARPA FastEthernet0/1
r2(config-if)#no mac-add 0000.2222.2222
r2(config-if)#do ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..
cat1
08:20:58: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:20:58 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:00: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:00 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:02: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:02 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:04: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:04 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:06: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:06 UTC Mon Mar 1 1993])
=================
sw1(config-if)#ip arp inspection limit rate 10 burst interval 2
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#do sho ip arp insp inter
Interface Trust State Rate (pps) Burst Interval
————— ———– ———- ————–
Fa0/1 Untrusted 10 2
Fa0/2 Untrusted 15 1
Fa0/3 Untrusted 15 1
=================
mac access-list extended TEST
deny any any decnet-iv
deny any any etype-6000
deny any any etype-8042
permit any any
sw1(config-if)#do sho mac access int f0/10
Interface FastEthernet0/10:
Inbound access-list is TEST
Outbound access-list is not set
===================================
mac access-list extended MAC-forward
permit host 0000.1111.2222 any
permit host 0000.1111.3333 any
mac access-list extended Protocol-forward
permit any any decnet-iv
permit any any vines-ip
mac access-list extended Protocol=forward
mac access-list extended TEST
deny any any decnet-iv
deny any any etype-6000
deny any any etype-8042
permit any any
vlan access-map TST 10
action drop
match ip address R1-2
vlan access-map TST 20
action drop
match ip address UDP
vlan access-map TST 30
action drop
match ip address TCP
vlan access-map TST 40
action drop
match ip address IGMP
vlan access-map TST 50
action drop
match mac address MAC-forward
vlan access-map TST 60
action drop
match mac address Protocol-forward
vlan access-map TST 70
action forward
!
vlan filter TST vlan-list 2
ip access-list extended IGMP
permit igmp any any
ip access-list extended R1-2
permit ip host 10.1.1.1 host 10.1.1.2
permit ip host 10.1.1.2 host 10.1.1.1
ip access-list extended TCP
permit tcp host 10.1.1.3 host 10.1.1.4
permit tcp host 10.1.1.4 host 10.1.1.3
ip access-list extended UDP
permit udp any any
============================
switchport mode access
switchport port-security
switchport port-security aging time 60
switchport port-security aging static
switchport port-security mac-address 0000.1111.1111
sw1(config-if)#do sho port-s
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Fa0/1 1 1 0 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
sw1(config-if)#do sho port-s addres
Secure Mac Address Table
————————————————————————
Vlan Mac Address Type Ports Remaining Age
(mins)
—- ———– —- —– ————-
1 0000.1111.1111 SecureConfigured Fa0/1 59
————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
to test
r1
int f0/0
no mac 0000.1111.1111
sw1(config-if)#
06:57:59: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state
sw1(config-if)#
06:57:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0017.5925.f8d0 on port FastEthernet0/1.
06:58:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
sw1(config-if)#
06:58:01: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
sw1(config-if)#do sho inter status | inc err-dis
Fa0/1 err-disabled 1 auto auto 10/100BaseTX
sw1(config-if)#do sho inter status err-dis
Port Name Status Reason Err-disabled Vlans
Fa0/1 err-disabled psecure-violation
sw1(config-if)#do sho port-se
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Fa0/1 1 1 1 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
=====================================================
macro name Port-Secur
sw mo acc
sw port-s
sw port-s mac-address stick
sw port-s max 1
sw port-s vio pro
@
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5925.f8d1
macro description Port-Secur | Port-Secur
end
sw2(config-if-range)# do sho run int f0/2
Building configuration…
Current configuration : 275 bytes
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5902.9ce9
macro description Port-Secur | Port-Secur
end
etc………
====================================
to prevent two server from talking to each other in the same vlan
int range f0/15 – 16
sw mo acc
sw acc v 18
sw protected
sw2(config-if-range)#do sho int f0/15 sw
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 88 (VLAN0088)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: true <—————————<<<<
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
===========================
prevent UNKNOWN uni and mulitcast between the ports
int range f0/15 – 16
sw2(config-if-range)#switchport block unicast
sw2(config-if-range)#switchport block multicast
=======================================================
sw1(config)#do sho dot1x
Sysauthcontrol Disabled
Dot1x Protocol Version 2
Critical Recovery Delay 100
Critical EAPOL Disabled
aaa new-model
aaa authent login default none <–no radius srv– used so I’m not locked out
aaa authentication dot1x default group radius
radius-server host 192.168.1.2 key cisco
sw1(config-if)#do sh dot1x int f0/16
interface FastEthernet0/16
switchport mode access
dot1x pae authenticator
dot1x port-control auto
end
sw1(config-if)#do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
===================================
sw1(config)#do sh mac-address-table aging-time
Global Aging Time: 300
Vlan Aging Time
—- ———-
1 300
88 300
sw1(config)#mac-address-table aging-time 600
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sh mac-address-table aging-time
Global Aging Time: 600
Vlan Aging Time
—- ———-
1 600
88 600
==================================
to have the config.text and vlan.dat fiel deleted in password recoverty
no service password-recovery
sh ver
..(omitted for brevity)..
The password-recovery mechanism is disabled
…
========================================
sw1(config)# do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
sw1(config)#int f0/16
sw1(config-if)#dot1x host-mode multi-host
sw1(config-if)# do sh dot1x int f0/16
Dot1x Info for FastEthernet0/16
———————————–
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
=============================================================
sw1(config)#mac-address-table static 0000.6666.6666 vlan 56 int f0/6
sw1(config)#do sho mac-address-table stat int f0/6
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
56 0000.6666.6666 STATIC Fa0/6
Total Mac Addresses for this criterion: 1
===================
sw1(config)#mac-address-table stat 0000.1111.2222 vlan 1 drop
sw1(config)#
sw1(config)#
sw1(config)#
sw1(config)#do sho mac-address-table stat add 0000.1111.2222
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0000.1111.2222 STATIC Drop
Total Mac Addresses for this criterion: 1
=======================
r1(config-if)#do sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.2 0 0000.2222.2222 ARPA FastEthernet0/0
Internet 10.1.1.1 - 0000.1111.1111 ARPA FastEthernet0/0
cat1
ip arp inspection vlan 1
ip arp inspection filter TST vlan 1 static
arp access-list TST
permit ip host 10.1.1.2 mac host 0000.2222.2222
permit ip host 10.1.1.1 mac host 0000.1111.1111
testing
r2(config-if)#do pin 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
r2(config-if)#do sho ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.2 - 0000.2222.2222 ARPA FastEthernet0/1
Internet 10.1.1.1 0 0000.1111.1111 ARPA FastEthernet0/1
r2(config-if)#no mac-add 0000.2222.2222
r2(config-if)#do ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
…..
cat1
08:20:58: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:20:58 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:00: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:00 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:02: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:02 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:04: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:04 UTC Mon Mar 1 1993])
sw1(config-arp-nacl)#
08:21:06: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 1.([0017.5902.9ce9/10.1.1.2/0000.0000.0000/10.1.1.1/08:21:06 UTC Mon Mar 1 1993])
=================
sw1(config-if)#ip arp inspection limit rate 10 burst interval 2
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#
sw1(config-if)#do sho ip arp insp inter
Interface Trust State Rate (pps) Burst Interval
————— ———– ———- ————–
Fa0/1 Untrusted 10 2
Fa0/2 Untrusted 15 1
Fa0/3 Untrusted 15 1
=================
mac access-list extended TEST
deny any any decnet-iv
deny any any etype-6000
deny any any etype-8042
permit any any
sw1(config-if)#do sho mac access int f0/10
Interface FastEthernet0/10:
Inbound access-list is TEST
Outbound access-list is not set
===================================
mac access-list extended MAC-forward
permit host 0000.1111.2222 any
permit host 0000.1111.3333 any
mac access-list extended Protocol-forward
permit any any decnet-iv
permit any any vines-ip
mac access-list extended Protocol=forward
mac access-list extended TEST
deny any any decnet-iv
deny any any etype-6000
deny any any etype-8042
permit any any
vlan access-map TST 10
action drop
match ip address R1-2
vlan access-map TST 20
action drop
match ip address UDP
vlan access-map TST 30
action drop
match ip address TCP
vlan access-map TST 40
action drop
match ip address IGMP
vlan access-map TST 50
action drop
match mac address MAC-forward
vlan access-map TST 60
action drop
match mac address Protocol-forward
vlan access-map TST 70
action forward
!
vlan filter TST vlan-list 2
ip access-list extended IGMP
permit igmp any any
ip access-list extended R1-2
permit ip host 10.1.1.1 host 10.1.1.2
permit ip host 10.1.1.2 host 10.1.1.1
ip access-list extended TCP
permit tcp host 10.1.1.3 host 10.1.1.4
permit tcp host 10.1.1.4 host 10.1.1.3
ip access-list extended UDP
permit udp any any
============================
No comments:
Post a Comment