Password Recovery in Cisco Router1.Tekan Ctrl Break hasilnya akan seperti ini :
Code:rommon 1>#Boot router dan interrupt dengan Ctrl break, langsung saat router dinyalakan 2.lalu masukkan command seperti ini
Code:rommon 1>confreg 0x2142
rommon 2>#Ganti configuration register untuk tidak meload dari NVRAM3.tekan i (initiate) untuk me-reload router
Code:rommon 2> I#Router akan me-restart4.Masuk ke Priviledge
Code:Router>ena
Router#5.Copy startup-config ke running-config
Code:Router#copy start run
Router#6.Ganti password secretnya
Code:Router#conf t
Router(config)#enable secret new7.Ganti configuration register ke default (0x2102)
Code:Router(config)#
Router(config)#config-register 0x2102
Router(config)#8.Copy running-config ke startup-config
Code:Router(config)#exit
Router#copy run start
Router#9.Lihat configuration register di show version
Code:Router#show version
Configuration register is 0x2142 (will be 0x2102 at next reload)
Router#10.Reload Router
Code:Router#reload

"Adding static routes" - Huzeyfe Önal - (2006-01-18 13:00:04) [2393]

How to save routing entries in OpenBSD?

1) create file /etc/routes in the following format:

[-net | -host] destination gateway

where destination and gateway can be symbolic names if you have entries in
/etc/networks
and /etc/hosts respectively or have running DNS in latter case.

For example:
-net acct 10.0.255.251
10.10.0.0 gate02


2) put these into /etc/netstart:

if [ -f /sbin/route ]; then
if [ -f /etc/routes ]; then
cat /etc/routes | while read line
do
/sbin/route add $line
done
fi
else
echo "$0: /sbin/route does not exist"
exit 1
fi

from openbsd @tech mailing list..( radecki)

Out of inodes

This article shows you how I dealt with an "out of inodes" problem. I was installing the entire ports tree on a new box. It froze. So I restarted it. Then it froze again. OK, this time I noticed the following messages on the console: Jul 5 14:25:48 little /kernel: pid 431 (cpio), uid 0 on /usr2: out of inodes Jul 5 14:26:19 little last message repeated 2550 times Jul 5 14:28:20 little last message repeated 10276 times Jul 5 14:28:25 little last message repeated 451 times

inode background

The problem is that we didn't have enough inodes. This is a common problem when you have many files of a small size. If you look at the man page for newfs, you'll see the following: -f frag-size The fragment size of the file system in bytes. It must be a pow­ er of two ranging in value between blocksize/8 and blocksize. The default is 1024 bytes. -i number of bytes per inode Specify the density of inodes in the file system. The default is to create an inode for every (4 * frag-size) bytes of data space. If fewer inodes are desired, a larger number should be used; to create more inodes a smaller number should be given. One inode is required for each distinct file, so this value effectively specifies the average file size on the file system. As you can read, with lots of small files, you'll quickly use up the inodes. When you install the ports system, you are adding lots of small files.

Create a new file system

Here's how I created a new file system. Note that this removes all files from the device. Make a backup first if you wish to retain anything. In the message log, it mentions /usr2. If you look the output from mount, you can see what device is out of inodes. The default value for inodes is 4096. So by specifying 1024 below, I have effectively increased the number of inodes by a factor of 4. In order words, we can now have four times as many files as we used to have. We'll use this as a starting point and see how it goes. # mount /dev/wd0s1a on / (local, writes: sync 424 async 2307) /dev/wd0s1f on /usr (local, writes: sync 3 async 2158) /dev/wd0s1e on /var (local, writes: sync 2086 async 7972) procfs on /proc (local) /dev/wd1s1e on /usr2 (local, writes: sync 8360 async 12055) You can see that /usr2 is actually /dev/wd1s1e. So that's the device which needs to be modified. On my file system, /usr2 contained only the ports directory. # umount /dev/wd1s1e # newfs -i 1024 /dev/wd1s1e newfs: /dev/wd1s1e: not a character-special device Warning: Bytes per inode restrict cylinders per group to 12. Warning: 2448 sector(s) in last cylinder unallocated /dev/wd1s1e: 415344 sectors in 102 cylinders of 1 tracks, 4096 sectors 202.8MB in 9 cyl groups (12 c/g, 24.00MB/g, 20672 i/g) super-block backups (for fsck -b #) at: 32, 49184, 98336, 147488, 196640, 245792, 294944, 344096, 393248, # mount /dev/wd1s1e # cd /usr The next step is to recreate my symbolic links back to /usr/ports: # cd /usr2 # mkdir ports # ln -s /usr2/ports /usr/ports http://www.freebsddiary.org/inodes.php

DHCP Mikrotix


[tonix@Markothil] > /ip pool add name=dhcp-on-lab ranges=192.168.14.1-192.168.14.40
[tonix@Markothil] > /ip dhcp-server network add address=192.168.14.0/26 gateway=192.168.14.62 dns-server=10.40.0.100
[tonix@Markothil] > /ip dhcp-server add interface=to-clients address-pool=dhcp-on-lab
[tonix@Markothil] > /ip dhcp-server enable 0

Mikrotix
(tested @ ICT Lab)

Nah berikut command buat bagi bandwith berdasar komp yg terkoneksi atau akrab di sapa PCQ (perconnection Queue)

[tonix@Markothil] > /ip firewall mangle add chain=forward src-address=192.168.14.0/26 action=mark-connection new-connection-mark=koneksi-pengguna
[tonix@Markothil] > /ip firewall mangle add connection-mark=koneksi-pengguna action=mark-packet new-packet-mark=pengguna chain=forward

[tonix@Markothil] > /queue type add name=pcq-donlod kind=pcq pcq-classifier=dst-address
[tonix@Markothil] > /queue type add name=pcq-uplod kind=pcq pcq-classifier=src-address

[tonix@Markothil] > /queue tree add parent=to-clients queue=pcq-donlod packet-mark=pengguna
[tonix@Markothil] > /queue tree add parent=to-Public queue=pcq-uplod packet-mark=pengguna


Teorinya :


Pilihan lain metode bandwidth manajemen ini, kalau seandainya ingin
bandwidth tersebut dibagi sama rata oleh Mikrotik, seperti bandwidth
256kbps downstream dan 256kbps upstream. Sedangkan client yang akan
mengakses sebanyak 10 client, maka otomatis masing-masing client
mendapat jatah bandwidth upstream dan downstream sebanyak 256kbps
dibagi 10. Jadi masing-masing dapat 25,6kbps. Andaikata hanya 2 Client
yang mengakses maka masing-masing dapat 128kbps.

Untuk itu dipakai type PCQ (Per Connection Queue), yang bisa secara
otomatis membagi trafik per client. Tentang jenis queue di mikrotik
ini dapat dibaca pada manualnya di http://www.mikrotik.com/testdocs/
ros/2.9/root/queue.php.

Sebelumnya perlu dibuat aturan di bagian MANGLE. Seperti :

——————————————————————–
/ip firewall mangle add chain=forward src-address=192.168.0.0/27
action=mark-connection new-connection-mark=users-con
/ip firewall mangle add connection-mark=users-con action=mark-packet
new-packet-mark=users chain=forward

Karena type PCQ belum ada, maka perlu ditambah, ada 2 type PCQ ini.
Pertama diberi nama pcq-download, yang akan mengatur semua trafik
melalui alamat tujuan/destination address. Trafik ini melewati
interface Local. Sehingga semua traffik download/downstream yang
datang dari jaringan 192.168.0.0/27 akan dibagi secara otomatis.

Tipe PCQ kedua, dinamakan pcq-upload, untuk mengatur semua trafik upstream
yang berasal dari alamat asal/source address. Trafik ini melewati
interface public. Sehingga semua traffik upload/upstream yang berasal
dari jaringan 192.168.0.0/27 akan dibagi secara otomatis.

Perintah:
————————————————————————-
/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address
————————————————————————-

Setelah aturan untuk PCQ dan Mangle ditambahkan, sekarang untuk aturan
pembagian trafiknya. Queue yang dipakai adalah Queue Tree, Yaitu:

————————————————————————-
/queue tree add parent=Local queue=pcq-download packet-mark=users
/queue tree add parent=Public queue=pcq-upload packet-mark=users
————————————————————————-
Perintah diatas mengasumsikan, kalau bandwidth yang diterima dari provider
Internet berflukstuasi atau berubah-rubah. Jika kita yakin bahwa bandwidth
yang diterima, misalkan dapat 256kbs downstream, dan 256kbps upstream, maka
ada lagi aturannya, seperti :

Untuk trafik downstreamnya :
————————————————————————
/queue tree add name=Download parent=Local max-limit=256k
/queue tree add parent=Download queue=pcq-download packet-mark=users
————————————————————————-

Dan trafik upstreamnya :
—————————————————————————
/queue tree add name=Upload parent=Public max-limit=256k
/queue tree add parent=Upload queue=pcq-upload packet-mark=users
—————————————————————————

----- named.conf ------

acl "xfer" {
 202.202.202.2/32; // secondary ns domain misalnya
};

acl "trusted" {
 // Disini anda tempatkan blok IP Address yang anda bolehkan
// melakukan recursive query
 // tambah sesuai kebutuhan

 202.202.202.0/24; // misalnya
 192.168.0.0/24; // LAN
 localhost; // Server ini
};

acl "bogon" {
 // Hapus atau comment LAN anda dari acl bogon ini

 0.0.0.0/8;
 1.0.0.0/8;
 2.0.0.0/8;
 5.0.0.0/8;
 7.0.0.0/8;
 10.0.0.0/8;
 23.0.0.0/8;
 27.0.0.0/8;
 31.0.0.0/8;
 36.0.0.0/8;
 37.0.0.0/8;
 39.0.0.0/8;
 42.0.0.0/8;
 49.0.0.0/8;
 50.0.0.0/8;
 77.0.0.0/8;
 78.0.0.0/8;
 79.0.0.0/8;
 92.0.0.0/8;
 93.0.0.0/8;
 94.0.0.0/8;
 95.0.0.0/8;
 96.0.0.0/8;
 97.0.0.0/8;
 98.0.0.0/8;
 99.0.0.0/8;
 100.0.0.0/8;
 101.0.0.0/8;
 102.0.0.0/8;
 103.0.0.0/8;
 104.0.0.0/8;
 105.0.0.0/8;
 106.0.0.0/8;
 107.0.0.0/8;
 108.0.0.0/8;
 109.0.0.0/8;
 110.0.0.0/8;
 111.0.0.0/8;
 112.0.0.0/8;
 113.0.0.0/8;
 114.0.0.0/8;
 115.0.0.0/8;
 116.0.0.0/8;
 117.0.0.0/8;
 118.0.0.0/8;
 119.0.0.0/8;
 120.0.0.0/8;
 169.254.0.0/16;
 172.16.0.0/12;
 173.0.0.0/8;
 174.0.0.0/8;
 175.0.0.0/8;
 176.0.0.0/8;
 177.0.0.0/8;
 178.0.0.0/8;
 179.0.0.0/8;
 180.0.0.0/8;
 181.0.0.0/8;
 182.0.0.0/8;
 183.0.0.0/8;
 184.0.0.0/8;
 185.0.0.0/8;
 186.0.0.0/8;
 187.0.0.0/8;
 192.0.2.0/24;
 // LAN saya 192.168.0.0/16;
 197.0.0.0/8;
 223.0.0.0/8;
 224.0.0.0/3;
};

logging {
 channel default_syslog {
     syslog local2;
     severity debug;
 };

 channel audit_log {
     file "/var/named/named_audit.log";
     severity debug;
     print-time yes;
 };

 category default { default_syslog; };
 category general { default_syslog; };
 category security { audit_log; default_syslog; };
 category config { default_syslog; };
 category resolver { audit_log; };
 category xfer-in { audit_log; };
 category xfer-out { audit_log; };
 category notify { audit_log; };
 category client { audit_log; };
 category network { audit_log; };
 category update { audit_log; };
 category queries { audit_log; };
 category lame-servers { audit_log; };
};

options {
 directory "/etc/named";
 pid-file "/var/named/named.pid";
 statistics-file "/var/named/named.stats";
 memstatistics-file "/var/named/named.memstats";
 dump-file "/var/adm/named.dump";
 zone-statistics yes;

 // mengantisipasi serangan DoS dengan menciptakan
 // bogus permintaan transfer zone
 // dapat menyebabkan terjadinya kelambatan transfer zone
 // antar authoritative server yang lain
 notify no;

 // efisiensi zone transfer
 transfer-format many-answers;

 // maksimum transfer zone dalam detik
 // tambahkan jika berkas zone anda besar
 // dan membutuhkan waktu transfer lebih dari 1 menit
 max-transfer-time-in 60;

 // tidak ada interface dynamic
 interface-interval 0;

 // hanya mengijinkan transfer zone dari IP address
 // yang ada pada acl xfer
 allow-transfer { xfer; };

 // query hanya dapat dilakukan oleh acl trusted
 // mencegah DNS server kita digunakan oleh umum
 allow-query { trusted; };

 // menolak semua yang berasal dari acl bogon
 blackhole { bogon; };
};

view "internal-in" in {

 // untuk recursion
 // dapat diakses oleh client pada acl trusted
 // tempatkan disini untuk domain internal atau uji coba

 match-clients { trusted; };
 recursion yes;
 additional-from-auth yes;
 additional-from-cache yes;

 zone "." in {
     type hint;
     file "cache.db";
 };

 zone "0.0.127.in-addr.arpa" in {
     type master;
     file "127.0.0.db";
     allow-query { any; };
     allow-transfer { none; };
 };

 zone "kecoak.lab" in {
     type master;
     file "zone/kecoak.lab.db";
 };

 zone "0.168.192.in-addr.arpa" in {
     type master;
     file "zone/192.168.0.db";
     allow-query { any; };
 };   
};

view "external-in" in {

 // jika DNS server difungsikan juga sebagai authoritative
 // tempatkan disini domain anda
 // dapat diakses oleh semua
 // namun tidak diijinkan recursion

 match-clients { any; };
 recursion no;
 additional-from-auth no;
 additional-from-cache no;

 zone "." in {
     type hint;
     file "cache.db";
 };

 zone "contoh1.com" in {
     type master;
     file "zone/contoh1.com.db";
     allow-query { any; };
 };

 zone "contoh2.com" in {       
     type master;
     file "zone/contoh2.com.db";         
     allow-query { any; };
 };

 zone "202.202.202.in-addr.arpa" in {
     type master;
     file "zone/202.202.202.db";
     allow-query { any; };
 };
};

view "external-chaos" chaos {

 // dapat dilihat oleh semua

 match-clients { any; };
 recursion no;

 zone "." {
     type hint;
     file "/dev/null";
 };

 zone "bind" {
     type master;
     file "bind.db";

     // ganti menjadi any jika anda bermaksud memperlihatkan versi BIND
     // misalnya ketika dilihat oleh dnsreport.com
     allow-query { trusted; };
     allow-transfer { none; };
 };
};
----- akhir named.conf -----

sekarang buat berkas bind.db pada /etc/named/
 (sesuaikan dengan konfigurasi pada berkas named.conf diatas)
yang isinya :

----- bind.db -----
; thanks to Rob Thomas - robt_at_cymru.com
;
$TTL    1D
$ORIGIN bind.
@       1D      CHAOS   SOA     localhost. root.localhost. (
             2006070407      ; serial
             3H              ; refresh
             1H              ; retry
             1W              ; expiry
             1D )            ; minimum
     CHAOS NS        localhost.

version.bind.   CHAOS  TXT "Ini Bukan DNS server bapakmu!"
authors.bind.   CHAOS  TXT "seseorang yang lebih hebat dari saya!"
----- akhir bind.db -----