Saturday, February 17, 2007

Hotspot Server and NoCatAuth

This is the quick-and-dirty guide to getting a wireless gateway running with
the NoCatAuth system. If you simply want to "run a NoCat node", this should
get you going.

For detailed instructions on how to set up your own Authentication Service
(and a good overall view of how this whole thing works), check out
Introduction.txt and AuthService.txt in the doc/ directory.

We don't recommend running the gateway and the authservice on the same machine,
but if you're dead-set on doing it, be sure to read doc/SameMachine.txt *first*.

###
## Installing a Gateway
##

For the terminally impatient
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Check your prerequisites as below. Then, try the following:

$ su -
# tar zvxf NoCatAuth-x.xx.tar.gz
# cd NoCatAuth-x.xx
# make gateway
# cd /usr/local/nocat
# vi nocat.conf
# bin/gateway

If you see something to the effect of:

[2001-12-28 20:38:27] Resetting firewall.
[2001-12-28 20:38:27] Binding listener socket to 0.0.0.0

...then you're up! Watch the progress in 'nocat.log', and give it a try.


Step by step
-=-=-=-=-=-=-

Currently, the gateway is designed to run on a standalone box. If you
have other firewall rules defined, THEY WILL BE OVERWRITTEN by the gateway
process when it starts. See the end of this file for how to get around
this, but please first consider running the gateway on its own machine.

Also, remember that running a gateway requires root permissions.


1. Make sure you have the prerequisites installed:

* Linux 2.4.x with iptables. You'll find a sample kernel configuration
in etc/linux-2.4.config. Support for other OSes is planned,
especially FreeBSD. Support for ipchains is beta, and is currently
broken. Patches welcome.

* gpgv, a PGP signature verifier. gpgv comes with the gnupg package,
which can be downloaded from http://www.gnupg.org/download.html

* You'll probably also want to run dhcpd on this machine, but DHCP
can in some cases be served from your access point or elsewhere on
your local network.

* If you want to try the bandwidth throttling rules, you'll also need a
copy of the 'tc' tool from the iproute2 package. Get it at
ftp://ftp.inr.ac.ru/ip-routing/

* Optionally (and recommended), a local caching DNS server.

2. Unpack the NoCatAuth tarball. You probably already did this if you're
reading this file.

$ tar zvxf NoCatAuth-x.xx.tar.gz

3. Edit the Makefile, if necessary. The only real option at present is
INST_PATH, which determines where NoCatAuth gets installed to. The default
is '/usr/local/nocat', so if that's okay with you, you can skip this step.

4. From the NoCatAuth directory, run 'make gateway'. This will install the
important pieces of the gateway software.

5. Edit the /usr/local/nocat/nocat.conf file to suit. These parameters are
required:

* InternalDevice must be set to the interface name of your wireless card,
or the ethernet card that talks to your AP (e.g., eth0. See
docs/Introduction.txt for more details.)

* ExternalDevice must be set to the name of the network interface
that talks to the Internet. (probably the ethernet card connected to
your DSL or cable modem, or your dialup device: eth1, ppp0, etc.)

* LocalNetwork needs to be set to the network address and mask of your
internal (wireless) network. This typically takes the form
111.222.333.444/255.255.255.0, or 11.22.33.44/24, etc.

* DNSAddr needs to be set to the same domain name server address that
your DHCP server hands out, if and only if you're using a DNS
outside your LocalNetwork (as specified above). Otherwise, if you're
using a caching DNS server on the gateway or anywhere else on your
wireless network, leave this option commented out.

* GatewayMode toggles between Open and Captive mode. An Open gateway
just displays the html file specified in SplashForm for acceptance.
Captive mode implements the whole authentication process. If you
want people to have to login, use Captive mode.

* AuthServiceAddr, AuthServiceURL, and LogoutURL depend on your chosen
auth service (assuming you're using Captive as your GatewayMode.)
Check with your local auth service admins for these values (or leave
the defaults to use our auth service.)

* IncludePorts and ExcludePorts can be set to restrict ports that public
users can access (say, to disallow email traffic.) If you use
IncludePorts, only the ports listed will be allowed. Using
ExcludePorts makes all ports available *except* the ports listed.
Currently, only TCP ports are supported.

###
## Starting the gateway
##

You should now be able to start the portal by running bin/gateway as root.
You'll see a message to the effect of:

[2001-12-28 20:38:27] Resetting firewall.
[2001-12-28 20:38:27] Binding listener socket to 0.0.0.0

If it doesn't start cleanly, read on.

The portal needs to know where to find (a) its perl libraries, and (b) its
nocat.conf configuration file. NoCatAuth tries very hard to figure out these
values on its own. If you installed to /usr/local/nocat, you should have no
problems.

Otherwise, you *may* need to add the following variables to the
shell environment before running the gateway script:

$ export PERL5LIB=/path/to/nocat/lib:$PERL5LIB
$ export NOCAT=/path/to/nocat/nocat.conf

Utilities like iptables, modprobe, and gpgv need should be in your $PATH
somewhere (if they aren't already). For example:

$ export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin

Starting the gateway is then as simple as: (from a root prompt)

# /path/to/nocat/bin/gateway

NOTE: You MUST run the gateway program as root, in order for it to be able to
update the firewall rules as needed. Arguably, this is a bug. Patches welcome.

To start the gateway service automatically at boot time, check out the
etc/nocat.rc script. Install it by copying it to /etc/rc.d/init.d, and
either add a call to it in your rc.local, or symlink it to your runlevel,
like this:

# ln -s /etc/rc.d/init.d/nocat.rc /etc/rc.d/rc3.d/S99nocat

Congratulations. You're now running a gateway.

###
## Important Notes for the Gateway
##

* Make sure that your dhcp server hands out the same DNS address listed in
nocat.conf (if you're using external DNS). Otherwise, your wireless
clients won't be able to resolve hostnames.

* We have designed this software to be run on very modest hardware (a 486/50
with 32MB ram should be plenty.) Please consider running the gateway on a
dedicated machine before simply installing it on your existing firewall.

IP security is a complicated enough already... NoCat adds to the
complexity by introducing dynamic firewall rules that are triggered by
completely anonymous users (via the wireless.) While no security system is
foolproof, risk can be minimized by isolating your wireless node from the
rest of your network.

Please read docs/Introduction.txt (and a good book on firewalls) for more
details.


### Thanks for using NoCatAuth. GOOD LUCK! PATCHES WELCOME!
Posted by at No comments:

Hotspot Server Installation Guide

I. Creating the Admin Account


[ Skip to Section II if you already have a Less Networks username (and password) that you will use as the administrator account for this hotspot server. ]

1. From any internet connection, go to www.lessnetworks.com
Click the "Sign Up Free" button in the "Benefits" section of the page.
You will be taken to the User Registration form where you will have to pick a username and enter an email address.
In a few minutes, you will receive an email at that email address from Less Networks.
Follow the directions in the email - you will be asked to pick a password for the account.
Remember the username and password - you will need that information to finish installing your Less Networks hotspot.

II. Building the Hotspot Server


[ Skip to Section III if your computer already has Linux, NoCat, and LESS Networks software. ]

1. Power up the computer with a monitor and a keyboard.
Plug the ethernet cable from the network/Internet connection into eth0.
Typically, it's the NIC "closest" to the bus.
If you aren't sure, guess and correct later.
[You may need to go into the BIOS/Set Up Menu to set the boot order so that it boots first from the CD Drive.]

2. Place the Less Networks Hotspot Server Installation CD in the CD reader.
Type "ACCEPT" when prompted.
Wait approximately 10 minutes for the Linux and NoCat installation to complete.
[When installation is finished, the system will eject the CD and reboot.]

3. When the system reboots, Linux will perform a multi-point self-diagnostic.
Wait for a login screen to appear.
Login as "root".
If the equipment is a pre-Built Hotspot Server ordered from Less Networks,
use the password "imag3micr0" [numbers 3 and 0];
otherwise, use the password "foobar".
Immediately change the password:
[root@localhost root]# passwd

III. Connecting the Hotspot Server to Internet and Wireless Network


To connect your Hotspot Server to the internet and wireless network, follow the instructions below for your type of network connection: dynamic (default), static, or PPPoE.

Dynamic Network Connection

[ This is the default type of network connection. ]

Here are the instructions for connecting the Hotspot Server to a dynamic IP (for example, to a firewall/router serving DHCP).

Quick Method for Dynamic

1. After re-booting, Linux will perform a multi-point self-diagnostic.

2. If the self-diagnostic fails at eth0 with reason "network cable unplugged?":
Move the ethernet cable to the other NIC,
Reboot by holding down CONTROL-ALT-DELETE.

3. If the self-diagnostic succeeds:
You have correctly connected eth0 to the network.
The other NIC is eth1 -- mark the NICs appropriately.

4. If you have subsequent problems obtaining an IP address on either NIC:

Please use the Alternative Method below.

Alternative Method for Dynamic

1. Looking for eth0 and eth1:
Use a crossover cable to connect a client computer to either of the NIC ethernet ports on the Hotspot Server.
On the client, do what you would normally do to get a new IP address:
On Windows: "ipconfig /release", then "ipconfig /renew".
On Linux: "ifdown eth0", then "ifup eth0".
The client should obtain an IP address of the form 192.168.168.xxx (where xxx can be 250 or less).
ssh to 192.168.168.1 (the Hotspot Server) as "root".
[ Note that a free ssh client is available for most platforms at www.openssh.com ]
If successful, this NIC is eth1 and the other is eth0 -- mark them accordingly.
Connect eth0 to the internet via LAN, DSL, cable modem, etc.
If not successful, try the above instructions with the client attached to the ethernet port of the other NIC.

2. Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to include the following lines:
BOOTPROTO=dhcp
ONBOOT=yes
[ Note that all caps must be used for each word that precedes an equals sign above (e.g., BOOTPROTO) ]

3. Verify that LAN and WAN are working:
Log off the ssh connection.
If the Hotspot Server connects directly to a cable or DSL modem, power cycle the modem.
Reboot the Hotspot Server.
If the self-diagnostic fails at eth0 with the reason "network cable unplugged?",
move the ethernet cable to the other NIC,
then reboot by holding down CONTROL-ALT-DELETE.
If the self-diagnosic succeeds, then you have found eth0, and the other NIC is eth1.
After reboot is complete, ssh to the Hotspot Server from the client computer.
[root@localhost root]# ping yahoo.com
Success means that both eth0 and eth1 are working.
[ Note that the client computer will not yet show a valid connection to the internet ]

Static Network Connection

1. Looking for eth0 and eth1:
Use a crossover cable to connect a client computer to either of the NIC ethernet ports on the Hotspot Server.
On the client, do what you would normally do to get a new IP address:
On Windows: "ipconfig /release", then "ipconfig /renew".
On Linux: "ifdown eth0", then "ifup eth0".
The client should obtain an IP address of the form 192.168.168.xxx (where xxx can be 250 or less).
ssh to 192.168.168.1 (the Hotspot Server) as "root".
[ Note that a free ssh client is available for most platforms at www.openssh.com ]
If successful, this NIC is eth1 and the other is eth0 -- mark them accordingly.
Connect eth0 to the internet via LAN, DSL, cable modem, etc.
If not successful, try the above instructions with the client attached to the ethernet port of the other NIC.

2. Using the Hotspot Server ssh connection, edit /etc/resolv.conf to reflect your DNS ("nameserver" settings):
nameserver
nameserver

3. Using the Hotspot Server ssh connection, edit /etc/sysconfig/network-scripts/ifcfg-eth0 to include the following:
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=
GATEWAY=
NETMASK=
[ Note that all caps must be used for each word that precedes an equals sign above (e.g., BOOTPROTO) ]

4. Using the Hotspot Server ssh connection, edit /usr/local/nocat/nocat.conf and /opt/less/files_to_be_copied/nocat.conf.tmpl to include the following:
DNSAddr

5. Verify that LAN and WAN are working:
Log off the ssh connection.
If the Hotspot Server connects directly to a cable or DSL modem, power cycle the modem.
Reboot the Hotspot Server.
After reboot is complete, ssh to the Hotspot Server from the client computer.
[root@localhost root]# ping yahoo.com
Success means that both eth0 and eth1 are working.
[ Note that the client computer will not yet show a valid connection to the internet ]

PPPoE Network Connection

[ If you have an Efficient/SBCYahoo 5100B DSL Modem, first read the document at www.midasnetworks.com/5100AB.html ]

1. Looking for eth0 and eth1:
Use a crossover cable to connect a client computer to either of the NIC ethernet ports on the Hotspot Server.
On the client, do what you would normally do to get a new IP address:
On Windows: "ipconfig /release", then "ipconfig /renew".
On Linux: "ifdown eth0", then "ifup eth0".
The client should obtain an IP address of the form 192.168.168.xxx (where xxx can be 250 or less).
ssh to 192.168.168.1 (the Hotspot Server) as "root".
[ Note that a free ssh client is available for most platforms at www.openssh.com ]
If successful, this NIC is eth1 and the other is eth0 -- mark them accordingly.
Connect eth0 to the internet via LAN, DSL, cable modem, etc.
If not successful, try the above instructions with the client attached to the ethernet port of the other NIC.

2. To connect the Hotspot Server to PPPoE:
Type "adsl-setup" on the command line of the Hotspot Server ssh connection, and answer the questions.
When prompted, you must enter the PPPoE login and password for this DSL line.
When asked about Firewall, set the level to "0".
Finish by agreeing to change your configuration.
Type "ifup ppp0" on the Hotspot Server command line.

3. Verify that LAN and WAN are working:
Log off the ssh connection.
If the Hotspot Server connects directly to a cable or DSL modem, power cycle the modem.
Reboot the Hotspot Server.
After reboot is complete, ssh to the Hotspot Server from the client computer.
[root@localhost root]# ping yahoo.com
Success means that both eth0 and eth1 are working.
[ Note that the client computer will not yet show a valid connection to the internet ]

IV. Configuring your AP (Access Point)


1. Configure your AP using a wireless client (you will need to associate with the correct SSID) or a wired client.
Do not connect the AP to the Hotspot Server yet.
You may need to login to the AP.
Read the instructions for administering your AP if you have problems connecting to it.

2. Set the SSID of your AP to the name of the Venue. Examples:
AntoniosTexMex
RutaMaya
BDRileys

3. Configure your AP to not serve dhcp [Exact instructions vary by make/model/manufacturer]
sometimes "disable dhcp server"
sometimes "Gateway only"

4. Connect eth1 of the Hotspot Server to the AP.
If there is a designated WAN port on the AP, DO NOT connect to it.
Use one of the other ports.

V. Setting the Admin Account and Customizing your Hotspot


Complete this step NOW!
Any wireless user can perform this step and lock you out from being able to administer your hotspot.
No user, including you, can access the internet from this hotspot until this step is completed.

1. From a wireless notebook, make a wireless connection to the AP.
You may require the correct SSID from above.

2. With your wireless notebook, launch a browser and try to go to "www.google.com".
In a few seconds, your browser should be redirected to a login page.

3. From your browser, login as "guestadmin" with a password "foobar".
This should take you to the Welcome page for your new hotspot.
Click the "Finish Installation" link on the left side of the page.
This should take you to the "Customize Your Hotspot" form.

4. To finish installation of your hotspot, follow the steps in www.lessnetworks.com/static/v099/LessADMIN.html

5. Note that this admin account is for customizing your hotspot's look and feel, deciding who to grant access, etc.
It should not be confused with the Linux login to the hotspot server.

VI. Powering Down the Hotspot Server


1. To safely power-down the Hotspot Server:
ssh to 192.168.168.1 and login as "root".
Enter the command:
[root@localhost root]# shutdown -h now
Turn off the power when instructed.

VII. Changing Hotspot Server Connection Configuration


1. Dynamic to Static
If you are changing the Hotspot Server connection from Dynamic (default) to Static, follow the instructions in the section on Static Network Connection.

2. Dynamic to PPPoE
If you are changing the Hotspot Server connection from Dynamic (default) to PPPoE, follow the instructions in the section on PPPoE Network Connection.

3. PPPoE to Dynamic
If you are changing the Hotspot Server connection from PPPoE to Dynamic,
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to include the following lines:
BOOTPROTO=dhcp
ONBOOT=yes
[ Note that all caps must be used for each word that precedes an equals sign above (e.g., BOOTPROTO) ]
Bring PPPoE down and bring eth0 up:
[root@localhost root]# ifconfig ppp0 down
[root@localhost root]# ifdown pp0
[root@localhost root]# ifconfig eth0 up
[root@localhost root]# ifup eth0
Check that you can ping the outside world.

4. Static to Dynamic
If you are changing the Hotspot Server connection from Static to Dynamic,
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to include the following lines:
BOOTPROTO=dhcp
ONBOOT=yes
[ Note that all caps must be used for each word that precedes an equals sign above (e.g., BOOTPROTO) ]

VIII. Basic Troubleshooting


1. The first line of troubleshooting is to restart the networking service:
[root@localhost root]# service network restart
then restart the dhcpd service:
[root@localhost root]# service dhcpd restart

2. At this point you should be able to get captured from your wireless client, login, and go to the internet.

3. Reboot the Hotspot Server and the Access Point

4. Reboot the upstream cable modem / DSL modem / router
Posted by at No comments:

Monday, February 12, 2007

Update IOS Switch

Buat admin yang (mungkin) terkena amnesia mendadak dan tiba2 lupa password switch catalystnya , bisa mencoba metode ini untuk merecovery password. pengalaman pribadi nih :P. udah coba dioprek di Catalyst 2950 & 2960 ,dan menurut white papper juga berlaku untuk switch seri 35xx keatas

buat yang mo nyoba, ga disaranin dicoba di switch yang masih operasional, kalo ada apa-apa dipecat gw ngga tanggung jawab

pertama-tama tentunya harus punya akses fisik ke switch yang mau direcovery. Nah untuk langkah awal kita coba grepe2 badan switch kita ini dulu :D, biasanya selain button power ada satu button lagi yang labelnya MODE. ok kalo udah ketemu jangan dipencet dulu.. idupin switchnya dulu ( ya iya lah.. :P) tapi jangan kelamaan, pas proses start-up cepet2 pencet tombol MODE hingga tampilannya berubah kaya gini :

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

flash_init
load_helper
boot

nah trus tungguin sampe keluar prompt kaya gini neh :

Switch:

setelah itu masukin perintah :

Switch: load_helper

Load_helper — Load and initialize a helper image
klo kata systemnya sih fungsinya itu….. buat nambah2in perintah yg di hidden.
ok, lanjut masukin perintah ini :

Switch: flash_init
Initializing Flash…
flashfs[0]: 18 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 3966464
flashfs[0]: Bytes available: 3774976
flashfs[0]: flashfs fsck took 7 seconds.
…done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4

fungsinya adalah untuk inisialisasi flash system image yg ada pada switch.
Setelah itu kita bisa mengecek isi dari switch ini dengan menggunakan perintah “dir”
contoh:

switch: dir

List of filesystems currently registered:

flash[0]: (read-write)
xmodem[1]: (read-only)
null[2]: (read-write)
bs[3]: (read-only)

silahkan jalan2 & liat2 jeroan nih switch sekarang :), tapi inget.. tujuan kita adalah mereset password switch yang dilupain ama admin nyah okeh.. hm.. dari list diatas itu ada folder2 yg ada di dalem switch, mari kita intip isi flash nya

switch: dir flash:
Directory of flash:/

2 -rwx 2664051 c2950-i6q4l2-mz.121-11.EA1.bin
3 -rwx 269 env_vars
4 -rwx 2296 vlan.dat
5 -rwx 3441 config.text
6 -rwx 5 private-config.text
7 drwx 704 html
19 -rwx 109 info
20 -rwx 109 info.ver

3774976 bytes available (3966464 bytes used)


oke, gw review dikit beberapa file diatas yang menarik :

c2950-i6q4l2-mz.121-11.EA1.bin <—- ini cisco IOS nya vlan.dat <—- file konfigurasi vlan neeh… config.text <—- file konfigurasi switch, alias startup-config nyah nah.. , kepikiran sesuatu ngga :D, klo kita bisa edit file config.text yang mana adalah akan diload waktu switch booting. kita bisa memanipulasi tuh enable secret , that’s how it works okeh, kita langsung ke serangan utama (weleh kayak mo ngapain aja, ) rename file config.text menjadi config.text.lama , caranya adalah sebagai berikut : switch: rename flash: config.text flash: config.text.lama kemudian kita cek hasil nya : switch: dir flash: Directory of flash:/ 2 -rwx 2664051 c2950-i6q4l2-mz.121-11.EA1.bin
3 -rwx 269 env_vars
4 -rwx 2296 vlan.dat
5 -rwx 3441 config.text.lama
6 -rwx 5 private-config.text
7 drwx 704 html
19 -rwx 109 info
20 -rwx 109 info.ver

3774976 bytes available (3966464 bytes used)
switch:

nah sekarang nama filenya udah berubah , sekarang reboot switchnya dengan perintah :

switch: boot

setelah kita eksekusi maka akan keluar seperti:

File “flash:/c2950-i6q4l2-mz.121-11.EA1.bin” uncompressed and installed, entry point: 0×80010000
executing…

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(11)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 28-Aug-02 10:25 by antonino
Image text-base: 0×80010000, data-base: 0×80528000

Initializing flashfs…
flashfs[1]: 18 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 3966464
flashfs[1]: Bytes available: 3774976
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
Done initializing flashfs.
POST: System Board Test : Passed
POST: Ethernet Controller Test : Passed
ASIC Initialization Passed

POST: FRONT-END LOOPBACK TEST : Passed
cisco WS-C2950-24 (RC32300) processor (revision G0) with 20402K bytes of memory.
Processor board ID FOC0652Y1DH
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0B:BE:DE:C2:40
Motherboard assembly number: 73-5781-11
Power supply part number: 34-0965-01
Motherboard serial number: FOC06520A0V
Power supply serial number: PHI06470GKF
Model revision number: G0
Motherboard revision number: A0
Model number: WS-C2950-24
System serial number: FOC0652Y1DH

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]:


well.. lihat apa yang kita lakukan…, kayak switch baru kan
okeh ke langkah selanjutnya dulu.. pilih no untuk membypass initial configuration
langkah berikutnya :

Switch>en
Switch#dir
Directory of flash:/

2 -rwx 2664051 Mar 01 1993 00:03:22 c2950-i6q4l2-mz.121-11.EA1.bin
3 -rwx 269 Jan 01 1970 00:01:24 env_vars
4 -rwx 2296 Mar 28 1993 22:10:35 vlan.dat
5 -rwx 3441 Mar 08 1993 22:54:27 config.text.lama
6 -rwx 5 Mar 08 1993 22:54:27 private-config.text
7 drwx 704 Mar 01 1993 00:03:59 html
19 -rwx 109 Mar 01 1993 00:04:01 info
20 -rwx 109 Mar 01 1993 00:04:01 info.ver

7741440 bytes total (3774976 bytes free)
Switch#rename flash:config.text.lama flash:config.text
Destination filename [config.text]?

maksud perintah ini adalah mengganti file config.text (yang masih polosan) dengan file config.text.lama (config yang asli) sehingga settingan2 kita yang lama tetep muncul. Kecuali kalo emang niat diilangin sekalian :P, okeh..

untuk memasukkan configurasi lama kedalam running config, cukup dengan perintah :

Switch# copy flash: config.text system: running-config
Source filename [config.text]?
Destination filename [running-config]?

yup, anda sudah kembali kawan

SwitchPuntodewo#

sekarang enaknya ngapain ya…, hehe. ya jelas.. kita ubah enable secret nyaa… hehe…

SwitchPuntodewo# configure terminal
SwitchPuntodewo (config)# enable secret khayangan
SwitchPuntodewo (config)# exit
SwitchPuntodewo# write memory
Building configuration…
[OK]

yup, silahkan letakkan kembali switch anda ditempat yang terlihat manis..
dan lanjutkan maen game online lagi heheh…
Posted by at No comments:

Saturday, February 10, 2007

Recovering IOS from ROMMON via TFTP

This information is here primarily for my reference at customer sites; for some odd reason, I seem to be recovering IOS images through ROMMON quite a bit lately. These are the minimum fields to get this going through TFTP rather than XModem.

rommon 1 > IP_ADDRESS=192.168.1.100
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.50
rommon 5 > TFTP_FILE=c2600-adventerprisek9-mz.124-5a.bin
rommon 6 > tftpdnld (this command kicks off the tftp download)
Posted by at No comments:
Subscribe to: Posts (Atom)