Learning All About Router

There are five passwords used to secure your Cisco routers: console, auxiliary, telnet (VTY),enable password, and enable secret. Just as you learned earlier in the chapter, the first two passwords are used to set your enable password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed either through the console port, through the auxiliary port, or via Telnet.

Cisco Router Auxiliary Password Setup

To configure the auxiliary password, go into global configuration mode and type line aux ?.You can see here that you only get a choice of 0–0 (that’s because there’s only one port)

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password admin

It’s important to remember the login command, or the auxiliary port won’t prompt for authentication.Now watch what happens when you try to set the Aux on the “newer” IOS that Cisco has released

2600A#config t
Enter configuration commands, one per line. End with CNTL/Z.
2600A(config)#line aux 0
2600A(config-line)#login
% Login disabled on line 65, until ‘password’ is set
2600A(config-line)#

Cisco has begun this process of not letting you set the “login” command before a password is set on a line because if you set the login command under a line, and then don’t set a password, the line won’t be usable. And it will prompt for a password that doesn’t exist. So this is a good thing—a feature, not a hassle!

Cisco Router Console Password Setup

To set the console password, use the line console 0 command. But look at what happened when I tried to type line console 0 ? from the aux line configuration—you should received an error.You can still type line console 0 and it will accept it, but the help screens just don’t work from that prompt. Type exit to get back one level and you’ll find that your help screens now work. This is a “feature.” Really.

Example

Router(config-line)#line console ?
% Unrecognized command
Router(config-line)#exit
Router(config)#line console ?
<0-0> First Line number
Router(config)#line console 0
Router(config-line)# password admin1
Router(config-line)# login

Since there’s only one console port, you can only choose line console 0. You can set all your line passwords to the same password, but for security reasons, I’d recommend that you make them different.

There are a few other important commands to know for the console port.

For one, the exec-timeout 0 0 command sets the timeout for the console EXEC session to zero, which basically means to never time out. The default timeout is 10 minutes. (If you’re feeling mischievous, try this on people at work: Set it to 0 1. That will make the console time out in 1 second! And to fix it, you have to continually press the Down arrow key while changing the timeout time with your free hand!)

logging synchronous is a very cool command, and it should be a default command, but it’s not. It stops annoying console messages from popping up and disrupting the input you’re trying to type. The messages still pop up, but you are returned to your router prompt without your input interrupted. This makes your input messages oh-so-much easier to read.

Here’s an example of how to configure both commands

Router(config)#line con 0
Router(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
Router(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds

Router(config-line)#exec-timeout 0 0
Router(config-line)#logging synchronous

Cisco Router Telnet Password Setup

To set the user-mode password for Telnet access into the router, use the line vty command. Routers that aren’t running the Enterprise edition of the Cisco IOS default to five VTY lines, 0 through 4. But if you have the Enterprise edition, you’ll have significantly more. The best way to find out how many lines you have is to use that question mark

Router(config-line)#line vty 0 ?
<1-4> Last Line Number

Router(config-line)#line vty 0 4
Router(config-line)# password admin2
Router(config-line)# login

You may or may not have to set the login command before the password on the VTY lines—depends on the IOS version. The result is the same either way.

So what will happen if you try to telnet into a router that doesn’t have a VTY password set? You’ll receive an error stating that the connection is refused because, well, the password isn’t set. So, if you telnet into a router and receive this message

Router#telnet SFRouter
Trying SFRouter (10.0.0.1)…Open
Password required, but none set
[Connection to SFRouter closed by foreign host]
Router#

then the remote router (SFRouter in this example) does not have the VTY (telnet) password set. But you can get around this and tell the router to allow Telnet connections without a password by using the no login command

Router(config-line)#line vty 0 4
Router(config-line)#no login

After your routers are configured with an IP address, you can use the Telnet program to configure and check your routers instead of having to use a console cable. You can use the Telnet program by typing telnet from any command prompt (DOS or Cisco).

Theory
From wiki.mikrotik.com

Structure

Hierarchical Token Bucket (HTB) allows to create a hierarchical queue structure and determine relations between queues, like “parent-child” or “child-child”.

As soon as queue has at least one child it becomes a inner queue, all queues without children - leaf queues. Leaf queues make actual traffic consumption, Inner queues are responsible only for traffic distribution. All leaf queues are treated on equal basis.

In RouterOS it is necessary to specify parent option to assign queue as a child to other queue

Dual Limitation

Each queue in HTB has two rate limits:

• CIR (Committed Information Rate) – (limit-at in RouterOS) worst case scenario, flow will get this amount of traffic no matter what (assuming we can actually send so much data)
• MIR (Maximal Information Rate) – (max-limit in RouterOS) best case scenario, rate that flow can get up to, if there queue’s parent has spare bandwidth

In another words, at first limit-at (CIR) of the all queues will be satisfied, only then child queues will try to borrow the necessary data rate from their parents in order to reach their max-limit (MIR).

Note: CIR will be assigned to the corresponding queue no matter what. (even if max-limit of the parent is exceeded)

That is why, to ensure optimal (as designed) usage of dual limitation feature, we suggest to stick to these rules:

• Sum of committed rates of all children must be less or equal to amount of traffic that is available to parent.

CIR(parent)* ≥ CIR(child1) +…+ CIR(childN)

*in case if parent is main parent CIR(parent)=MIR(parent)

• Maximal rate of any child must be less or equal to maximal rate of the parent

MIR (parent) ≥ MIR(child1) & MIR (parent) ≥ MIR(child2) & … & MIR (parent) ≥ MIR(childN)

Queue colors in Winbox:

• 0% - 50% available traffic used - green
• 51% - 75% available traffic used - yellow
• 76% - 100% available traffic used - red

Priority

We already know that limit-at (CIR) to all queues will be given out no matter what.

Priority is responsible for distribution of remaining parent queues traffic to child queues so that they are able to reach max-limit

Queue with higher priority will reach its max-limit before the queue with lower priority. 8 is the lowest priority, 1 is the highest.

Make a note that priority only works:

• for leaf queues - priority in inner queue have no meaning.
• if max-limit is specified (not 0)

Examples

In this section we will analyze HTB in action. To do that we will take one HTB structure and will try to cover all the possible situations and features, by changing the amount of incoming traffic that HTB have to recycle. and changing some options.

Structure

Our HTB structure will consist of 5 queues:

• Queue01 inner queue with two children - Queue02 and Queue03
• Queue02 inner queue with two children - Queue04 and Queue05
• Queue03 leaf queue
• Queue04 leaf queue
• Queue05 leaf queue

Queue03, Queue04 and Queue05 are clients who require 10Mbps all the time Outgoing interface is able to handle 10Mbps of traffic.

Example 1 : Usual case

• Queue01 limit-at=0Mbps max-limit=10Mbps
• Queue02 limit-at=4Mbps max-limit=10Mbps
• Queue03 limit-at=6Mbps max-limit=10Mbps priority=1
• Queue04 limit-at=2Mbps max-limit=10Mbps priority=3
• Queue05 limit-at=2Mbps max-limit=10Mbps priority=5

Result of Example 1

• Queue03 will receive 6Mbps
• Queue04 will receive 2Mbps
• Queue05 will receive 2Mbps
• Clarification: HTB was build in a way, that, by satisfying all limit-ats, main queue no longer have throughput to distribute

Example 2 : Usual case with max-limit

• Queue01 limit-at=0Mbps max-limit=10Mbps
• Queue02 limit-at=4Mbps max-limit=10Mbps
• Queue03 limit-at=2Mbps max-limit=10Mbps priority=3
• Queue04 limit-at=2Mbps max-limit=10Mbps priority=1
• Queue05 limit-at=2Mbps max-limit=10Mbps priority=5

Result of Example 2

• Queue03 will receive 2Mbps
• Queue04 will receive 6Mbps
• Queue05 will receive 2Mbps
• Clarification: After satisfying all limit-ats HTB will give throughput to queue with highest priority.

Example 3 : Inner queue limit-at

• Queue01 limit-at=0Mbps max-limit=10Mbps
• Queue02 limit-at=8Mbps max-limit=10Mbps
• Queue03 limit-at=2Mbps max-limit=10Mbps priority=1
• Queue04 limit-at=2Mbps max-limit=10Mbps priority=3
• Queue05 limit-at=2Mbps max-limit=10Mbps priority=5

Result of Example 3

• Queue03 will receive 2Mbps
• Queue04 will receive 6Mbps
• Queue05 will receive 2Mbps
• Clarification: After satisfying all limit-ats HTB will give throughput to queue with highest priority. But in this case inner queue Queue02 had limit-at specified, by doing so, it reserved 8Mbps of throughput for queues Queue04 and Queue05. From these two Queue04 have highest priority, that is why it gets additional throughput.

Example 4 : Leaf queue limit-at

• Queue01 limit-at=0Mbps max-limit=10Mbps
• Queue02 limit-at=4Mbps max-limit=10Mbps
• Queue03 limit-at=6Mbps max-limit=10Mbps priority=1
• Queue04 limit-at=2Mbps max-limit=10Mbps priority=3
• Queue05 limit-at=12Mbps max-limit=15Mbps priority=5

Result of Example 4

• Queue03 will receive ~3Mbps
• Queue04 will receive ~1Mbps
• Queue05 will receive ~6Mbps
• Clarification: Only by satisfying all limit-ats HTB was forced to allocate 20Mbps - 6Mbps to Queue03, 2Mbps to Queue04, 12Mbps to Queue05, but our output interface is able to handle 10Mbps. As output interface queue is usually FIFO throughput allocation will keep ratio 6:2:12 or 3:1:6

Error 678

Follow this steps :

Step 1: Turn On Modem ADSL

1.See adsl modem ON (Not blinking) before you dial

Step 2 : Reset winsock TCP/IP

1.Click start -> Click Run -> tipe netsh winsock reset and than enter

2.When command prompt window up again, restart computer

3.Try ping to Modem and Try connection diaol again.

Step 3: setting Modem adsl

1.Login to Gateway Modem via Browser exp: 192.168.1.1

Pic : VPI : 8 / VCI : 81 (for Bandung)

- Encapsulation : LLC

- Type Koneksi : Bridge

2 . If Not Work try to Reset you Modem and setting adsl Ruter again.

ERROR 769

Chek LAN computer:

1. Click start menu

2. Click Control Panel

3. Click Network Connection

1. Click Local Area Connection
2. - -> Click Right and than ENABLE.

Error 619/691 Dial Broadband

remplaza_fecha(’8:41 AM’);

ERROR 619/691

Try Create New Connection at computer :

1.Click start menu

2.Click Control Panel

3.Click Network Connection

4. Click ‘create a new connectio ->NEXT

5. Clcik connect to the internet àNEXT

6.Click setup my connection manually ->NEXT

7. Click connect using a broadband connection that requires a username and password -> NEXT

8.ISP Name:speedy -> NEXT

9.Username:1311XXXXXX@telkom.net

Password:XXXXXXX -> NEXT

10.Check list Add a shortcut to this connection to my dekstop.

11.Click Finish.

12.Click icon speedy at dekstop13.Click connect

This can be resolved by following these steps:

· Restart your computer and wait until all applications have completely loaded before trying to reconnect.
· If your problem has still not been resolved uninstall and reinstall your Broadband modem. For information on how to do this please refer to the ADSL modem setup instructions or the installation cd that was provided with your modem

Usually this is a one-off glitch which happens when the Connection Progress is interrupted by the user or another program on the PC. In order to resolve this:

· Restart your computer and wait until all applications have completely loaded before trying to reconnect.

This error can be best remedied by: · A restart of your computer tends to resolve 50% of cases with this error message · Disable any Firewall Software and try to connect again… · Try uninstalling and reinstalling the Modem. For information on how to do this please refer to the ADSL modem setup instructions or the installation cd that was provided with your modem.

Error 645 - Internal Authentication Error

This problem tends to occur when using Windows 98 or Windows ME. This can be resolved by following these steps:

· Try uninstalling and reinstalling the Modem. For information on how to do this please refer to the ADSL modem setup instructions or the installation cd that was provided with your modem.

· Windows 95/98 - This error can occur if the ‘Require encrypted password’ option is enabled on the ‘Server Types’ tab in the connection’s properties, or an incorrect user name or password have been entered. See MS KB Article Q199780

· All versions of Windows - This error can occur if you are attempting to connect to a Windows 2000 domain that has had a RRAS (Routing and Remote Access Services) server log on without administrative privileges. See MS KB Article 227747

Error 651 - Your modem has reported an error

remplaza_fecha(’3:15 PM’);

This error usually occurs with Windows 2000 when the Internet connection has become corrupted. This can be resolved by following these steps:

· Try uninstalling and reinstalling the Modem. For information on how to do this please refer to the ADSL modem setup instructions or the installation cd that was provided with your modem.

Error 680 - No dial tone

remplaza_fecha(’3:19 PM’);

This error usually means there is a problem receiving the Broadband signal at your modem. An error 680 / 619 would usually also mean you do not have a solid green ADSL light on the modem. This can be resolved by following these steps:

Ensure you have checked the following:
· Does your telephone Work? (if not you may have a fault with your telephone line)
· Is the cable from the modem to the filter secure at each end?
· Are you using a home-made extension line? Broadband requires a solid copper (round) extension.

Error 680 and both modem lights are solid green
If the modem installation seems successful and you have two solid green lights on your modem but are still receiving the error message- 680: No dial tone, then:
· If you have an internal 56k modem please disable the modem as follows
o Right click on the My Computer Icon on your desktop and then select Properties
o If you have a Device Manager tab along the top select this, otherwise select the Hardware tab along the top and then click on the Device Manager button
o In the Device Manager click on the + sign on the Modem selection and then…
o Identify and right click your modem icon and select Disable / Properties and then Disable in this Hardware Profile
o After you have completed this, close down the Device Manager and then restart your computer and try to reconnect to the Broadband connection.

This can be resolved by following these steps: · Restart your computer and wait until all applications have completely loaded before trying to reconnect. If your problem has still not been resolved uninstall and reinstall your Broadband modem. For information on how to do this please refer to the ADSL modem setup instructions or the installation cd that was provided with your modem

PC / Computer / Laptop Harus selalu di update antivirsu dan di scan • Cek computer from virus and spyware (with installing at computer).• example Antivirus software :– Avg free antivirus : http://free.grisoft.com– Avira antivirus : http://www.avira.com– Avast Antivirus : http://www.avast.com• Example AntiSpyware Software :– Microsoft Antispyware : http://www.Microsoft.com/OneCare– Spyware Doctor : http://www.pctools.com/spyware-doctor– Ad-aware : http://www.lavasoftusa.com• Diatas adalah beberapa Link antivirus yang bisa anda gunakan

ROUTER COMMANDS

TERMINAL CONTROLS:

· Config# terminal editing - allows for enhanced editing commands

· Config# terminal monitor - shows output on telnet session

· Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks

HOST NAME:

· Config# hostname ROUTER_NAME

BANNER:

· Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message