LAMPIRAN. A summary of U.S. laws governing Cisco cryptographic products may be found at:

LAMPIRAN

Upgrade Cisco Router 2600 IOS Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ TYPE 00036C 0X000BA600 C2620XM Single Fast Ethernet 0X000F3BB0 public buffer pools 0X00211000 public particle pools TOTAL: 0X003BF1B0 If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 4Mb. Using 4 percent iomem. [4Mb/96Mb] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-JK8S-M), Version 12.2(21a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Fri 09-Jan-04 19:40 by kellmill Image text-base: 0x8000808C, data-base: 0x815C14B8

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. cisco 2620XM (MPC860P) processor (revision 0x200) with 94208K/4096K bytes of memory. Processor board ID JAE08083BU0 (699655913)

L 1

M860 processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 32768K bytes of processor board System flash (Read/Write)

--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: % Please answer 'yes' or 'no'. Would you like to enter the initial configuration dialog? [yes/no]: no Would you like to terminate autoinstall? [yes]:

Press RETURN to get started!

00:00:11: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 00:00:11: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down 00:00:11: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down 00:00:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down 00:00:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down 00:00:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down 00:00:40: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down 00:00:40: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down 00:00:40: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down 00:00:42: %IP-5-WEBINST_KILL: Terminating DNS process 00:00:43: %SYS-5-RESTART: System restarted -Cisco Internetwork Operating System Software Router>) C2600 Software (C2600-JK8S-M), Version 12.2(21a), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Fri 09-Jan-04 19:40 by kellmill 00:00:43: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start Router>ena Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int fa0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shut 00:01:27: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Router(config-if)#^Z Router#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms Router#show flash System flash directory: File Length Name/status 1 12834112 c2600-jk8s-mz.122-21a.bin [12834176 bytes used, 20720256 available, 33554432 total] 32768K bytes of processor board System flash (Read/Write) Router#copy tftp flash

L 2

Address or name of remote host []? 192.168.1.2 Source filename []? c2600-adventerprisek9-mz.123-11.T7.bin Destination filename [c2600-adventerprisek9-mz.123-11.T7.bin]? Accessing tftp://192.168.1.2/c2600-adventerprisek9-mz.123-11.T7.bin... Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files! Continue? [confirm] Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedee Erase of flash: complete Loading c2600-adventerprisek9-mz.123-11.T7.bin from 192.168.1.2 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 27544560 bytes] Verifying checksum... OK (0x60B1) 27544560 bytes copied in 225.964 secs (121898 bytes/sec) Router#show flash System flash directory: File Length Name/status 1 27544560 c2600-adventerprisek9-mz.123-11.T7.bin [27544624 bytes used, 5485520 available, 33030144 total] 32768K bytes of processor board System flash (Read/Write) Router#reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm]

L 3

Instalasi Linux RedHat 9 System Installer yang digunakan oleh Linux disebut dengan Anaconda dan instalasi Linux Red Hat tidak sesulit yang dibayangkan, yang diperlukan adalah ketelitian dalam membaca seluruh keterangan yang ada pada saat instalasi. Pada saat instalasi usahakan tidak melewatkan keterangan yang biasanya berupa halaman kecil yang disebut On-line Help, keterangan ini berisi detail tentang tahap yang sedang ditampilkan pada layar. Satu hal yang sangat penting dalam instalasi adalah pengetahuan mengenai perangkat keras yang dimiliki dan digunakan pada saat instalasi. Hal - hal yang mungkin bisa dijadikan pertimbangan, sehubungan dengan perangkat keras antara lain: 1. Jumlah hard disk yang dimiliki. 2. Ukuran masing – masing hard disk. 3. Hard disk yang menjadi primary. 4. Besar RAM yang dimiliki. Jika menggunakan CD-ROM, perhatikan tipe interface yang dimiliki. Jika memiliki SCSI adapter, perhatikan produsen dan tipe dari adapter tersebut. Jika memiliki mouse, perhatikan jenis, jumlah tombol, dan

interface yang digunakan (PS/2 atau

serial). 5. Video card yang digunakan, tipe, jenis dan jumlah memori yang dimiliki harus diperhatikan. 6. Monitor yang digunakan, perhatikan tipe, jenis, termasuk jangkauan horizontal dan vertikal yang mampu dicapai oleh monitor (untuk mencegah kerusakan). 7. Jika menggunakan jaringan, perhatikan: a. NIC b. IP address c. Netmask d. Gateway address e. DNS server f. Domain name dari komputer yang akan diinstal Linux g. Hostname dari komputer yang akan diinstal Linux

L 4

h. OS lain yang ada pada komputer, jenisnya dan mana yang akan menjadi default boot OS. i. Boot loader yang digunakan. Linux Red Hat dapat diinstal melalui media: ƒ

CD-ROM Media ini merupakan media yang paling umum digunakan dan biasanya sudah bootable, sehingga tidak perlu untuk membuat boot-disk tambahan.

ƒ

Hard Disk Bila pengguna tidak memiliki CD-ROM atau ingin instalasi yang lebih cepat, maka dapat memanfaatkan hard disk yang dimiliki. Sumber Linux harus dikopi ke dalam hard disk, lalu membuat boot-disk yang memuat Image Installer hard disk dan harus bootable.

ƒ

Jaringan Instalasi juga dimungkinkan melalui jaringan. Pengguna tidak perlu direpotkan untuk pengkopian sumber Linux, tinggal membuat boot-disk berisi Kernel yang mendukung jaringan TCP/IP. Hanya saja instalasi melalui jaringan akan berlangsung lama, karena keterbatasan kecepatan dan Bandwidth pada jaringan.

Notasi harddisk pada Linux Harddisk dapat ditempakan sebagai primary master, primary slave, secondary master, secondary slave (penempatan ini dapat dilihat pada saat pertama kali komputer dihidupkan). Pada Linux penempatan seperti ini ditandai dengan notasi abjad, yaitu a, b, c, d. •

Primary Master

Îa

•

Primary Slave

Îb

•

Secondary Master Î c

•

Secondary Slave Î d Untuk jenis harddisk, IDE diwakilkan dengan /dev/hdx , sementara untuk jenis

SCSI dikenal dengan /dev/sdx Contoh :

L 5

•

Harddisk IDE pada primary master dikenal dengan /dev/hda

•

Harddik IDE pada secondary slave dikenal dengan /dev/hdd

•

Harddik SCSI pada secondary slave dikenal dengan /dev/sdd

Untuk dapat melakukan instalasi Linux kita memerlukan dua jenis partisi Linux, yaitu Linux Native dan juga Linux Swap. Linux Native adalah jenis partisi dimana semua sistem akan dijalankan, sementara Linux Swap digunakan untuk tempat swap memory atau tempat virtual memory. Besar Linux Swap yang disarankan adalah 2x nilai memori fisik (RAM). Keunggulan dari partisi Linux, ext2fs, adalah mendukung panjang nama file sampai dengan 256 karakter, dan juga besar file hingga 4 terrabytes. Instalasi Melalui CD-ROM Langkah – langkah instalasi Linux Red Hat adalah sebagai berikut: 1.

Boot dari CD-ROM, jika tidak Bootable, maka buatlah Boot-disk

Layar pertama instalasi

L 6

2.

Setelah berhasil Boot, maka akan tampil layar utama. Ada beberapa tombol yang dapat membantu menunjukkan keterangan tentang Installer Boot, antara lain: ƒ

F1: Layar utama

ƒ

F2: Keterangan mengenai Option-Option yang ada pada Installer Boot.

ƒ

F3: Keterangan singkat mengenai Installer Boot.

ƒ

F4: Keterangan singkat mengenai Kernel pada Installer Boot.

ƒ

F5: Rescue Mode, digunakan jika sistem tidak dapat Boot secara benar.

ƒ

Enter: Menggunakan Installer Boot secara default.

3.

Tes CD Installer, apakah baik atau tidak.

4.

Pilih bahasa yang akan digunakan pada saat instalasi.

5.

Pilih Keyboard yang digunakan pada saat instalasi.

6.

Pilih Mouse yang digunakan pada saat instalasi.

7.

Pilih tipe instalasi yang akan digunakan. Tipe instalasi dibagi menjadi 2 bagian: a.

Instalasi sistem Tipe ini digunakan jika di dalam PC belum ada Linux Red Hat yang ter-Install. Dibagi menjadi: ‰

Personal Desktop

:

Instalasi

yang

ditujukan

untuk

pengguna

rumahan (Home User) atau pengguna biasa. Desktop Environment berupa Graphic. ‰

Workstation

: Instalasi yang dilengkapi dengan tools-tools untuk

pengembangan perangkat lunak

dan administrasi sistem linux. Desktop

Environment berupa Graphic. ‰

Server

: Instalasi

yang ditujukan untuk membuat sistem PC

sebagai suatu atau beberapa jenis Server (File server, Print server, Web server, dsb). Desktop Environment dapat berupa Graphic dan Text. ‰

Custom

: Bagian yang akan diinstall dapat dipilih sesuai keperluan.

L 7

Pilihan tipe instalasi

b.

Upgrade Pada bagian ini, Linux tidak akan diinstal kembali, hanya meng-upgrade, mengubah atau menambah beberapa bagian saja.

8.

Membuat, memilih, menentukan tipe partisi dan menentukan Mount Point. Pada bagian ini, Hard Disk dapat dipartisi dengan cara: a. Otomatis : Sistem Installer akan mencek Hard Disk dan menentukan ukuran dan jumlah partisi yang ideal untuk instalasi dan Operasi Red Hat. b. Disk Druid : Sistem pemartisi yang Customisable dan cukup User Friendly. c. Fdisk : Sistem pemartisi yang agak sulit dan butuh pengetahuan tingkat lanjut.

L 8

Partisi minimal yang harus dibuat pada sistem Linux

9.

Pilih Boot Loader yang akan digunakan (LILO atau GRUB). Untuk mengubah Boot Loader yang akan digunakan, klik pada bagian “Change Boot Loader”. Tabel yang ada menunjukkan konfigurasi Boot Loader saat ini. Tanda check (3) menunjukan OS mana yang default. Boot Loader juga dapat diberi Password untuk mencegah user mengubah Option yang ada. Jika bagian “Configure Advanced Boot Loader Options” di-check, maka setelah “Next“ di-klik akan memasuki bagian Option Boot Loader yang lebih lanjut dimana terdapat pilihan untuk: ƒ

Memilih di bagian mana Boot Loader akan diinstal.

ƒ

Mengubah urutan Hard Disk. tempat Boot Loader diinstal (jika memiliki lebih dari 1 Hard Disk).

10.

ƒ

Memaksakan Mode LBA-32 pada Hard Disk.

ƒ

Menambahkan parameter-parameter Kernel.

Konfigurasi Jaringan Pada bagian ini akan ditentukan konfigurasi dari NIC yang dimiliki.

11.

Konfigurasi Firewall Bagian ini akan menentukan konfigurasi dari firewall yang akan diinstal. L 9

12.

Memilih bahasa yang akan diinstal dan digunakan oleh sistem.

13.

Memilih zona waktu pengguna.

14.

Set Password Root.

15.

Sistem mendeteksi konfigurasi partisi Swap yang terdahulu, jika ukuran Swap kurang cukup (minimal 1,5x jumlah RAM), maka sistem akan meminta untuk Upgrade partisi Swap.

16.

Upgrade konfigurasi Boot Loader Sistem akan mendeteksi Boot Loader yang sedang digunakan, lalu pengguna akan ditanya apakah ingin mengubah konfigurasi Boot Loadernya atau tidak.

17.

Memilih package apa saja yang akan diinstal (jika memilih tipe Custom).

18.

Package akan diinstal, sistem akan meminta pergantian CD-ROM jika data tidak berada di CD-ROM-1.

Proses instalasi

19.

Reboot

L 10

Konfigurasi IP pada NIC

Untuk melihat konfigurasi IP yang aktif, dapat menggunakan perintah #ifconfig: Sintaks: #ifconfig [option]

Konfigurasi IP dapat dilakukan dengan 2 cara: 1.

Sementara Artinya, IP hanya berlaku selama sistem tidak di-reboot, pindah run-level, me restart NIC. Cara ini dilakukan dengan menggunakan perintah #ifconfig: Sintaks : #ifconfig interface ip-address netmask netmask Contoh : #ifconfig eth0 10.10.10.10 netmask 255.255.255.0

2.

Permanen Artinya, IP tetap berlaku, meskipun sistem telah di-reboot, pindah run-level, merestart NIC. Walauupun IP telah diganti dengan menggunakan perintah #ifconfig, bila 3 kondisi di atas dijalankan, maka IP akan kembali seperti yang terdapat pada file: /etc/sysconfig/network-scripts/ifcfg-eth0.

L 11

Apabila file ini diubah, maka untuk membuat konfigurasi tersebut aktif, sistem harus berada pada tiga kondisi, yaitu: 1. Reboot 2. Pindah run-level 3. Restart NIC

Untuk me-restart NIC, dapat menggunakan perintah: #/etc/rc[runlevel].d/S10network restart Contoh, bila dijalankan dari run-level 3:

Adapun cara untuk mengganti IP menggunakan GUI (X-Windows): Start (topi merah) Î settings Î network

L 12

Konfigurasi access point Langkah yang harus dilakukan untuk mengkonfigurasi access point adalah sebagai berikut : a. Buka web browser. b. Masukkan IP access point ke address bar pada web browser. (default IP access point dapat dilihat dari buku petunjuk yang disertakan dalam paket penjualan perangkat). c. Login ke perangkat Access Point. d. Konfigurasi SSID. e. Konfigurasi channel. f. Disable semua konfigurasi wireless security. g. Konfigurasi IP Access Point.

Konfigurasi router Langkah yang harus dilakukan untuk mengkonfigurasi router adalah sebagai berikut: a. Pastikan koneksi fisik antara COM Port pada PC dengan console port pada router. b. Jalankan terminal emulation software sebagai contoh: HyperTerminal atau SecureCRT. c. Pada SecureCRT tentukan protocol, port, baud rate, data bits, parity, stop bits.

L 13

SecureCRT

d. Tekan tombol Connect e. Apabila setting parameter sudah benar maka akan muncul CLI router.

Konfigurasi switch

Untuk mengaktifkan spanning-tree portfast digunakan perintah: Switch(config-if)# spanning-tree portfast

Selain itu switch juga melakukan segmentasi dengan menggunakan teknologi Virtual LAN (VLAN). Konfigurasi VLAN: Switch# vlan database Switch(vlan)# vlan 2

L 14

Switch(vlan)# exit Switch# configure terminal Switch(config)# interface range fa0/9 – 24 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch# show vlan

VLAN Name

Status

Ports

---- -------------------------------- --------- ------------------------------1

default

active

Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8

2

VLAN0002

active

Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24

1002 fddi-default

act/unsup

1003 token-ring-default

act/unsup

1004 fddinet-default

act/unsup

1005 trnet-default

act/unsup

VLAN Type

SAID

MTU

Parent RingNo BridgeNo Stp

BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----1

enet

100001

1500

-

-

-

-

-

0

0

2

enet

100002

1500

-

-

-

-

-

0

0

1002 fddi

101002

1500

-

-

-

-

-

0

0

1003 tr

101003

1500

-

-

-

-

-

0

0

1004 fdnet 101004

1500

-

-

-

ieee -

0

0

1005 trnet 101005

1500

-

-

-

ibm

0

0

L 15

-

Konfigurasi dynamics-0.8.1 Mobile IP Client Software di PC Linux

Instalasi dan proses compile Langkah yang harus dilakukan untuk menambahkan mobile ip client software ke dalam Linux OS adalah sebagai berikut: a.

Unpack paket dynamics ke suatu direktori dan berpindahlah ke direktori tersebut (tar -xvzf dynamics-?.?.tar.gz ; cd dynamics-?.?).

b.

Jalankan ‘./configure’ yang akan mengecek apakah program dapat dicompile ke dalam sistem yang ada dan mencari path semua file yang dibutuhkan.

c.

Jalankan ‘make’ untuk compile program.

d.

Jalankan ‘make install’ untuk instalasi program.

Mobile IP Component Configuration

Intermediate System Configuration ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname IS ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ! ! ! ! ip cef ip ips po max-events 100 no aaa new-model

L 16

no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface FastEthernet0/0 description Interface menuju CN ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0 description Interface menuju HA ip address 192.168.1.1 255.255.255.0 no fair-queue ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 description Interface menuju FA1 ip address 192.168.3.1 255.255.255.0 clockrate 56000 ! interface Serial0/2 description Interface menuju FA2 ip address 192.168.4.1 255.255.255.0 clockrate 56000 ! interface Serial0/3 no ip address ! router ospf 1 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 1 ! ip classless ! ! ip http server no ip http secure-server !

L 17

! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

L 18

Correspondent Node Configuration ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CN ! ! ip subnet-zero ! ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 description Interface menuju IS ip address 192.168.2.2 255.255.255.0 duplex auto speed auto ! interface Serial0/0 no ip address shutdown no fair-queue ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip http server ! ! ! dial-peer cor custom ! ! ! ! ! line con 0

L 19

line aux 0 line vty 0 4 login ! end

Home Agent Configuration ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HA ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ! ! ! ! ip cef ip host CN 192.168.2.2 ip ips po max-events 100 no aaa new-model no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface Serial0/0

L 20

description Interface menuju IS ip address 192.168.1.2 255.255.255.0 no fair-queue ! interface Serial0/1 no ip address shutdown ! router mobile ! router ospf 1 log-adjacency-changes redistribute mobile subnets network 192.168.0.0 0.0.255.255 area 1 ! ip classless ! ! ip http server no ip http secure-server ip mobile home-agent ip mobile virtual-network 192.168.100.0 255.255.255.0 ip mobile host 192.168.100.10 192.168.100.20 virtual-network 192.168.100.0 255.255.255.0 ip mobile secure host 192.168.100.10 spi 100 key hex 1234567890abcdef1234567890abcdef algorithm hmac-md5 ip mobile secure host 192.168.100.13 spi decimal 1000 key ascii cisco algorithm hmac-md5 ip mobile secure host 192.168.100.16 spi 640 key hex 1234567890abcdef1234567890abcdef algorithm hmac-md5 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

L 21

Foreign Agent 1 Configuration ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FA1 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ! ! ! ! ip cef ip host HA 192.168.1.2 ip ips po max-events 100 no aaa new-model no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface FastEthernet0/0 description Interface menuju Switch ip address 192.168.5.1 255.255.255.0 ip mobile foreign-service ip irdp ip irdp maxadvertinterval 4 ip irdp minadvertinterval 3 ip irdp holdtime 9 duplex auto speed auto ! interface Serial0/0 no ip address shutdown no fair-queue

L 22

! interface BRI0/0 no ip address shutdown ! interface Serial0/1 description Interface menuju IS ip address 192.168.3.2 255.255.255.0 ! router mobile ! router ospf 1 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 1 ! ip classless ! ! ip http server no ip http secure-server ip mobile foreign-agent care-of FastEthernet0/0 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

L 23

Foreign Agent 2 Configuration ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FA2 ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ! ! ! ! ip cef ip host HA 192.168.1.2 ip ips po max-events 100 no aaa new-model no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface FastEthernet0/0 description Interface menuju ke Switch ip address 192.168.6.1 255.255.255.0 ip mobile foreign-service ip irdp ip irdp maxadvertinterval 4 ip irdp minadvertinterval 3 ip irdp holdtime 9 duplex auto speed auto ! interface Serial0/0 no ip address shutdown !

L 24

interface Serial0/1 description Interface menuju IS ip address 192.168.4.2 255.255.255.0 ! router mobile ! router ospf 1 log-adjacency-changes network 192.168.0.0 0.0.255.255 area 1 ! ip classless ! ! ip http server no ip http secure-server ip mobile foreign-agent care-of FastEthernet0/0 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

L 25

Mobile Node Configuration ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MN ! boot-start-marker boot-end-marker ! ! no network-clock-participate slot 1 no network-clock-participate wic 0 ip subnet-zero ! ! ! ! ip cef ip host CN 192.168.2.2 ip host HA 192.168.1.2 ip host FA1 192.168.3.2 192.168.5.1 ip host FA2 192.168.4.2 192.168.6.1 ip ips po max-events 100 no aaa new-model no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface FastEthernet0/0 ip address 192.168.100.10 255.255.255.0 ip mobile router-service roam duplex auto speed auto no routing dynamic ! interface Serial0/0 no ip address shutdown no fair-queue !

L 26

interface BRI0/0 no ip address shutdown ! interface Serial0/1 no ip address shutdown ! router mobile ! ip classless ! ! ip http server no ip http secure-server ip mobile secure home-agent 192.168.1.2 spi 100 key hex 1234567890abcdef1234567890abcdef algorithm hmac-md5 ip mobile router address 192.168.100.10 255.255.255.0 home-agent 192.168.1.2 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end

Switch Configuration ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! ! ip subnet-zero ! ! ! spanning-tree mode pvst

L 27

no spanning-tree optimize bpdu transmission spanning-tree extend system-id no spanning-tree vlan 1 ! ! ! ! interface FastEthernet0/1 spanning-tree portfast ! interface FastEthernet0/2 spanning-tree portfast ! interface FastEthernet0/3 spanning-tree portfast ! interface FastEthernet0/4 spanning-tree portfast ! interface FastEthernet0/5 spanning-tree portfast ! interface FastEthernet0/6 spanning-tree portfast ! interface FastEthernet0/7 spanning-tree portfast ! interface FastEthernet0/8 spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/11 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/12 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/15

L 28

switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/16 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/17 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/18 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet0/19 spanning-tree portfast ! interface FastEthernet0/20 spanning-tree portfast ! interface FastEthernet0/21 spanning-tree portfast ! interface FastEthernet0/22 spanning-tree portfast ! interface FastEthernet0/23 spanning-tree portfast ! interface FastEthernet0/24 spanning-tree portfast ! interface Vlan1 ip address 192.168.5.254 255.255.255.0 no ip route-cache ! ip http server ! line con 0 line vty 5 15 ! ! end

L 29

File Konfigurasi /usr/local/etc/dynmnd.conf # : dynmnd.conf,v 1.56 2001/10/20 13:36:07 jm Exp $ # Mobile Node configuration file # # Dynamic hierarchial IP tunnel # Copyright (C) 1998-2001, Dynamics group # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. See README and COPYING for # more details. # ####################################################################### # # NOTE! # This is an example configuration file designed to give # perspective to the system configuration AND to provide # a basis for a working simple test environment. # The values of some of the parameters may not be the # same as the daemon's defaults, so don't get confused. # # To get a minimal test working, you will need to check the # following items: # * MNHomeIPAddress # * HAIPAddress # * EnableFADecapsulation # * HomeNetPrefix (if using FA decapsulation or # dynamics HA address resolution) # * SPI and SharedSecret # The rest of the items should work with their preset values in # most cases and they can be used to fine tune the operations # after the basic operation have been tested successfully. # ####################################################################### # # The Mobile Nodes's IP address in the Home Network. # If using AAA (see UseAAA below), home address can be set to 0.0.0.0 in order # to request a home address from the AAA infrastructure. This requires that # also MN NAI is configured. MNHomeIPAddress 192.168.100.13 # The Mobile Node's Network Access Identifier (NAI) [RFC2794] # If configured, this NAI is used in registration requests to identify the # mobile user for AAA services. # # MNNetworkAccessIdentifier "[email protected]" # UseAAA < TRUE | FALSE >. TRUE enables AAA extensions (key requests using # material from AAA, HA and home address discovery using AAA, etc.). This # requires that MN NAI and AAA related items below are configured. # FALSE disables these extensions.

L 30

UseAAA FALSE # The IP address of Mobile Node's Home Agent. In case of a private HA address # this is the address of the surrogate HA. If the HA address is unknown, set # this to 0.0.0.0 and make sure that HomeNetPrefix is correct for dynamic # HA address resolution or use AAA to discover HA address. If the HA has # multiple interfaces, this should be the address of the "public" interface, # i.e., the one toward default gateway (it has to be reachable from the foreign # networks). HAIPAddress 192.168.1.2 # If the HA has more than one interfaces, HAIPAddress should be configured to # be the one reachable from the Internet (i.e., from the foreign networks the # MN may visit). To allows MN to detect other HA's interfaces, their IP # addresses may be configured here. MN will use this list in addition to # HAIPAddress when determining whether an agent advertisement is from its own # HA (i.e., when MN is at home). Multiple lines containing different addresses # may be used to configure more than one alternative HA address. # AlternativeHAIPAddress 10.1.2.3 # AlternativeHAIPAddress 10.2.3.4 # AllowHomeAddrFromForeignNet < TRUE | FALSE >. TRUE allows AAA to assign # a home agent and home address from the foreign network (assuming they are # set to 0.0.0.0 above). FALSE means that both the home agent and the home # address must be from the home domain. AllowHomeAddrFromForeignNet FALSE # The following configuration options PrivateHAIPAddress, PrivateHAIdentifier, # and HANetworkAccessIdentifier are only used with home networks that use # private IP addresses and a surrogate HA. In other cases they should be left # commented. # The private IP address of Mobile Node's Home Agent. # Needed only, if surrogate HA is used. # PrivateHAIPAddress 192.168.200.200 # The identifier for the private HA in SHA (unique 32-bit number) # PrivateHAIdentifier 1 # Home Agent Network Access Identifier (NAI) # If configured, this NAI is used to match the HA agent advertisements when

L 31

# a MN is determining whether it is at home or not. This is mainly used with # private HA address that may not be globally unique. # # HANetworkAccessIdentifier "[email protected]" # EnableFADecapsulation < TRUE | FALSE >. TRUE enables a mode where # the FA decapsulates the IP-within-IP encapsulated IP packets. # FALSE disables this mode and sets the default mode where the # MN decapsulates the IP-within-IP encapsulated IP packets. # With FA decapsulation the MN uses its home address in the interface even in # the foreign network and with MN decapsulation MN needs to acquire a # co-located care-of address from the visited network (this needs an external # program; see man pages for more information). # The two modes cannot be used simultaneously. EnableFADecapsulation TRUE # Network address of home network (CIDR format: a.b.c.d/prefix_length) # This is used with FA decapsulation and dynamics HA address resolution. If # commented, the routing entry is not removed nor added. The home net entry # may optionally be used with MN decapsulation - see MNDecapsRouteHandling # option below. # # Example: 192.168.242.0/24 HomeNetPrefix 192.168.100.0/24 # Home net default gateway # This entry can be used to force a gateway that the MN uses when it is # at home. If this is left commented, the MN tries to use the default route # that was in use when the program was started. # # HomeNetGateway 192.168.242.254 ######################################################################## ##### # a SPI (Security Parameter Index) must be defined for every MN. # It is used for indexing the security association at the Home Agent. SPI 1000 # # The SharedSecret is provided as a HEX number string. The shared secret can # also be given as a character string # (e.g. character string "ABCDE" corresponds to HEX number string 4142434445). # Note: RFC 2002 specifies that the default key size is 128 bits (i.e. # 16 bytes or 32 hex 'characters'). Dynamics supports also other key lengths. # This shared secret is used with the HA. This must be commented out when using # AAA infrastructure for key generation. In this case, the AAA related items

L 32

# below must be configured. # SharedSecret < shared secret > # SharedSecret 016A352B2F235E SharedSecret "cisco" # # Authentication algorithm # 1: MD5/prefix+suffix (a.k.a. keyed-MD5) [RFC 2002] # 4: HMAC-MD5 [RFC 2104] # 5: SHA-1 [FIPS 180-1] # 6: HMAC-SHA1 [RFC 2104] # Note! MD5/prefix+suffix has known weaknesses and use of HMAC-MD5 is # recommented. MD5/prefix+suffix algorithm is for backwards compatability with # older versions that do not support more secure HMAC-MD5. AuthenticationAlgorithm 4 # # Replay prevention method: # 0: none # 1: time stamps # 2: nonces ReplayMethod 1 # # Mobile Node may have optional security associations with Foreign # Agents. If the security association exists an additional Mobile Node # Foreign Agent Authentication Extension is added to the registration requests. # # The following list contains the shared secrets indexed by SPI (and # Foreign Agent IP address). The algorithm field specifies the method # used for key distribution (see the list above). The format of the share # secret field is identical to the one used with the MN-HA security # association list above. # FA_SECURITY_BEGIN # SPI FA IP Alg. Shared Secret #2001 192.168.0.1 4 0123456789ABCDEF #2002 192.168.0.2 4 "eslkfj89jr3hduh3R!as" FA_SECURITY_END

# MN-AAA Authentication and Challenge/Response [RFC3012] # If the MN does not have a security association with an FA, it may use AAA # infrastructure for authentication. If this is used, also MN NAI # ('MNNetworkAccessIdentifier' above) should be configured. # SPI to be used in MN-AAA authentication. # Reserved SPI values: # 2 = CHAP_SPI, CHAP style authentication using MD5 [RFC 3012] # 3 = MD5/prefix+suffix [draft-ietf-mobileip-aaa-key-03.txt] # 4 = HMAC MD5 [draft-ietf-mobileip-aaa-key-03.txt] # MN-AAA-SPI 12345 # Shared secret for MN-AAA authentication (see 'SharedSecret' above for format

L 33

# instructions) # MN-AAA-SharedSecret "test" # # # # # # # # # # #

Algorithms to be used for MN-AAA authentication and key generation 1 = MD5/prefix+suffix (RFC 2002) 2 = RADIUS authentication (Sec. 8 of RFC 3012) 3 = MD5/prefix+suffix (RFC 2002) (alias for 1 above) 4 = HMAC-MD5 (Sec. 6 of RFC 3012; RFC 2104) 5 = SHA-1 (FIPS 180-1) 6 = HMAC-SHA1 (RFC 2104) Note: with algorithm 2, 'MN-AAA-SPI' should be set to reserved number CHAP_SPI (default: 2). MN-AAA-AuthenticationAlgorithm 4 MN-AAA-KeyGenerationAlgorithm 4

######################################################################## ##### # TunnelingMode < 1 | 2 | 3 | 4 > # The packets between the MN and a Correspondent Node (CN) can be routed using # different routes. This option can be used to select, which mode will be # selected. # Possible values: # 1 = automatic, prefer reverse tunnel (i.e. bi-directional tunnel) # 2 = automatic, prefer triangle tunnel (i.e. tunnel only in CN->MN direction) # 3 = accept only reverse tunnel # 4 = accept only triangle tunnel TunnelingMode 1 # When MN can get its own co-located care-of address and use reverse tunneling, # the normal method is to set the default route to the tunnel. This means that # all the packets destined to other networks than the current subnet in the # visited network are send via the HA. If the co-located COA is public, it can # be used for sessions that do not need constant IP address (e.g. most of the # web browsing). The following configuration option specifies the routing # operation that is used with the co-located COA. # Possible values: # 0 = set default route to the tunnel # 1 = set only the home net route to the tunnel (the above HomeNetPrefix # options must be set) # 2 = do not change the routing entries (i.e. some external means must be # used to direct traffic to the tunnel, e.g. manually adding host route # to a specific host) MNDecapsRouteHandling 0

L 34

# DefaultTunnelLifetime is the lifetime suggested in registration # The lifetime is defined in seconds, default value is 300. # The request timer will be set according to this value. If the FA's agent # advertisment has a smaller time, it is used instead. # Special case: 65535 (or more) seconds means unlimited time (the binding will # not expire) # MNDefaultTunnelLifetime [ seconds ] MNDefaultTunnelLifetime 300 # UDP port to be used for sending registration requests # Port 434 is allocated for Mobile IP signaling and this should not be changed # unless the network is known to use some other port (i.e. all the FAs and HAs # must have the same port configured). UDPPort 434 # Socket priority for signaling sockets (UDP) can be set with SO_PRIORITY to # allow easier QoS configuration. If this argument is set, the given value is # used as a priority for the signaling socket. E.g. CBQ class can be used to # make sure that signaling is not disturbed by other traffic on a congested # link. # This feature is still undocumented and can be left commented. # # SocketPriority 1 # The log messages are written through syslog service. The facility to be # used defaults to LOG_LOCAL0, but it can be set with this parameter # to any of the possible facilities (LOG_AUTHPRIV, LOG_DAEMON, and so on). # The processing of log messages is defined in /etc/syslog.conf file. SyslogFacility LOG_DAEMON # Ignore these interfaces. No agent advertisements are received nor # agent solicitations sent for these interfaces. IGNORE_INTERFACES_BEGIN lo dummy0 tunl0 gre0 IGNORE_INTERFACES_END # Other programs may set routing entries so that the data connection may # fail. The MN can try to enforce the routes that it believes should be used. # This operation should currently be used only with FA decapsulation. If the # route enforcement is activated the MN daemon prevents certain route changes. EnforceRoutes FALSE

L 35

# MN can be instructed to poll for current AP address when using a wireless # LAN driver that supports wireless extensions. This can be used to speed up # handoffs when using managed mode (BSS). # Polling interval is configured in micro seconds # (i.e., 1000000 equals to 1 second) # -1 = AP polling disabled APPollingInterval -1 # MN can be instructed to send periodic agent solicitations to find new FAs. # Normally, MN uses agent solicitations when it does not have a valid agent # advertisement. Periodic solicitation occurs even if the connection seems to # be up. This will cause more broadcast messages and is thus disabled in the # default configuration, but it can speed up handoffs in some environments. # Solicitation interval is configured in micro seconds (usec) # (i.e., 1000000 usec equals to 1 second). A rnadom time between 0 and 0.5 # second will be added to solicitation intervals to prevent unwanted # synchronization of broadcast messages. In addition, solicitations will not be # send more often than once per second, so this interval should not be # configured to be less than 1000000 usec. # -1 = Periodic agent solicitation disabled SolicitationInterval -1 ######################################################################## ##### # Mobile Nodes use unix domain sockets to communicate through their API # interfaces. # The group and owner must be names as strings, no groupIDs or userIDs are # allowed. The file permissions are set in octal values like in chmod(1). # The configuration parameters of the two API sockets are as follows: MNAPIReadSocketPath "/var/run/dynamics_mn_read" MNAPIReadSocketGroup "root" MNAPIReadSocketOwner "root" MNAPIReadSocketPermissions 0666 # MNAPIAdminSocketPath "/var/run/dynamics_mn_admin" MNAPIAdminSocketGroup "root" MNAPIAdminSocketOwner "root" MNAPIAdminSocketPermissions 0700 # # Every configuration file must end to the keyword 'END'. END

L 36