CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編

Size: px

Start display at page:

Download "CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編"

なおやたけ
5 years ago
Views:

1 CS-SEIL-510/C Firmware version 1.75

3 CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C LAN telnet Web

4 ARP VPN NAT/NAPT DHCP DNS /

5 INIT LAN PPPoE unnumbered PPPoE DHCP LAN IPv4 IPv IPv6 over IPv4 tunnel LAN LAN LAN IP (urpf) MAC MAC RIP OSPF PIM-SM IPv4/IPv VPN IPsec IPsec IPsec

6 7.8.3 IP IP L2VPN L2TPv L2TPv3 L CS-SEIL-510/C VRRP CBQ /

7 1 1 CS-SEIL-510/C CS-SEIL-510/C WAN IP-VPN LAN ADSL FTTH CATV CS-SEIL-510/C IPv6 IPv4/IPv6 CS-SEIL-510/C 5

8 CS-SEIL-510/C 1.1 CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C IPsec IPv6 IPv4/IPv6 IPv6 / IPv6 PPPoE, DHCP PPPoE ADSL DHCP CATV IPsec/IKE VPN Secure Shell / Source/Destination TCP Established/SYN IPsec IPv4/IPv6 PIM-SM UPnP VoIP Windows Messenger NAT 6

9 NTP NTP SNMP SNMP up/down SNMP DHCP IP SMF CS-SEIL-510/C SMF SMF CS-SMARTConfigurator SMF WEB 1.2 CS-SEIL-510/C 2 SEIL Web Web Web 7

10 SEIL 2 SEIL 3 SEIL 4 SEIL HUB 5 SEIL SEIL 6 SEIL 7 LAN 8 SEIL 9 SEIL SEIL 8

11 Internet Explorer 6.0 Web 9

12 CS-SEIL-510/C 1.4 CS-SEIL-510/C SEIL SEIL 10

15 CS-SEIL-510/C 2.1 AC 13

16 AC (DC5V) SEIL AC100V 10 (50/60Hz) AC AC 14

17 SEIL 90 SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL 15

18 AC SEIL AC SEIL AC SEIL AC SEIL AC 16

19 AC AC SEIL 40 SEIL SEIL SEIL SEIL 17

20 2 SEIL SEIL AC AC SEIL AC SEIL AC SEIL SEIL SEIL SEIL 18

21 2 SEIL AC 19

23 CS-SEIL-510/C 3.1 RJ-45 Dsub9 AC UTP 21

24 LED SEIL 2. SERIAL0 7 LED b c h a g d f e h d LAN0 g LAN1 b SMF b c SEIL 22

25 P AC 2. LAN0 Ethernet LAN 3. LAN1 Ethernet ADSL 4. SERIAL1 5. LINK/ACT LED Ethernet LAN M LED Ethernet 100Base-TX 10Base-TX 7. INIT SMF 23

26 INIT 6.6 INIT P.79 24

27 SEIL SMF-PPPoE PPPoE SMF SMF-DHCP DHCP SMF SMF-LAN SMF-LAN SMF SMF WEB SEIL INIT 2 LED LED LED a 0 1 SMF-PPPoE 25

28 3 2 SMF-DHCP 3 SMF-LAN SEIL INIT 2 LED LED

29 CS-SEIL-510/C HUB 4.1 CS-SEIL-510/C ADSL /ONU SEIL LAN1 ADSL ONU Ethernet LAN Ethernet ) ADSL LAN1 Ethernet 10BASE-T/100BASE-TX 27

30 CS-SEIL-510/C LAN 4.2 CS-SEIL-510/C LAN SEIL LAN0 HUB HUB Ethernet LAN ) HUB Ethernet 5 LAN / Ethernet 10BASE-T/100BASE-TX 28

31 SEIL DC in 5V AC SEIL AC SEIL ON 7 LED 9.2 P.268 OFF AC AC 29

32 4 AC DC 5V SEIL 100V 10% 50/60Hz AC AC 30

33 5 5 CS-SEIL-510/C CS-SEIL-510/C SEIL SEIL SEIL 4 P.27 SEIL 1 SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL AC SEIL SEIL POWER 9.2 P

34 DHCP SEIL DHCP DHCP DHCP 1 コンピュータ起動 2 ネットワーク設定情報要求 3 ネットワーク設定情報供給 SEIL 4 ネットワーク設定完了! コンピュータ DHCP DHCP SEIL IP /24 手動で設定 IP アドレス /24 S E IL IP アドレス /24 コンピュータ 32

35 telnet 5.2 telnet SEIL LAN telnet SEIL telnet SEIL telnet Secure Shell Secure Shell Secure Shell SEIL P login:user admin login: admin user admin admin user / administrator P Password: Login incorrect Password: 3. admin # user > exit 33

36 Web 5.3 Web SEIL Web SEIL Web www サーバ www ブラウザ SEIL コンピュータ 4 P P.32 Web Internet Explorer 6.0 Netscape Navigator 7.0 SEIL 1. Web Web Proxy Web 2. URL URL interface lan0 address IP user admin SEIL 34

37 Web (U)admin (P) (U)user (P) * 35

38 5 5.4 SEIL 2 SEIL 1. telnet SEIL admin 2. password admin # password admin New password: New password: 3. Retype new password: 4. password user # password user New password: Retype new password: 5. SEIL P.62 # save-to flashrom 36

39 CS-SEIL-510/C SEIL IPv4 IPv6 IPv4 IPv6 IPv6 administrator P SEIL tcsh bash UNIX ASCII 37

40 ABC Zabc z abc f 0x

41 Space BackSpace Ctrl-H DEL Ctrl-D Tab Enter Ctrl-M Ctrl-J Ctrl-C Ctrl-F Ctrl-B Ctrl-A Ctrl-E Ctrl-T Ctrl-P Ctrl-N Ctrl-Space Ctrl-W Ctrl-K Ctrl-Y Ctrl-U Ctrl-L \ Y BackSpace BackSpace 1 help Enter Enter Ctrl-F Ctrl-B Ctrl-P Ctrl-N 1 39

42 SEIL Tab 1? interface p interface p Tab Ctrl+I interface p <Tab> interface pppoe interface pppoe interface pppoe interface pppoe? Ctrl+D interface pppoe? pppoe0 pppo1 pppoe2 pppoe3 interface pppoe ˆ pppoe0 pppoe1 pppoe2 pppoe3 40

43 SEIL Ctrl + P show date show config show status show system show date show log show users Ctrl + N Ctrl-P 1 1 Enter Ctrl-P Ctrl-N 1 1 Enter < > < 0> < 0> < 1> < 1> 41

44 add delete modify < > < 0> add/delete/modify < 0> < 1> add delete modify add delete modify 6.2 IPv4 IPv6 IPv4 IPv6 IPv6 administrator P.66 42

45 interface ppp bridge ARP arp route route6 vrrp filter filter6 macfilter VPN ipsec ike l2tp trace NAT/NAPT nat cbq DHCP dhcp dhcp DNS dns resolver rtadvd translator httpd telnetd sshd ntp timezone snmp syslog hostname password environment option 43

46 IPv4/IPv6 IPv4/IPv6 IPv4 IPv interface ppp bridge ARP arp route route6 vrrp filter filter6 macfilter VPN ipsec ike l2tp trace NAT/NAPT nat cbq DHCP dhcp dhcp DNS dns resolver rtadvd translator httpd telnetd sshd ntp timezone snmp syslog hostname password environment option IPv4/IPv6 44

47 interface interface IP VLAN add address delete description l2tp media mdi mtu over ppp-configuration queue tag tcp-mss tunnel unnumbered IP IP IP L2TP LAN LAN MDI/MDI-X MTU PPPoE LAN PPP VLAN TCP MSS unnumbered ppp ppp PPP add modify delete PPP PPP PPP bridge bridge 45

48 disable enable group add group delete group modify interface ip-bridging ipv6-bridging vman-tpid IPv4 IPv6 VMAN TPID ARP arp arp ARP NAT ProxyARP add delete modify reply-nat ARP ARP ARP NAT ProxyARP route route RIP/OSPF 46

49 add modify delete dynamic auth-key add dynamic auth-key delete dynamic rip enable dynamic rip disable dynamic rip interface dynamic rip interface version dynamic rip interface authentication dynamic rip interface route-filter dynamic rip default-route-originate dynamic rip update-timer dynamic ospf enable dynamic ospf disable dynamic ospf router-id dynamic ospf area add dynamic ospf area delete dynamic ospf link add dynamic ospf link delete dynamic ospf link modify dynamic ospf administrative-distance dynamic ospf default-route-originate enable dynamic ospf default-route-originate disable dynamic pim-sparse enable dynamic pim-sparse disable dynamic pim-sparse interface enable dynamic pim-sparse interface disable dynamic pim-sparse static-rp add dynamic pim-sparse static-rp delete dynamic route-filter add dynamic route-filter delete dynamic redistribute RIP RIP RIP / RIP RIPv2 / RIP / RIP RIP OSPF OSPF OSPF ID distance OSPF OSPF PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM 47

50 route6 route6 IPv6 RIPng add modify delete dynamic route-filter add dynamic route-filter delete dynamic ripng enable dynamic ripng disable dynamic ripng interface dynamic ripng interface route-filter dynamic ripng default-route-originate enable dynamic ripng default-route-originate disable dynamic ripng interface aggregate add dynamic ripng interface aggregate delete dynamic redistribute dynamic pim-sparse enable dynamic pim-sparse disable dynamic pim-sparse interface enable dynamic pim-sparse interface disable dynamic pim-sparse static-rp add dynamic pim-sparse static-rp delete IPv6 IPv6 IPv6 RIPng RIPng RIPng RIPng RIPng RIPng RIPng RIPng PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM vrrp vrrp VRRP add vrid delete vrid watch-group add watch-group delete VRID VRID 48

51 filter filter / add modify delete enable disable move filter6 filter6 IPv6 IPv6 / add modify delete enable disable move IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 macfilter macfilter LAN0 MAC add delete modify MAC MAC MAC 49

52 VPN ipsec ipsec / security-association proposal add security-association proposal modify security-association proposal delete security-association add security-association modify security-association add ike security-association modify ike security-association add pass security-association delete security-policy add security-policy modify security-policy delete security-policy enable security-policy disable security-policy move IKE IKE ike ike IKE Peer IKE IKE 50

53 retry interval phase1-timeout phase2-timeout per-send auto-initiation enable auto-initiation disable randomize-padding-value randomize-padding-length maximum-padding-length strict-padding-byte-check exclusive-tail peer add peer modify peer delete proposal add proposal modify proposal delete preshared-key add preshared-key modify preshared-key delete IKE IKE 1 2 IKE IKE IKE Peer IKE Peer IKE Peer IKE IKE IKE IKE IKE IKE l2tp l2tp L2TPv3 add delete modify hostname router-id l2tp l2tp l2tp local hostname local router-id 51

54 trace trace lan1 enable disable NAT/NAPT nat nat NAT NAPT 52

55 static add static delete dynamic add private dynamic delete private dynamic add global dynamic delete global dynamic delete all napt add private napt delete private napt add global napt delete global napt delete all snapt add snapt delete snapt enable snapt disable proxy sip add proxy sip delete timeout timeout dynamic timeout protocol logging reflect add interface reflect delete interface upnp on upnp off upnp interface NAT NAT NAT IP NAT IP NAT IP NAT IP NAT NAPT NAPT NAPT IP NAPT IP NAPT NAPT NAPT NAPT NAPT SIP SIP NAT NAT NAT NAT / Reflection NAT Reflection NAT UPnP UPnP UPnP cbq cbq CBQ 53

56 class add class modify class delete filter add filter modify filter delete filter enable filter disable filter move link-bandwidth CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ DHCP dhcp dhcp DHCP /DHCP IP DNS NTP enable disable mode interface DHCP DHCP DHCP DHCP / dhcp6 dhcp6 DHCPv6 /Rapid Commit Reconfigure Accept Prefix Delegation client enable client disable client interface client rapid-commit client reconf-accept client prefix-delegation DHCPv6 DHCPv6 DHCPv6 Rapid Commit Reconfigure Accept SLA ID 54

57 DNS dns dns DNS /DNS forwarder enable forwarder disable forwarder add forwarder delete forwarder query-translation enable forwarder query-translation disable forwarder query-translation prefix DNS DNS DNS DNS IPv4-IPv6 IPv4-IPv6 IPv4 resolver resolver DNS / DNS DNS enable disable address add address delete domain DNS DNS DNS DNS rtadvd rtadvd / enable disable interface 55

58 translator translator IPv6 IPv4 add delete add prefix delete prefix add port delete port delete all timeout httpd httpd Web / enable disable Web Web telnetd telnetd telnet / enable disable telnet telnet 56

59 sshd sshd Secure Shell /Secure Shell enable disable hostkey authorized-key Secure Shell Secure Shell Secure Shell Secure Shell ntp ntp NTP /NTP enable disable server add server delete peer add peer delete NTP NTP NTP NTP NTP peer NTP peer timezone timezone timezone snmp snmp SNMP /SNMP / 57

60 enable disable community sysname location contact user trap enable trap disable trap add trap delete trap src trap watch add trap watch delete SNMP SNMP SNMP community SNMP sysname SNMP location SNMP contact SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP syslog syslog / alternate-timestamp clear-password command-log debug-level sequence-number remote add delete facility / / hostname hostname hostname 58

61 password password SEIL password encrypted-password environment environment login-timer pager terminal 59

62 option option ip mask-reply ip monitor-linkstate ip redirects ip update-connected-route ipv6 monitor-linkstate ipv6 redirects ipv6 update-connected-route ip unicast-rpf ipv6 unicast-rpf ICMP Up/down ICMP echo LinkDown IPv4 connected route Up/down ICMP echo LinkDown IPv6 connected route IPv4 urpf IPv6 urpf 6.3 SEIL IPv4 IPv6 IPv4 IPv6 IPv6 administrator P.66 60

63 save-to load-from factory-config update clear ping ping6 traceroute traceroute date administrator bye exit logout quit connect disconnect reconnect reboot help telnet 61

64 IPv4/IPv6 IPv4/IPv6 IPv4 IPv save-to load-from factory-config update clear ping ping6 traceroute traceroute date administrator bye exit logout quit / connect disconnect reconnect reboot help telnet IPv4/IPv save-to save-to SEIL 62

65 flashrom remote stdout load-from load-from SEIL flashrom remote stdin factory-config factory-config SEIL factory-config update update 6.5 P.76 63

66 firmware ipl IPL clear clear SEIL arp-cache ndp-cache nat-session log trace route all route6 all ike ipsec security-association ipsec security-policy counter l2tp ARP NDP NAT IP IPv4 IPv6 IKE 1 IKE IKE IPsec IKE IPsec L2TP / ping ping SEIL 64

67 ping SEIL IPv4 ping6 ping6 SEIL ping6 SEIL IPv6 traceroute traceroute SEIL traceroute SEIL IPv4 traceroute6 traceroute6 SEIL traceroute6 SEIL IPv date date SEIL ccyymmddhhmm.ss ntp server NTP P.57 date 65

68 administrator administrator exit administrator bye, exit, logout, quit bye exit logout quit SEIL administrator bye exit logout quit / connect connect PPPoE connect 66

69 disconnect disconnect PPPoE connect reconnect disconnect reconnect reconnect PPPoE reconnect reboot reboot reboot help help SEIL help 67

70 remote-console remote-console SEIL remote-console SEIL telnet telnet SEIL TELNET telnet SEIL telnet 68

71 SEIL IPv4 IPv show config show status show log show trace show system show date show users show license show tech-support report-to 69

72 IPv4/IPv6 IPv4/IPv6 IPv4 IPv show config show status show log show trace show system show date show users show license show tech-support report-to IPv4/IPv show config SEIL 70

73 current environment flashrom arp ARP bridge cbq dhcp DHCP dhcp6 DHCPv6 dns DNS filter IPv4 filter6 IPv6 hostname httpd Web ike IKE interface ipsec ipsec l2tp l2tp macfilter MAC nat NAT ntp NTP option ppp PPP remote-console resolver DNS route IPv4 route6 IPv6 rtadvd snmp SNMP sshd SSH syslog syslog telnetd telnet timezone translator vrrp VRRP 71

74 administrator P.66 ike ipsec route sshd password ike ipsec route sshd encrypted-password admin <password> encrypted-password user <password> ike preshared-key add <psk name> <key> ipsec security-association add <SA name> tunnel <start IPaddress> <end IPaddress> to-encap esp-auth <spi> <esp algorithm> <esp key> <auth algorithm> <auth key> from-encap esp-auth <spi> <esp algorithm> <esp key> <auth algorithm> <auth key> to-auth ah <spi> <ah auth algorithm> <auth key> from-auth ah <spi> <ah auth algorithm> <auth key> route dynamic auth-key add <key-name> type md5 keyid <keyid> password <password> route dynamic auth-key add <key-name> type plain-text password <password> sshd hostkey <algorithm> <hostkey> < > ipsec show status SEIL 72

75 arp bridge cbq dhcp dhcp6 dns filter filter6 function httpd ike interface ipsec ipsec security-association ipsec security-policy l2tp macfilter nat ndp ntp option ppp resolver route route6 rtadvd snmp sshd telnetd translator vrrp ARP DHCP DHCPv6 dns forwarder IP IPv6 Web IKE IPsec IPsec IPsec L2TP MAC NDP NTP PPP DNS IPv4 IPv6 SNMP SSH TELNET VRRP show log SEIL 73

76 show log show log function show log level show trace SEIL WAN show trace show system SEIL arch cpustat hostname date uptime load memory version users CPU IPL show date show date 74

77 show users show users show license show license show tech-support show tech-support report-to report-to 75

78 P.62 ftp,http,tftp Web Web Web 1. FTP HTTP FTP anonymous CS-SEIL-510/C URL SEIL update firmware 2 A.update firmware <FTP IP > B.update firmware <URL> SEIL SEIL 76

79 A.update firmware <FTP IP > FTP IP FTP # update firmware filename [seilfirm.img]:seilfirm.img username [anonymous]:seiluser Password: total bytes received write to flash ROM?[y/N] y erasing / done. writing / done. 1. FTP IP SEIL 2. y Y n N SEIL 7 LED 77

80 B.update firmware <URL> URL HTTP FTP TFTP HTTP # update firmware total bytes received write to flash ROM?[y/N] y erasing / done. writing / done. FTP # update firmware ftp:// /seilfirm.img Password: total bytes received write to flash ROM?[y/N] y erasing / done. writing / done. TFTP # update firmware tftp:// /seilfirm.img Password: total bytes received write to flash ROM?[y/N] y erasing / done. writing / done. 1. URL 78

81 6 SEIL 2. y Y n N SEIL 7 LED 6.6 INIT SEIL factory-config P.63 INIT INIT 1. SEIL INIT 3.2 P SEIL 7 LED SEIL 8.1 P

83 7 7 LAN LAN PPPoE unnumbered PPPoE DHCP LAN IPv4 IPv IPv6 over IPv4 tunnel LAN LAN LAN IP (urpf) MAC MAC RIP OSPF PIM-SM IPv4/IPv VPN IPsec IPsec

84 IPsec IP IP L2VPN L2TPv L2TPv3 L CS-SEIL-510/C VRRP CBQ

85 LAN 7.1 LAN SEIL LAN 7.4 P PPPoE PPPoE PPPoE IPv4 IPv6 IPv4 インターネット WAN 側グローバルアドレス PPPoE で取得割当ネットワークアドレス /24 LAN 側プライベートアドレスプライベートアドレスプライベートアドレスプライベートアドレスプライベートアドレス

86 LAN 1 LAN1 LAN1 2 PPPoE PPPoE ID 3 PPPoE PPPoE 4 PPPoE PPPoE LAN1 5 LAN0 LAN0 6 NAPT 7 PPPoE PPPoE 8 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 84

87 LAN media auto auto 2 PPPoE PPPoE ID IPCP / IPCP IPCP DNS IPv6CP / ID TCP MSS Century enable on on disable PAP xxxxxx yyyyyy auto # ppp add Century ipcp enable ipcp-address on ipcp-dns on ipv6cp disable authenticat ion-method pap identifier xxxxxx passphrase yyyyyy tcp-mss auto ppp add Century Century ipcp enable IPCP ipcp-address on IPCP ipcp-dns on IPCP DNS ipv6cp disable IPv6CP authentication-method pap pap 85

88 LAN identifier xxxxxx ID xxxxxx passphrase yyyyyy yyyyyy tcp-mss auto TCP MSS auto 3 PPPoE PPPoE pppoe0 Century # interface pppoe0 ppp-configuration Century interface pppoe0 pppoe0 ppp-configuration Century Century 4 PPPoE PPPoE LAN1 pppoe0 lan1 86

89 LAN # interface pppoe0 over lan1 interface pppoe0 pppoe0 over lan1 lan1 5 LAN0 LAN0 IPv LAN0 6 NAPT NAPT IPv4 IPv6 LAN IPv4 IP pppoe0 # nat napt add private interface pppoe0 nat napt add private NAPT IP interface pppoe0 NAPT pppoe0 7 PPPoE 87

90 LAN PPPoE pppoe0 # connect pppoe0 connect pppoe0 PPPoE pppoe0 8 save-to P.62 PPPoE 88

91 LAN unnumbered PPPoE unnumbered PPPoE PPPoE IPv4 IPv6 IPv4 インターネット WAN 側 unnumbered PPPoE 割当ネットワークアドレス /24 LAN 側グローバルアドレスグローバルアドレスグローバルアドレスグローバルアドレスグローバルアドレス unnumbered PPPoE IP IP /24 89

92 LAN 1 LAN1 LAN1 2 PPPoE PPPoE ID 3 PPPoE PPPoE 4 PPPoE PPPoE LAN1 5 LAN0 LAN0 6 LAN0 IP LAN0 7 PPPoE PPPoE 8 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 90

93 LAN media auto auto 2 PPPoE PPPoE ID unnumbered numbered PPPoE IPCP on unnumbered off IPCP / IPCP IPCP DNS IPv6CP / ID TCP MSS Century enable off on disable PAP xxxxxx yyyyyy auto # ppp add Century ipcp enable ipcp-address off ipcp-dns on ipv6cp disable authentication-method pap identifier xxxxxx passphrase yyyyyy tcp-mss auto ppp add Century Century ipcp enable IPCP ipcp-address off IPCP ipcp-dns on IPCP DNS ipv6cp disable IPv6CP 91

94 LAN authentication-method pap pap identifier xxxxxx ID xxxxxx passphrase yyyyyy yyyyyy tcp-mss auto TCP MSS auto 3 PPPoE PPPoE pppoe0 Century # interface pppoe0 ppp-configuration Century interface pppoe0 pppoe0 ppp-configuration Century Century unnumbered unnumbered pppoe0 92

95 LAN # interface pppoe0 unnumbered interface pppoe0 unnumbered pppoe0 unnumbered 4 PPPoE PPPoE LAN1 pppoe0 lan1 # interface pppoe0 over lan1 interface pppoe0 pppoe0 over lan1 lan1 5 LAN0 LAN0 IPv4 lan0 / add IPv /24 93

96 LAN # interface lan0 add /24 interface lan0 lan0 add /24 add IPv /24 6 LAN0 IP IP 5. IPv4 SEIL IP IP SEIL lan0 / delete IPv /24 # interface lan0 delete /24 interface lan0 lan0 add /24 delete IPv /24 7 PPPoE PPPoE 94

97 LAN pppoe0 # connect pppoe0 connect pppoe0 PPPoE pppoe0 8 save-to P.62 PPPoE 95

98 LAN DHCP DHCP インターネット WAN 側グローバルアドレス DHCP で取得割当ネットワークアドレス /24 LAN 側プライベートアドレスプライベートアドレスプライベートアドレスプライベートアドレスプライベートアドレス LAN1 LAN1 2 LAN0 LAN0 3 NAPT 96

99 LAN 4 DHCP DHCP 5 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 media auto auto 2 LAN0 LAN0 IPv LAN0 3 NAPT NAPT IPv4 IPv6 LAN IPv4 IP lan1 97

100 LAN # nat napt add private interface lan1 nat napt add private NAPT IP interface lan1 NAPT lan1 4 DHCP DHCP lan1 # interface lan1 add dhcp interface lan1 lan1 add dhcp DHCP 5 save-to P.62 DHCP 98

101 LAN LAN LAN IPv4 IPv6 IPv4 インターネット WAN 側ネットワークアドレス /24 WAN 側グローバルアドレス LAN 側ネットワークアドレス /24 LAN 側グローバルアドレスグローバルアドレスグローバルアドレスグローバルアドレスグローバルアドレス

102 LAN 1 LAN1 LAN1 2 LAN1 IPv4 LAN1 3 LAN0 LAN0 4 LAN0 LAN0 5 1 LAN1 LAN1 auto SEIL lan1 auto # interface lan1 media auto interface lan1 lan1 media auto auto 2 LAN1 IPv4 LAN1 IPv4 100

103 LAN lan1 / add IPv /24 # interface lan1 add /24 interface lan1 lan1 add /24 add IPv /24 3 LAN0 LAN0 IPv4 lan0 / add IPv /24 # interface lan0 add /24 interface lan0 lan0 add /24 add IPv /24 4 LAN0 IP 101

104 LAN IP 3. IPv4 SEIL IP IP SEIL lan0 / delete IPv /24 # interface lan0 delete /24 interface lan0 lan0 delete /24 delete IPv /24 5 save-to P.62 LAN 102

105 IPv4 IPv6 7.2 IPv4 IPv6 IPv6 IPv4 SEIL IPv4 IPv IPv6 over IPv4 tunnel x:x:x::/48 y:y:y::/48 2 IPv6 IPv4 IPv6 IPv4 SEIL A B IPv6 over IPv4 SEIL A IPv z:z:z::1 SEIL B IPv z:z:z::2 103

106 IPv4 IPv6 ネットワーク A IPv6 ネットワーク x:x:x::/48 S E IL A トンネルアドレス z:z:z::1 IPv4 アドレス IPv 6 トンネル IPv 4 インターネット IPv4 アドレストンネルアドレス z:z:z::2 S E IL B ネットワーク B IPv6 ネットワーク y:y:y::/ x:x:x::/48 y:y:y::/48 z:z:z::1 z:z:z::2 IPv P.64 SEIL A SEIL B SEIL A IPv4 IPv6 104

107 IPv4 IPv6 2 SEIL A IPv6 3 SEIL A 4 SEIL B IPv4 IPv6 5 SEIL B IPv6 6 SEIL B 1 SEIL A SEIL A SEIL IPv4 tunnel0 IP IP # interface tunnel0 tunnel interface tunnel0 tunnel0 tunnel IP IP IPv6 105

108 IPv4 IPv6 IP IP tunnel0 z:z:z::1 z:z:z::2 # interface tunnel0 add z:z:z::1 remote z:z:z::2 interface tunnel0 tunnel0 add z:z:z::1 remote z:z:z::2 IP z:z:z::1 IP z:z:z::2 z:z:z::1 z:z:z::2 IPv6 2 SEIL A IPv6 IPv6 IP IP y:y:y::/48 z:z:z::2 106

109 IPv4 IPv6 # route6 add y:y:y::/48 z:z:z::2 route6 add y:y:y::/48 z:z:z::2 IP y:y:y::/48 IP z:z:z::2 y:y:y::/48 z:z:z::2 IPv6 IP tunnel0 IPv6 3 SEIL A save-to P.62 SEIL A 4 SEIL B SEIL B SEIL IPv4 tunnel0 IP IP # interface tunnel0 tunnel interface tunnel0 tunnel0 107

110 IPv4 IPv6 tunnel IP IP IPv6 IP IP tunnel0 z:z:z::2 z:z:z::1 # interface tunnel0 add z:z:z::2 remote z:z:z::1 interface tunnel0 tunnel0 add z:z:z::2 remote z:z:z::1 IP z:z:z::2 IP z:z:z::1 z:z:z::1 z:z:z::2 IPv6 5 SEIL B IPv6 IPv6 IP IP x:x:x::/48 z:z:z::1 108

111 IPv4 IPv6 # route6 add x:x:x::/48 z:z:z::1 route6 add x:x:x::/48 z:z:z::1 IP x:x:x::/48 IP z:z:z::1 x:x:x::/48 z:z:z::1 IPv6 IP tunnel0 IPv6 6 SEIL B save-to P.62 SEIL B 109

112 LAN 7.3 LAN LAN LAN SEIL 1 1 NAT SEIL NAPT LAN LAN Reflection NAT NAT LAN SEIL NAT NAPT Reflection NAT NAT PPPoE P.83 LAN SEIL 1 1 NAT SEIL NAT pppoe0 110

113 LAN グローバルアドレスゾーンインターネット静的 NAT : グローバルアドレス LAN0 側割り当てネットワーク ( グローバルアドレス ) /29 LAN 側プライベートアドレス www サーバグローバルアドレスアドレス対応プライベートアドレスプライベートアドレスプライベートアドレス NAT NAT 2 1 NAT 111

114 LAN SEIL IP IP pppoe0 # nat static add interface pppoe0 nat static add NAT IP IP IP interface pppoe0 NAT pppoe0 2 save-to P.62 NAT Web

115 LAN NAPT P.110 SEIL SEIL NAPT SEIL SEIL NAPT pppoe0 113

116 LAN グローバルアドレスゾーンインターネットグローバルアドレス宛ポート番号 80 宛のデータグローバルアドレス LAN0 側割り当てネットワーク ( プライベートアドレス ) /24 プライベートアドレスプライベートアドレスプライベートアドレス NAPT NAPT 2 1 NAPT 114

117 LAN SEIL NAPT tcp Listen 80 pppoe0 IP / enable # nat snapt add protocol tcp listen 80 interface pppoe0 forward enable nat snapt add protocol tcp tcp listen 80 Listen HTTP 80 interface pppoe0 pppoe0 forward IP Web IP enable enable 2 save-to P.62 NAPT Web

118 LAN LAN NAT LAN LAN Reflection NAT LAN SEIL Reflection NAT P.110 NAT LAN NAT LAN LAN SEIL SEIL Reflection NAT SEIL NAT SEIL 116

119 LAN グローバルアドレスゾーンインターネット静的 NAT : グローバルアドレス LAN0 側割り当てネットワーク ( グローバルアドレス ) /29 LAN 側プライベートアドレス www サーバグローバルアドレスアドレス対応プライベートアドレスプライベートアドレスプライベートアドレス NAT NAT 2 NAPT NAPT 3 Reflection NAT Reflection NAT 4 117

120 LAN 1 NAT SEIL IP IP pppoe0 # nat static add interface pppoe0 nat static add NAT IP IP IP interface pppoe0 NAT pppoe0 2 NAPT NAPT IP pppoe0 # nat napt add private interface pppoe0 nat napt add private NAPT IP

121 LAN interface pppoe0 NAPT pppoe0 3 Reflection NAT NAT/NAPT lan0 reflection lan0 # nat reflect add interface lan0 nat reflect add interface lan0 Reflection NAT lan0 4 save-to P.62 Reflection NAT NAT LAN Web

122 LAN LAN LAN Web HTTP SEIL IPv4 IPv6 IPv4 インターネットグローバルアドレス割当ネットワークアドレス /24 グローバルアドレス WWW サーバグローバルアドレスグローバルアドレスグローバルアドレス

123 pppoe SEIL

124 A. Web B. TCP C. SEIL ICMP D. A a. Web ( ) TCP 80 b. LAN ( /24) TCP (TCP Established) c. SEIL( ) ICMP d. TCP b. b. d. d. d. 1 NAT/NAPT NAT/NAPT NAT/NAPT 2 a d ab SEIL a. 122

125 httppass pass pppoe0 in tcp IP /32 80 off top / enable # filter add httppass action pass interface pppoe0 direction in protocol tcp dst /32 dstport 80 logging off top enable filter add httppass httppass action pass pass interface pppoe0 pppoe0 direction in in protocol tcp HTTP tcp dst /32 dstport 80 IP Web /32 Web 32 IP

126 logging off off top 1 top enable enable b estabpass pass pppoe0 in tcp-established IP /24 off below httppass (a )) / enable # filter add estabpass action pass interface pppoe0 direction in protocol tcp-established dst /24 logging off below httppass enable filter add estabpass estabpass action pass pass interface pppoe0 pppoe0 direction in in 124

127 protocol tcp-established TCP tcp-established dst /24 IP LAN /24 LAN 24 logging off off below httppass a. below httppass enable enable c. icmppass pass pppoe0 in icmp IP /32 off below estabpass (b )) / enable # filter add icmppass action pass interface pppoe0 direction in protocol icmp dst /32 logging off below estabpass enable filter add icmppass icmppass 125

128 action pass pass interface pppoe0 pppoe0 direction in in protocol icmp ICMP icmp dst /32 IP SEIL /32 SEIL 32 logging off off below estabpass. below estabpass enable enable d. / allblock block pppoe0 in any off bottom enable 126

129 # filter add allblock action block interface pppoe0 direction in protocol any logging off bottom enable filter add allblock allblock action block block interface pppoe0 pppoe0 direction in in protocol any a. c. any logging off off bottom a c bottom enable enable 3 save-to P

130 LAN FTP LAN SEIL IPv4 IPv6 IPv4 pppoe0 インターネットグローバルアドレス割当ネットワークアドレス /24 グローバルアドレスグローバルアドレスグローバルアドレス SEIL 128

131 A. FTP B. SEIL ICMP C. A a. LAN ( /24) FTP b. SEIL( ) ICMP c. FTP 21 - a c. c. 1 NAT/NAPT NAT/NAPT NAT/NAPT 2 a c 129

132 ab SEIL a. ftppass pass pppoe0 out tcp IP /24 21 enable off top / enable # filter add ftppass action pass interface pppoe0 direction out protocol tcp src /24 dstport 21 state enable logging off top enable filter add ftppass ftppass action pass pass interface pppoe0 pppoe0 direction out out protocol tcp FTP tcp 130

133 src /24 dstport 21 IP LAN /24 LAN state enable state enable logging off off top top enable enable b. icmppass pass pppoe0 in icmp IP /32 off below ftppass (a ) / enable # filter add icmppass action pass interface pppoe0 direction in protocol icmp dst /32 logging off below ftppass enable filter add icmppass icmppass action pass pass 131

134 interface pppoe0 pppoe0 direction in in protocol icmp ICMP icmp dst /32 IP SEIL /32 SEIL 32 logging off off below ftppass a below ftppass enable enable c. / allblock block pppoe0 in any off bottom enable 132

135 # filter add allblock action block interface pppoe0 direction in protocol any logging off bottom enable filter add allblock allblock action block block interface pppoe0 pppoe0 direction in in protocol any a. c. any logging off off bottom a b bottom enable enable 3 save-to P

136 IP (urpf) urpf(unicast Reverse Path Forwarding) IP LAN IPv4 IPv6 IPv6 インターネットグローバルアドレス割当ネットワークアドレス /24 グローバルアドレスコンピュータ A 1 2 urpf urpf 134

137 urpf urpf SEIL 2 urpf urpf IP urpf IP IPv4 urpf strict IP ip strict on # option ip unicast-rpf strict logging on option ip IP IPv4 ip unicast-rpf strict urpf strict logging on on 135

138 save-to P.62 urpf 136

139 MAC 7.5 MAC LAN LAN SEIL MAC SEIL MAC 1 MAC MAC MAC MAC SEIL インターネットコンピュータ A 00:11:22:33:44:55 コンピュータ B 00:aa:bb:cc:de:f0 137

140 MAC 1 MAC 2 MAC MAC MAC A. A(00:11:22:33:44:55) B. B(00:aa:bb:cc:dd:ee) C. A B MAC C. A. B. MAC lan0 lan0 lan1 MAC Ethernet MAC MAC Ethernet 2 MAC MAC MAC MAC A. C. SEIL A. 138

141 MAC pcapass pass MAC 00:11:22:33:44:55 off macfilter add pcapass action pass src 00:11:22:33:44:55 logging off macfilter add pcapass pcapass action pass pass src 00:11:22:33:44:55 MAC 00:11:22:33:44:55 logging off off B. MAC pcbpass pass 00:aa:bb:cc:dd:ee off macfilter add pcbpass action pass src 00:aa:bb:cc:dd:ee logging off macfilter add pcbpass pcbpass 139

142 MAC action pass pass src 00:aa:bb:cc:dd:ee MAC 00:aa:bb:cc:dd:ee logging off off C. MAC allblock block any off macfilter add allblock action block src any logging off macfilter add allblock allblock action block block src any MAC any logging off off 3 show status macfilter MAC 140

143 MAC show status macfilter 4 save-to P.62 MAC 141

144 MAC Web MAC インターネット maclist.txt 00:11:22:33:44:55 00:aa:bb:cc:de:f0 00:ff:ee:00:01:22 Web サーバコンピュータ A 00:11:22:33:44:55 コンピュータ B 00:aa:bb:cc:de:f0 コンピュータ Z 00:ff:ee:00:01:22 1 MAC Web MAC Web 2 MAC Web MAC MAC 3 142

145 MAC 4 1 MAC Web SEIL Web MAC 00:11:22:33:44:55 00:aa:bb:cc:de:f :ff:ee:00:01:22 URL HTTP HTTPS FTP MAC BASIC URL 2 MAC MAC MAC SEIL MAC MAC listpass pass 1 off macfilter add listpass action pass src interval 1h logging off macfilter add listpass listpass 143

146 MAC action pass pass src MAC URL interval 1h MAC 1h(1 ) logging off off MAC MAC allblock block any off macfilter add allblock action block src any logging off macfilter add allblock allblock action block block src any MAC any logging off off 3 144

147 MAC show status macfilter MAC show status macfilter 4 save-to P.62 MAC 145

148 SEIL Unicast RIP OSPF 2 Multicast PIM-SM(IPv4/IPv6) RIP RIP グローバルアドレス /24 経路情報交換 S E IL B グローバルアドレスグローバルアドレス S E IL A グローバルアドレス /24 経路情報交換 146

149 SEIL A SEIL B SEIL A SEIL B RIP SEIL A SEIL B SEIL A SEIL A RIP LAN0 LAN1 RIP 2 SEIL A RIP RIP 3 SEIL A 4 SEIL A 1 SEIL A RIP SEIL A SEIL LAN RIP lan0 enable # route dynamic rip interface lan0 enable route dynamic rip interface lan0 RIP lan0 147

150 enable RIP enable RIP RIP lan0 RIPv2 # route dynamic rip interface lan0 version ripv2 route dynamic rip interface lan0 RIP lan0 version ripv2 RIP ripv2 RIPv2 RIPv2 lan0 disable # route dynamic rip interface lan0 authentication disable route dynamic rip interface lan0 RIP lan0 authentication disable RIPv2 disable LAN1 LAN1 RIP lan1 enable 148

151 # route dynamic rip interface lan1 enable route dynamic rip interface lan1 RIP lan1 enable RIP enable RIP RIP lan1 RIPv2 # route dynamic rip interface lan1 version ripv2 route dynamic rip interface lan1 RIP lan1 version ripv2 RIP ripv2 RIPv2 RIPv2 lan1 disable # route dynamic rip interface lan1 authentication disable route dynamic rip interface lan1 RIP lan1 149

152 authentication disable RIPv2 disable 2 SEIL A RIP / enable # route dynamic rip enable route dynamic rip enable RIP enable 3 SEIL A show status # show status route 4 save-to P.62 SEIL A RIP 150

153 OSPF OSPF OSPF RIP グローバルアドレス /24 経路情報交換 S E IL B グローバルアドレスグローバルアドレス S E IL A グローバルアドレス /24 経路情報交換 SEIL A SEIL B SEIL A SEIL B OSPF SEIL A SEIL B SEIL A SEIL A SEIL A 151

154 stub area no summary stub area 2 OSPF lan1 OSPF / OSPF lan0 lan1 3 SEIL A SEIL B ID OSPF SEIL ID ID 1 SEIL A stub area / 2 SEIL A OSPF ID 3 SEIL A OSPF ID OSPF ID 4 SEIL A OSPF OSPF 5 SEIL A 6 SEIL A 1 SEIL A SEIL A SEIL 152

155 ID disable # route dynamic ospf area add stub disable route dynamic ospf area add ID stub disable disable 2 SEIL A unnumbered lan0 ID # route dynamic ospf link add lan0 area route dynamic ospf link add lan0 OSPF lan0 area ID LAN1 3 SEIL A OSPF ID 153

156 OSPF ID # route dynamic ospf router-id route dynamic ospf router-id OSPF ID SEIL B OSPF ID SEIL A OSPF / enable # route dynamic ospf enable route dynamic ospf enable OSPF enable 5 SEIL A show status # show status route 6 154

157 save-to P.62 SEIL A OSPF SEIL 2 SEIL A LAN OSPF SEIL A B SEIL B LAN RIP SEIL A RIP OSPF ネットワーク B /24 SEIL B lan S E IL B SEIL B lan SEILA lan S E IL A SEIL A lan 経路情報再配布 OSPF RIP ネットワーク A /24 155

158 SEIL A (OSPF RIP) OSPF RIP 2 SEIL A (RIP OSPF) RIP OSPF 3 SEIL A 4 SEIL A 1 SEIL A (OSPF RIP) SEIL A SEIL OSPF RIP / ospf-to-rip enable # route dynamic redistribute ospf-to-rip enable route dynamic redistribute ospf-to-rip OSPF RIP ospf-to-rip enable enable 2 SEIL A (RIP OSPF) RIP OSPF / rip-to-ospf enable 156

159 # route dynamic redistribute rip-to-ospf enable route dynamic redistribute rip-to-ospf RIP OSPF rip-to-ospf enable enable 3 SEIL A show status # show status route 4 save-to P.62 SEIL A PIM-SM IPv4/IPv6 PIM-SM for IPv4/IPv6 SEIL A SEIL A lan0/lan1 IPv6 PIM-SM RP(Rendezvous Point), BSR(Boot Strap Router) Multicast RP, BSR 157

160 RP & BSR Router IPv6 Global Address IPv6 Sender Global Address インターネット IPv6 M ulticast Routing Global Address Reciever SEIL IPv6 Global Address 1 SEIL PIM-SM lan0/lan1 PIM-SM 2 SEIL PIM-SM PIM-SM 3 SEIL 4 SEIL 158

161 SEIL PIM-SM SEIL LAN PIM-SM lan0 enable # route6 dynamic pim-sparse interface lan0 enable route6 dynamic pim-sparse interface lan0 PIM-SM lan0 enable PIM-SM enable LAN1 lan1 enable # route6 dynamic pim-sparse interface lan1 enable route6 dynamic pim-sparse interface lan1 PIM-SM lan1 159

162 enable PIM-SM enable 2 SEIL PIM-SM / enable # route6 dynamic pim-sparse enable route6 dynamic pim-sparse enable PIM-SM enable 3 SEIL show status Multicast # show status route6 dynamic pim-sparse 4 save-to P.62 SEIL PIM-SM 160

163 SEIL SEIL ping SEIL インターネットルータ A グローバルアドレス /24 ルータ B グローバルアドレス /24 WAN 側グローバルアドレス /24 LAN 側ネットワークアドレス /

164 SEIL 3 SEIL 4 SEIL 5 SEIL 1 A. SEIL B. ( ) C. D. distance 2 SEIL SEIL default on 10 5 # route add default kepalive on send-interval 10 down-count 5 route add default

165 keepalive on keepalive on send-interval 10 ping 10 down-count 5 ping ping target target ping 3 SEIL default distance 100 # route add default distance 100 route add default distance 100 distance SEIL ping show log 2 Jan 2 04:11:29 notice system lanbackupd: target down. 163

166 show status route 2 Jan 2 04:11:29 notice system lanbackupd: target up. show status route 5 SEIL save-to P

167 SEIL インターネットルータ A グローバルアドレス /24 ルータ B グローバルアドレス /24 WAN 側グローバルアドレス /24 LAN 側ネットワークアドレス / /

168 SEIL 5 SEIL 1 A. SEIL LAN /24 A B. SEIL LAN /24 B /24 SEIL routefwd forward lan ( A) in IP /24 # filter add routefwd action forward src /24 direction in interface lan0 filter add routefwd routefwd action forward

169 src /24 IP /24 direction in in interface lan0 lan0 3 default # route add default route add default SEIL IP / show status filter count page 1 id policy forward in log on lan0 proto any from /24 to any count 6 logging on show log 167

170 info filter f > PR icmp type 8 code 0 len IN 5 SEIL save-to P

171 VPN IPsec 7.8 VPN IPsec LAN SEIL IPsec VPN Virtual Private Network LAN IPsec IKE VPN IPv4 IPv6 IPv4 IPv4 IPv6 SEIL A SEIL B SEIL A SEIL A SEIL A 169

172 VPN IPsec ネットワーク A /24 プライベートアドレス / 24 S E IL A グローバルアドレス IPsec トンネルインターネットグローバルアドレス S E IL B プライベートアドレス /24 ネットワーク B / IKE IKE DH Diffie-Hellman Group MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp

173 VPN IPsec 2 DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp IKE IPsec IPsec tunnel ESP / /24 1 SEIL A IKE IKE 2 SEIL A 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 1 SEIL A IKE 171

174 VPN IPsec IKE SEIL A opensesame # ike preshared-key add opensesame ike preshared-key add opensesame opensesame SEIL A SEIL B SEIL B opensesame IKE IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp

175 VPN IPsec # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp1536 lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer seilb main ikeprop01 IP address address # ike peer add seilb exchange-mode main proposal ikeprop01 address my-identifier address peers-identifier address ike peer add seilb IKE Peer seilb exchange-mode main 1 main 173

176 VPN IPsec proposal ikeprop01 ikeprop01 address IKE IP my-identifier address peers-identifier address address SEIL B IKE Peer seila main ikeprop01 IP address address 2 SEIL A IKE saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 174

177 VPN IPsec authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 3 SEIL A sa03 IPsec tunnel IP IP saprop01 AH disable ESP enable # ipsec security-association add sa03 tunnel ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel IPsec tunnel IPsec IP IP

178 VPN IPsec ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL B sa03 IPsec tunnel IP IP saprop01 AH disable ESP enable 4 SEIL A sp03 sa03 IP / /24 IP / /24 any / enable # ipsec security-policy add sp03 security-association sa03 src /24 dst /24 protocol any enable ipsec security-policy add sp03 sp03 176

179 VPN IPsec security-association sa03 sa03 src /24 dst /24 IP src IP dst IP IP / /24 IP / /24 protocol any any enable enable SEIL B sp03 sa03 IP / /24 IP / /24 any / enable 5 SEIL A show status IPsec IKE # show status ipsec # show status ike 6 save-to P.62 SEIL A IKE 177

180 VPN IPsec IPsec IKE VPN IPv4 IPv6 IPv4 IPv4 IPv6 IPsec lan0 lan1 IPsec IPsec P.169 IPsec VPN P

181 VPN IPsec ネットワーク A /24 プライベートアドレス /24 S E IL A グローバルアドレス IPsec トンネルインターネットグローバルアドレスグローバルアドレス S E IL B S E IL C プライベートアドレスプライベートアドレスネットワーク B /24 ネットワーク C /24 IPsec IPsec SEIL A SEIL B,SEIL C SEIL A SEIL A SEIL A

182 VPN IPsec 1 IPsec IPsec IPsec IPsec ipsec0 ipsec63 64 IPsec IPsec IPsec IPsec SEIL A SEIL B SEIL A SEIL C SEIL B SEIL C IPsec SEIL A SEIL B SEIL C IPsec SEIL A IPsec IPsec SEIL B ipsec0 SEIL C ipsec1 SEIL B IPsec IPsec SEIL A ipsec0 SEIL C ipsec1 SEIL C IPsec IPsec SEIL A ipsec0 SEIL B ipsec1 IPsec IPsec SEIL A IPsec IPsec ipsec ipsec SEIL B IPsec IPsec ipsec ipsec

183 VPN IPsec SEIL C IPsec IPsec ipsec ipsec IPsec SEIL A IPsec IPsec ipsec ipsec SEIL B IPsec IPsec ipsec ipsec SEIL C IPsec IPsec ipsec ipsec IKE IKE IPsec Diffie-Hellman (DH) DH Group MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp

184 VPN IPsec 4 IPsec IPsec IPsec ipsec0 ipsec1 ESP 5 SEIL A SEIL B SEIL A SEIL C SEIL B SEIL C IPsec RIP IPsec RIP P.46 1 SEIL A IPsec IPsec 2 SEIL A IKE IKE 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 7 SEIL A 182

185 VPN IPsec 1 SEIL A IPsec SEIL A SEIL B IPsec IPsec ipsec # interface ipsec0 tunnel interface ipsec0 tunnel ipsec IPsec SEIL C IPsec IPsec ipsec # interface ipsec1 tunnel interface ipsec1 tunnel ipsec IPsec ipsec0 183

186 VPN IPsec IPsec ipsec / # interface ipsec0 address /30 remote interface ipsec0 address /30 ipsec0 SEIL A remote ipsec0 SEIL B ipsec1 IPsec ipsec / # interface ipsec1 address /30 remote interface ipsec1 address /30 ipsec1 SEIL A

187 VPN IPsec remote ipsec1 SEIL C SEIL B IPsec ipsec IPsec ipsec IPsec ipsec / IPsec ipsec / SEIL C IPsec ipsec IPsec ipsec

188 VPN IPsec IPsec ipsec / IPsec ipsec / SEIL A IKE IKE IKE SEIL B SEIL C SEIL B opensesame-b # ike preshared-key add opensesame-b ike preshared-key add opensesame-b opensesame-b SEIL C opensesame-c 186

189 VPN IPsec # ike preshared-key add opensesame-c ike preshared-key add opensesame-c opensesame-c SEIL A SEIL B SEIL B SEIL C SEIL B opensesame-b opensesame-c SEIL C opensesame-c opensesame-b IKE SEIL B SEIL C IKE IKE 187

190 VPN IPsec IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp1536 lifetime-of-time 3600 IKE 3600 IKE Peer SEIL B, SEIL C SEIL B IKE Peer IKE Peer seilb main ikeprop01 IP address address IPsec 188

191 VPN IPsec # ike peer add seilb exchange-mode main proposal ikeprop01 address my-identifier address peers-identifier address tunnel-interface enable ike peer add seilb IKE Peer seilb exchange-mode main 1 main proposal ikeprop01 ikeprop01 address IKE IP my-identifier address peers-identifier address address tunnel-interface enable IPsec SEIL C IKE Peer IKE Peer seilc main ikeprop01 IP address address IPsec 189

192 VPN IPsec # ike peer add seilc exchange-mode main proposal ikeprop01 address my-identifier address peers-identifier address tunnel-interface enable ike peer add seilc IKE Peer seilc exchange-mode main 1 main proposal ikeprop01 ikeprop01 address IKE IP my-identifier address peers-identifier address address tunnel-interface enable IPsec SEIL B IKE Peer seila main ikeprop01 IP address address IPsec 190

193 VPN IPsec IKE Peer seilc main ikeprop01 IP address address IPsec SEIL C IKE Peer seila main ikeprop01 IP address address IPsec IKE Peer seilb main ikeprop01 IP address address IPsec 3 SEIL A IKE SEIL B SEIL C 191

194 VPN IPsec saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 4 SEIL A SEIL B SEIL C SEIL B 192

195 VPN IPsec IPsec IPsec AH ESP sa03 tunnel-interface ipsec0 saprop01 disable enable # ipsec security-association add sa03 tunnel-interface ipsec0 ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel-interface ipsec0 IPsec tunnel-interface IPsec IPsec IPsec ipsec0 ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL C IPsec IPsec AH ESP sa04 tunnel-interface ipsec1 saprop01 disable enable 193

196 VPN IPsec # ipsec security-association add sa04 tunnel-interface ipsec1 ike saprop01 ah disable esp enable ipsec security-association add sa04 sa04 tunnel-interface ipsec1 IPsec tunnel-interface IPsec IPsec IPsec ipsec1 ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL B IPsec IPsec AH ESP sa03 tunnel-interface ipsec0 saprop01 disable enable IPsec IPsec AH ESP sa05 tunnel-interface ipsec1 saprop01 disable enable 194

197 VPN IPsec SEIL C IPsec IPsec AH ESP sa04 tunnel-interface ipsec0 saprop01 disable enable IPsec IPsec AH ESP sa05 tunnel-interface ipsec1 saprop01 disable enable 5 SEIL A RIP RIP / rip enable # route dynamic rip enable route dynamic rip enable RIP RIP ipsec0 195

198 VPN IPsec / rip ipsec0 enable # route dynamic rip interface ipsec0 enable route dynamic rip RIP interface ipsec0 enable ipsec0 RIP ipsec1 / rip ipsec1 enable # route dynamic rip interface ipsec1 enable route dynamic rip RIP interface ipsec1 enable ipsec1 6 SEIL A show status IPsec IKE # show status ipsec 196

199 VPN IPsec # show status ike 7 save-to P.62 SEIL A IKE 197

200 VPN IPsec IP IP VPN IPsec IP IPsec IPv4 IPv6 IPv4 IPv4 IPv6 SEIL A SEIL B IP P.207 ネットワーク A /24 プライベートアドレス / 24 S E IL A グローバルアドレス PPPoE で動的動的に割当 IPsec トンネルインターネットグローバルアドレス S E IL B プライベートアドレスネットワーク B /24 198

201 VPN IPsec 1 IKE IKE DH Group IP aggressive main IP IP FQDN USER-FQDN MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp IP IPsec IPsec IKE pppoe0 IPsec tunnel ESP / /24 199

202 VPN IPsec 1 SEIL A IKE IKE 2 SEIL A 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 1 SEIL A IKE IKE SEIL A seila.seil.jp opensesame 200

203 VPN IPsec # ike preshared-key add seila.seil.jp opensesame ike preshared-key add seila.seil.jp opensesame seila.seil.jp opensesame SEIL A SEIL B IKE IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp

204 VPN IPsec lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer seilb aggressive ikeprop01 IP fqdn seila.seil.jp # ike peer add seilb exchange-mode aggressive proposal ikeprop01 address my-identifier fqdn seila.seil.jp ike peer add seilb IKE Peer seilb exchange-mode aggressive 1 aggressive proposal ikeprop01 ikeprop01 address IKE IP my-identifier fqdn seila.seil.jp fqdn seila.seil.jp aggressive IP IPsec aggressive IP main 2 SEIL A IKE 202

205 VPN IPsec saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 3 SEIL A sa03 IPsec tunnel pppoe0 IP saprop01 AH disable ESP enable 203

206 VPN IPsec # ipsec security-association add sa03 tunnel pppoe ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel pppoe IPsec tunnel IPsec IP pppoe0 IP ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable 4 SEIL A sp03 sa03 IP / /24 IP / /24 any / enable 204

207 VPN IPsec # ipsec security-policy add sp03 security-association sa03 src /24 dst /24 protocol any enable ipsec security-policy add sp03 sp03 security-association sa03 sa03 src /24 dst /24 IP src IP dst IP IP / /24 IP / /24 protocol any any enable enable pppoe0 IPsec 5 SEIL A show status IPsec IKE pppoe0 IPsec pppoe0 # show status ipsec # show status ike 6 save-to P

208 VPN IPsec SEIL A IKE 206

209 VPN IPsec IP IP VPN IP IPsec IPv4 IPv6 IPv4 IPv4 IPv6 SEIL B SEIL A IP P.198 ネットワーク A /24 プライベートアドレス / 24 S E IL A グローバルアドレス PPPoE で動的動的に割当 IPsec トンネルインターネットグローバルアドレス S E IL B プライベートアドレスネットワーク B /24 207

210 VPN IPsec 1 IKE IKE DH Group IP aggressive main IP IP FQDN USER-FQDN MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp IP IPsec IPsec IKE tunnel ESP / /24 208

211 VPN IPsec 1 SEIL B IKE IKE 2 SEIL B 3 SEIL B 4 SEIL B 5 SEIL B 6 SEIL B 1 SEIL A IKE IKE SEIL A seila.seil.jp opensesame 209

212 VPN IPsec # ike preshared-key add seila.seil.jp opensesame ike preshared-key add seila.seil.jp opensesame seila.seil.jp opensesame SEIL A SEIL B IKE IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp

213 VPN IPsec lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer IP seila aggressive ikeprop01 dynamic fqdn seila.seil.jp # ike peer add seila exchange-mode aggressive proposal ikeprop01 address dynamic peer-identifier fqdn seila.seil.jp ike peer add seila IKE Peer seila exchange-mode aggressive 1 aggressive proposal ikeprop01 ikeprop01 address dynamic IKE IP IP dynamic peer-identifier fqdn seila.seil.jp fqdn seila.seil.jp aggressive IP IPsec aggressive IP main 2 SEIL B 211

214 VPN IPsec IKE saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 3 SEIL B 212

215 VPN IPsec IPsec / AH ESP sa03 tunnel dynamic saprop01 disable enable # ipsec security-association add sa03 tunnel dynamic ike saprop01 ah disableesp enable ipsec security-association add sa03 sa03 tunnel dynamic IPsec tunnel IPsec dynamic ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable tunnel dynamic IPsec IP 1 IKE Phase1 IP 2 SEIL B IP 4 SEIL B 213

216 VPN IPsec sp03 sa03 IP / /24 IP / /24 any / enable # ipsec security-policy add sp03 security-association sa03 src /24 dst /24 protocol any enable ipsec security-policy add sp03 sp03 security-association sa03 sa03 src /24 dst /24 IP src IP dst IP IP / /24 IP / /24 protocol any any enable enable SEIL B IPsec SEIL A IPsec 5 SEIL B show status IPsec IKE 6 214

217 VPN IPsec save-to P.62 SEIL B IKE 215

7 7.9. L2VPN L2TPv3 7.9 L2VPN L2TPv3 IPsec 3(IP) 2(Ethernet) SEIL L2TPv3 L2VPN(Layer 2 Virtual Private Network) 7.9.1 L2TPv3 L2 L2TPv3 VPN L2TPv3 IPv4 SEIL A SEIL B SEIL A SEIL A SEIL A S E IL A 同一セグメント IPsec トンネルインターネットグローバルアドレス 10.

218 L2VPN L2TPv3 7.9 L2VPN L2TPv3 IPsec 3(IP) 2(Ethernet) SEIL L2TPv3 L2VPN(Layer 2 Virtual Private Network) L2TPv3 L2 L2TPv3 VPN L2TPv3 IPv4 SEIL A SEIL B SEIL A SEIL A SEIL A S E IL A 同一セグメント IPsec トンネルインターネットグローバルアドレスグローバルアドレス S E IL B

すべて見る

CS-SEIL-510/C コマンドリファレンス

CS-SEIL-510/C コマンドリファレンス FutureNet CS-SEIL-510/C 1.75 1 CS-SEIL-510/C 10 1.1................................................ 10 1.2............................................. 10 1.3..................................................

CS-SEIL-510/C ユーザーズガイド コマンドラインインターフェイス編

CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編