FUJITSU Network Si-R Si-R Gシリーズ トラブルシューティング

P3NK-4472-09Z0 Si-R G FUJITSU Network Si-R FUJITSU Network Si-R Si-R G Si-R brin V2

V2 LAN 2011 11 2012 3 2 2012 8 3 2013 1 4 2013 3 5 2013 6 6 2014 1 7 2014 11 8 2016 7 9 Microsoft Corporation Copyright FUJITSU LIMITED 2011-2016 2

V2...2...4...4...5...6 1...7 1.1...7 1.2...7 2...11 2.1...11 2.2...12 2.3...14 2.4...15 2.5...17 2.6 IPsec/IKE...18 2.7...34 2.8 SNMP...36 2.9 VRRP...37 2.10...41 2.11...41 3...42 3.1...42 4...43 4.1 FTP...43 4.2...43 4.3...44 5...45 5.1 LAN...45 5.2...47 5.3 SELECT ENTER...49... 50 3

V2 PL PL 4

V2 MicrosoftWindowsWindows NTWindows Server Windows Vista Microsoft Corporation Adobe Reader Adobe Systems Incorporated UNIX Microsoft Windows XP Professional operating system Windows XP Microsoft Windows XP Home Edition operating system Microsoft Windows 2000 Server Network operating system Windows 2000 Microsoft Windows 2000 Professional operating system Microsoft Windows NT Server network operating system Version 4.0 Windows NT 4.0 Microsoft Windows NT Workstation operating system Version 4.0 Microsoft Windows Server 2003, Standard Edition Windows Server 2003 Microsoft Windows Server 2003 R2, Standard Edition Microsoft Windows Server 2003, Enterprise Edition Microsoft Windows Server 2003 R2, Enterprise Edition Microsoft Windows Server 2003, Datacenter Edition Microsoft Windows Server 2003 R2, Datacenter Edition Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows Server 2003 R2, Standard Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003 R2, Enterprise x64 Edition Microsoft Windows Server 2003, Enterprise Edition for Itanium-based systems Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003 R2, Datacenter x64 Edition Microsoft Windows Vista Ultimate operating system Windows Vista Microsoft Windows Vista Business operating system Microsoft Windows Vista Home Premium operating system Microsoft Windows Vista Home Basic operating system Microsoft Windows Vista Enterprise operating system Microsoft Windows 7 64bit Home Premium Windows 7 Microsoft Windows 7 32bit Professional 5

V2 Si-R Si-R G100 Si-R G200 - - - - Web Si-R Si-R G100 Si-R G200 MIB/Trap Web Web 6

V2 1 1.1 2 1 LAN 2 LAN 1.2 WAN RIP LAN WAN RIP LAN B1 B2 15 45 IP IP udp XXX datagrams received RIP IP RIP remote <number> ip filter <count> reject any any any any 520 17 yes any any RIP 60 7

V2 WAN RIP # show running-config remote <number> ip rip 2.12 IP P.12 8 LAN Windows WWW 1 ProxyDNS ProxyDNS DNS 2 1IP NetBIOS over TCP 2.12 IP P.12 8 2URL Windows 2.24 URL URL P.365 3 DNS QTYPE A1PTR12 DNS DNS QTYPE proxydns:[<qtype>:<qname>]from<ip >to< > 2.23.5 DNS P.36 3 8

V2 WWW 2.31 P.3 92 1.2 P.13 LAN LAN LAN LAN WAN IP 9

V2 5 P.45 10

V2 2 2.1 POWER CHECK CHECK show system status machine_state FALLBACK 11

V2 2.2 ETHERNET HUB 10 100 1000M FULL HALF HUB LINK ACT SPEED FDX show ether Si-R G200 P.20 Si-R G100 P.20 LAN LAN HUB LAN LAN LAN LAN HUB LAN ETHERNET AutoMDI/MDI-X on ETHERNET HUB ETHERNET AutoMDI/MDI-X ETHERNET AutoMDI/MDI-X off ETHERNET HUB ETHERNET off POWER CHECK ECO lamp mode ECO show running-config lamp mode ECO show system funcswitch - -show running-configshow system funcswitch 2.44 ECO P.160 12

V2 telnet IP IP IP IP IP IP 192.168.1.2 192.168.1.254 255.255.255.0 DHCP IP ipconfig Windows 2000 Windows XP Windows Vista Windows 7 Windows NT TA LAN IP ETHER 2 ETHER 2 LAN ETHER 2 ARP IP IP IP LAN LAN IP IP IP IP IP IP DNS IP IP IP 192.168.1.1 5 P.45 13

V2 password format unique encrypted password format unique encrypted 2.3 Windows NT 4.0 Remote Access ServiceRAS 1 2 3Remote Access Autodial Manager 4 Windows Internet Explorer 1Internet Explorer 2 3 4 14

V2 autodial locked by redial 3 2 remote [<number>] ap [<ap_number>] dial <count> number <dial_number> remote [<number>] ap [<ap_number>] ppp auth send <id> <password> [encrypted] yes syslog dupcut yes 2.4 IP NAT IP NAT ETHERNET ETHER HUB LINK HUB 1000Mbps- 100Mbps- 10Mbps- 100Mbps- 10Mbps- Ping WWW DNS DHCP ProxyDNS DNS 15

V2 DNS DHCP DNS WWW URLhttp://www.fujitsu.com www.fujitsu.com IP DHCPDNS IP DHCP DNS IP IP DNS IP IP DHCP IP DHCP IP IP DHCP IP DHCP IP IP 192.168.1.1172.32.100.1 IP DHCP IP IP DHCP IP 192.168.1.1 192.168.1.2 172.32.100.1 172.32.100.2 192.168.1.1 192.168.1.2 172.32.100.1 192.168.1.2 PPPoE ADSL PPPoE PPPoE ADSL ID @ ADSL ID xxx@xxx.ne.jpxxx@xxx.com @ ADSL ADSL ADSL ADSL 16

V2 2.5 LAN LAN IP DHCP LAN IP IP IP IP 2 IP IP DHCP IP telnet IP IP PPPoE LAN LAN PPPoE LAN LAN LAN IPv6 LAN IPv6 over IPv4 MTU IPv4 MTU 1280 LAN IP-VPN BGP NAT BGP NAT NAT NAT 17

V2 2.6 IPsec/IKE IPsec/IKE IPsec/IKE IPsec IPsec IP VPN Responder IP IKE LifeTime IKE IPsec SA IKE IPsec SA Aggressive Mode IKE IP VPN Responder IP IKE Initiator IP IPsec ping IKE IPsec SA IP IPsec SA IKE SA IKE IPsec SA Rekey IKE SA IPsec SA IKE SA SA IPsec SA Rekey IKE SA IKE IPsec SA IKE SA IKE IPsec SA Rekey IPsec SA Initiator Responder 18

V2 IKE IKE Initial-Contact IKE SA Initiator Responder IPsec IPsec/IKE IPsec/IKE lan IP IPsec IP IPsec IPsec IPsec SPI IPsec SPI IPsec SPI IPsec SPI IPsec SPI IPsec SPI IPsec SPI IPsec SPI IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec IPsec 16 IPsec IPsec IPsec IPsec 19

V2 IKE IPsec SA IKE SA IKE IPsec SA Rekey IPsec des-cbc 3des-cbc IPsec 3des-cbc 16 3 des-cbc 3des 16 3 1 2 3 :1122334455667788 9900aabbccddeeff 1122334455667788 116 216 316 1 3 16 1 2 2 3 3 1 des-cbc 1 2 3 AAA RADIUS IPsec/IKE IKE AAA RADIUS IPsec/IKE IKE AAA RADIUS VPN ping IKE AAA RADIUS IPsec/IKE AAA RADIUS AAA RADIUS ID ID AAA RADIUS ID ID IDAggressive Mode Main Mode IPsec AAA RADIUS ID IPv6 IPv6 ID IPv6 IPv6 ID RADIUSRADIUS AAA RADIUS IKE IKE AAA RADIUS 20

V2 AAA RADIUS AAA RADIUS ID IPsec AAA IP IP IPv4 IPsec AAA RADIUS IPsec/IKE IPsec SA AAA RADIUS AAA RADIUS IPsec IPv6 IPv6 off IPv6 on AAA AAA AAA RADIUS IPsec/IKE IPsec SA AAA RADIUS IPsec AAA RADIUS IPsec AAA RADIUS IPsec/IKE AAA RADIUS AAA RADIUS VPN IPsec/IKE VPN IPsec/IKE VPN IPsec/IKE ID VPN VPN ID VPN ID VPN VPN VPN VPN 21

V2 IPsec IKE IPsec IPsec IPsec IPsec PFS DHDiffie-Hellman IKEPre-shared key IKE VPN IPsec VPN IPsec VPN IPsec/IKE IPsec SA IPsec IPv6 IPv6 off IPv6 on VPN NAT IPsec/IKE IKE NAT NAT IKE NAT AH NAT ESP ESP NAT IKE VPN IPsec/IKE VPN ID ID NAT RFC 3947 draft-ietf-ipsec-nat-t-ike-03 draft-ietf-ipsec-nat-t-ike-02\n draft-ietf-ipsec-nat-t-ike-02 22

V2 IPsec IPsec 14 P.24 14 OK NG a d A H P.29 A H IPsec PPPoE IPsecIP IP IP IP NAT NAT A 1show ipsec sa aok bng MTUMRU B a 2show ip route all NG IPsec C b a 3show logging syslog aok bng1.phase 1 cng2.phase 2 dng3.hash/psk b d Pre-Shared Key D c IPsec E aggressive mode respondernat ayesbno range PFS F a b NAT NAT ayesa bno b 4show ip route all aok bng a b remote ap tunnel remote [address] G remote ip address local H 23

V2 OK NG 14 IPsec 1show ipsec sa OK IPsec SA INOUT 1 IKE SA 1 # show ipsec sa [IPsec SA Information] [1] Remote Name(IPsec), rmt0, ap0 Side(Initiator), Gateway(10.1.1.2, 10.1.1.1), OUT Protocol(ESP), Enctype(3des-cbc), Authtype(hmac-sha1), PFS(modp768) Status(mature), Spi=88893807(0x054c696f) Created(Jan 25 17:56:47 2011), NewSA(28710secs, 0Kbyte) Lifetime(28800secs), Current(2secs), Remain(28798secs) Lifebyte(0Kbyte), Current(1Kbyte), Remain(0Kbyte) [2] Remote Name(IPsec), rmt0, ap0 Side(Initiator), Gateway(10.1.1.1, 10.1.1.2), IN Protocol(ESP), Enctype(3des-cbc), Authtype(hmac-sha1), PFS(modp768) Status(mature), Spi=267160340(0x0fec8b14) Created(Jan 25 17:56:47 2011), NewSA(28710secs, 0Kbyte) Lifetime(28800secs), Current(2secs), Remain(28798secs) Lifebyte(0Kbyte), Current(1Kbyte), Remain(0Kbyte) [IKE SA Information] [1] Destination(10.1.1.2.500), Source(10.1.1.1.500), rmt0 Cookies(5b2023b77ea4c7de:68dd6596e28e7aa3) Side(Initiator), Status(ESTABLISHED), Exchangetype(MAIN) IKE Version(1), Authmethod(shared-key), DPD(disable) Enctype(3des-cbc), Hashtype(hmac-sha1), PFS(modp768) Created(Jan 25 17:56:46 2011) Lifetime(86400secs), Current(3secs), Remain(86397secs) # NG IPsec SA IKE SA 1 Cookies 0 # show ipsec sa [IKE SA Information] [1] Destination(10.1.1.2.500), Source(10.1.1.1.500), rmt0 Cookies(0727e870341cd187:0000000000000000) Side(Initiator), Status(MSG1SENT), Exchangetype(MAIN) IKE Version(1), Authmethod( ), DPD(disable) Enctype( ), Hashtype( ), PFS( ) Created( ) Lifetime(0secs), Current(0secs), Remain(0secs) # #show ipsec sa # 24

V2 2show ip route all OK IPsec IPsec IPsec remote 1 IPsec LAN 192.168.2.0/24 # show ip route all FP Destination/Mask Gateway Distance UpTime Interface *S 0.0.0.0/0 rmt0 0 00:01:03 rmt0 *L 10.1.1.1/32 10.1.1.1 0 00:03:49 rmt0 *C 192.168.1.0/24 192.168.1.1 0 00:03:49 lan1 *S 192.168.2.0/24 rmt1 0 00:01:03 rmt1 # NG IPsec IPsec IPsec remote 1 IPsec LAN 192.168.2.0/24 remote 0 PPPoE IPsec # show ip route all FP Destination/Mask Gateway Distance UpTime Interface *S 0.0.0.0/0 rmt0 0 00:01:03 rmt0 *L 10.1.1.1/32 10.1.1.1 0 00:03:49 rmt0 *C 192.168.1.0/24 192.168.1.1 0 00:03:49 lan1 # 3show logging syslog OK IPsec/IKE # show logging syslog Mar 08 06:59:52 192.168.1.1 Si-R G200: init: system startup now. Mar 08 06:59:52 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Mar 08 06:59:52 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Mar 08 06:59:52 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Mar 08 06:59:52 192.168.1.1 Si-R G200: protocol: lan 1 link up Mar 08 06:59:52 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Mar 08 06:59:52 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection # 25

V2 NG 1.phase 1 "isakmp:give up phase1 negotiation." "isakmp:hash mismatched" "isakmp:psk mismatched" 3.HASH/psk/ certificate P.2 7 # show logging syslog Jan 01 09:23:53 192.168.1.1 Si-R G200: init: system startup now. Jan 01 09:23:53 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Jan 01 09:23:53 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Jan 01 09:23:53 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Jan 01 09:23:53 192.168.1.1 Si-R G200: protocol: lan 1 link up Jan 01 09:23:53 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Jan 01 09:23:53 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Jan 01 09:25:04 192.168.1.1 Si-R G200: isakmp: give up phase1 negotiation. 10.1.2.1[500] -> 10.1.1.1[500] # 2.phase 2 "isakmp: give up phase2 negotiation." Initiator # show logging syslog Apr 28 14:31:29 192.168.1.1 Si-R G200: init: system startup now. Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Apr 28 14:32:24 192.168.1.1 Si-R G200: isakmp: give up phase2 negotiation. 10.1.2.1[500] -> 10.1.1.1[500] # Responder range syslog # show logging syslog Apr 28 14:31:29 192.168.1.1 Si-R G200: init: system startup now. Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection # syslog # show logging syslog Apr 28 14:31:29 192.168.1.1 Si-R G200: init: system startup now. Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection # 26

V2 # show logging syslog Apr 28 14:31:29 192.168.1.1 Si-R G200: init: system startup now. Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Apr 28 14:34:04 192.168.1.1 Si-R G200: isakmp: IPsec SA encryption algorithm mismatched. Apr 28 14:34:14 192.168.1.1 Si-R G200: isakmp: IPsec SA encryption algorithm mismatched. # # show logging syslog Apr 28 14:31:29 192.168.1.1 Si-R G200: init: system startup now. Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 28 14:31:29 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 28 14:31:29 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Apr 28 14:35:32 192.168.1.1 Si-R G200: isakmp: IPsec SA authentication algorithm mismatched. Apr 28 14:35:42 192.168.1.1 Si-R G200: isakmp: IPsec SA authentication algorithm mismatched. # 3.HASH/psk/certificate HASH mismatchedpsk mismatchedcertificate mismatchedsignature mismatched Aggressive Mode Initiator Main Mode Responder Aggressive Mode Initiator HASH HASH # show logging syslog Jan 01 04:35:36 192.168.1.1 Si-R G200: init: system startup now. Jan 01 04:35:36 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Jan 01 04:35:36 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Jan 01 04:35:36 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Jan 01 04:35:36 192.168.1.1 Si-R G200: protocol: lan 1 link up Jan 01 04:35:36 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Jan 01 04:35:36 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Jan 01 04:35:37 192.168.1.1 Si-R G200: isakmp: HASH mismatched side=0 exchange type=4 status=3. Jan 01 04:35:46 192.168.1.1 Si-R G200: isakmp: HASH mismatched side=0 exchange type=4 status=3. Jan 01 04:36:01 192.168.1.1 Si-R G200: isakmp: HASH mismatched side=0 exchange type=4 status=3. Jan 01 04:36:21 192.168.1.1 Si-R G200: isakmp: HASH mismatched side=0 exchange type=4 status=3. Jan 01 04:36:30 192.168.1.1 Si-R G200: isakmp: give up phase1 negotiation. sir -> 10.1.1.2[500] # 27

V2 Main Mode Responder # show logging syslog Apr 20 17:29:59 192.168.1.1 Si-R G200: init: system startup now. Apr 20 17:29:59 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Apr 20 17:29:59 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Apr 20 17:29:59 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Apr 20 17:29:59 192.168.1.1 Si-R G200: protocol: lan 1 link up Apr 20 17:29:59 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Apr 20 17:29:59 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Apr 20 17:50:14 192.168.1.1 Si-R G200: isakmp: psk mismatched. Apr 20 17:50:24 192.168.1.1 Si-R G200: isakmp: psk mismatched. Apr 20 17:50:42 192.168.1.1 Si-R G200: isakmp: psk mismatched. Apr 20 17:51:03 192.168.1.1 Si-R G200: isakmp: psk mismatched. Apr 20 17:51:09 192.168.1.1 Si-R G200: isakmp: give up phase1 negotiation. 10.1.2.1[500] -> 10.1.1.1[500] # Main Mode Responder # show logging syslog Jun 16 15:09:55 192.168.1.1 Si-R G200: init: system startup now. Jun 16 15:09:55 192.168.1.1 Si-R G200: sshd: generating public/private host key pair. Jun 16 15:09:55 192.168.1.1 Si-R G200: protocol: ether 1 1 link up Jun 16 15:09:55 192.168.1.1 Si-R G200: protocol: ether 1 2 link up Jun 16 15:09:55 192.168.1.1 Si-R G200: protocol: lan 1 link up Jun 16 15:09:55 192.168.1.1 Si-R G200: sshd: generated public/private host key pair. Jun 16 15:09:55 192.168.1.1 Si-R G200: protocol: [vlan2] connected to PPPoE.pppoe() by keep connection Jun 16 15:10:03 192.168.1.1 Si-R G200: isakmp: certificate mismatched. SIR.SIR Jun 16 15:10:03 192.168.1.1 Si-R G200: isakmp: signature mismatched. SIR.SIR Jun 16 15:10:13 192.168.1.1 Si-R G200: isakmp: certificate mismatched. SIR.SIR Jun 16 15:10:13 192.168.1.1 Si-R G200: isakmp: signature mismatched. SIR.SIR Jun 16 15:10:30 192.168.1.1 Si-R G200: isakmp: certificate mismatched. SIR.SIR Jun 16 15:10:30 192.168.1.1 Si-R G200: isakmp: signature mismatched. SIR.SIR Jun 16 15:11:23 192.168.1.1 Si-R G200: isakmp: give up phase1 negotiation. 10.1.2.1[500] -> 10.1.1.1[500] # 4show ip route all OK IPsec 10.1.1.1/32 PPPoE remote 0 # show ip route all FP Destination/Mask Gateway Distance UpTime Interface *S 0.0.0.0/0 rmt0 0 00:01:03 rmt0 *L 10.1.1.1/32 10.1.1.1 0 00:03:49 rmt0 *C 192.168.1.0/24 192.168.1.1 0 00:03:49 lan1 *S 192.168.2.0/24 rmt1 0 00:01:03 rmt1 # 28

V2 NG IPsec 10.1.1.1 IP Aggressive Mode Initiatior # show ip route all FP Destination/Mask Gateway Distance UpTime Interface *S 0.0.0.0/0 rmt0 0 00:01:03 rmt0 *C 192.168.1.0/24 192.168.1.1 0 00:03:49 lan1 *S 192.168.2.0/24 rmt1 0 00:01:03 rmt1 # A H NAT NAT AP.2 9 MTUMRU BP.3 0 IPsec CP.31 Pre-Shared Key DP.31 IPsec EP.3 2 range PFS FP.3 2 remote ap tunnel remote [address] GP.3 3 remote ip address local HP.33 A VPN IPsec NAT NAT VPN NAT NAT IPsec Aggressive Mode Initiator PPPoE VPN Aggressive Mode Initiator NAT IPsec SA Responder IPsec NAT Responder NAT IPsec SA Main Mode IKE NAT IPsec SA IPsec NAT # ether 1 1 vlan untag 2 # ether 1 2 vlan untag 3 # lan 0 vlan 2 # lan 1 ip address 192.168.2.1/24 3 # lan 1 vlan 3 # remote 0 name ISP # remote 0 mtu 1454 # remote 0 ap 0 name isp # remote 0 ap 0 datalink bind vlan 2 # remote 0 ap 0 ppp auth send sir2 sir2 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m NAT NAT # remote 0 ip nat static 0 192.168.2.1 500 any 500 17 IKE(UDP:500) # remote 0 ip nat static 1 192.168.2.1 any any any 50 ESP(IP:50) 29

V2 # remote 0 ip msschange 1414 # remote 1 name SIR # remote 1 ap 0 name SIR # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ike name local sir # remote 1 ap 0 ike shared key text sir # remote 1 ap 0 ike proposal 0 encrypt 3des-cbc # remote 1 ap 0 tunnel remote 10.1.1.1 # remote 1 ap 0 sessionwatch address 192.168.2.1 192.168.1.1 # remote 1 ip route 0 192.168.1.0/24 1 1 B ADSL PPPoE PPP MTU/MSS PPPoE MTU=1454MSS=1414 # ether 1 1 vlan untag 2 # ether 1 2 vlan untag 3 # lan 0 vlan 2 # lan 1 ip address 192.168.2.1/24 3 # lan 1 vlan 3 # remote 0 name ISP # remote 0 mtu 1454 # remote 0 ap 0 name ISP # remote 0 ap 0 datalink bind vlan 2 # remote 0 ap 0 ppp auth send sir2 sir2 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip nat static 0 192.168.2.1 500 any 500 17 # remote 0 ip nat static 1 192.168.2.1 any any any 50 # remote 0 ip msschange 1414 # remote 1 name SIR # remote 1 ap 0 name SIR # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ike name local sir # remote 1 ap 0 ike shared key text sir # remote 1 ap 0 ike proposal 0 encrypt 3des-cbc # remote 1 ap 0 tunnel remote 10.1.1.1 # remote 1 ap 0 sessionwatch address 192.168.2.1 192.168.1.1 # remote 1 ip route 0 192.168.1.0/24 1 1 30

V2 C IPsec IPsec IPsec # show ip route all FP Destination/Mask Gateway Distance UpTime Interface *S 0.0.0.0/0 rmt0 0 00:01:03 rmt0 *L 10.1.1.1/32 10.1.1.1 0 00:03:49 rmt0 *C 192.168.1.0/24 192.168.1.1 0 00:03:49 lan1 *S 192.168.2.0/24 rmt1 0 00:01:03 rmt1 # D Pre-Shared Key IKE IKE HASH Phase 1 Pre-Shared Key Phase 1 IKE IPsec # ether 1 1 vlan untag 2 # ether 1 2 vlan untag 3 # lan 0 vlan 2 # lan 1 ip address 192.168.2.1/24 3 # lan 1 vlan 3 # remote 0 name ISP # remote 0 mtu 1454 # remote 0 ap 0 name ISP # remote 0 ap 0 datalink bind vlan 2 # remote 0 ap 0 ppp auth send sir2 sir2 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip nat static 0 192.168.2.1 500 any 500 17 # remote 0 ip nat static 1 192.168.2.1 any any any 50 # remote 0 ip msschange 1414 # remote 1 name SIR # remote 1 ap 0 name SIR # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ike name local sir # remote 1 ap 0 ike shared key text sir # remote 1 ap 0 ike proposal 0 encrypt 3des-cbc # remote 1 ap 0 tunnel remote 10.1.1.1 # remote 1 ap 0 sessionwatch address 192.168.2.1 192.168.1.1 # remote 1 ip route 0 192.168.1.0/24 1 1 31

V2 E IPsec/IKE IKE IPsec 192.168.1.0/24 # remote 0 ap 0 ipsec ike range 192.168.1.0/24 any4 F IKE phase 2 IPsec range IPsec IPsec SA A # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 B # remote 1 ap 0 ipsec ike range 192.168.2.0/24 any4 A # remote 1 ap 0 ipsec ike range 192.168.1.0/24 192.168.2.0/24 B # remote 1 ap 0 ipsec ike range 192.168.2.0/24 192.168.1.0/24 A # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 B # remote 1 ap 0 ipsec ike range any4 192.168.1.0/24 A # remote 1 ap 0 ipsec ike range any4 any4 B # remote 1 ap 0 ipsec ike range any4 any4 # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec ike protocol esp IPsec # remote 1 ap 0 ipsec ike range 192.168.2.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ipsec type ike 32

V2 G IPsec IP Aggressive Mode Initiator remote ap tunnel remote Responder remote ap tunnel local Main Mode remote ap tunnel localremote ap tunnel remote # remote 1 name SIR # remote 1 ap 0 name SIR # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ike name local sir # remote 1 ap 0 ike shared key text sir # remote 1 ap 0 ike proposal 0 encrypt 3des-cbc # remote 1 ap 0 tunnel remote 10.1.1.1 # remote 1 ap 0 sessionwatch address 192.168.2.1 192.168.1.1 # remote 1 ip route 0 192.168.1.0/24 1 1 H Main Mode Aggressive Mode Responder PPPoE IPsec IPsec NAT # ether 1 1 vlan untag 2 # ether 1 2 vlan untag 3 # lan 0 vlan 2 # lan 1 ip address 192.168.1.1/24 3 # lan 1 vlan 3 # remote 0 name ISP # remote 0 mtu 1454 # remote 0 ap 0 name ISP # remote 0 ap 0 datalink bind vlan 2 # remote 0 ap 0 ppp auth send sir sir # remote 0 ap 0 keep connect Main Mode remote 1 ap 0 tunnel local # remote 0 ip address local 10.1.1.1 # remote 0 ip route 0 192.168.2.1/32 1 0 # remote 0 ip msschange 1414 # remote 1 name SIR # remote 1 ap 0 name SIR # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt 3des-cbc 33

V2 # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text sir # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ipsec ike pfs modp768 # remote 1 ap 0 tunnel local 10.1.1.1 # remote 1 ap 0 tunnel remote 10.1.1.2 # remote 1 ap 0 sessionwatch address 192.168.1.1 192.168.2.1 # remote 1 ap 0 sessionwatch interval 10s 3m 5s # remote 1 ip route 0 192.168.2.0/24 1 1 # remote 1 ip msschange 1414 2.7 IEEE802.1X MAC AAA AAA VLAN VLAN RADIUS RADIUS RADIUS RADIUS IP RADIUS RADIUS RADIUS RADIUS RADIUS Supplicant RADIUS Supplicant VLAN ID VLAN ID VLAN ID VLAN ID ether 2 VLAN resource authenticated vlan 34

V2 IEEE802.1X dot1x usemacauth use ether dot1x useether macauth use Supplicant EAP-MD5 EAP-MD5 Supplicant EAP-MD5 IEEE802.1X show dot1x port Supplicant RADIUS Supplicant RADIUS Supplicant MAC RADIUS RADIUS EITHER/CHAP/PAP Supplicant Supplicant VLAN ID RADIUS AAA Supplicant VLAN ID Supplicant VLAN ether dot1x vid ether macauth vid VLAN ID Supplicant VLAN ID RADIUS AAA Supplicant VLAN ID Supplicant VLAN ID show dot1x portshow macauth portshow auth port 35

V2 2.8 SNMP SNMP SNMP SNMP IP SNMP SNMP IP SNMP IP IP SNMPv1 SNMPv2c SNMP SNMP SNMPv3 SNMP SNMP SNMP SNMPv3 SNMP SNMPv3 SNMP 36

V2 2.9 VRRP VRRP VRRP IP IP IP IP IP IP VRID VRID VRID VRRP IP IP IP IP IP IP IP IP IP IP IP ARP NSNeighbor Solicitation IP ARP NSNeighbor Solicitation off VRRP off VRRP off master master VRRP on VRRP VRRP 2.1.7 VRRP P.3 6 VRRP VRRP P.4 0 VRRP off VRRP off 37

V2 off on VRRP VRRP VRRP VRRP VRRP VRID VRRP VRID illegal packets VRID VRRP VRRP VRRP VRRP Authentication failed packetsauthentication type mismatch packets VRRP IP VRRP-AD VRRP-AD IP IPv6 Next Header 224.0.0.18 ff02::12 112 112 VRRP IP VRRP-AD VRRP VRRP VRRP TTL/HopLimit illegal packets VRRP VRRP HUB STP VRRP HUB STP VRRP HUB VRRP HUB VRRP VRRP VRRP-AD VRRP HUB VRRP HUB STP STP VRRP STP 38

V2 VRRP lan IP IP VRRP VRRP IP VRRP Virtual router IP address configuration mismatched packets IP IP ping IP icmp IP icmp lan vrrp group vaddr icmp accept IP VRRP IP ping VRRP IP telnet VRRP IP VRRP IP IP master master VRRP off on VRRP off - +1 VRRP master master 255 VRRP 1 VRRP VRRP LAN 39

V2 PPPoE VRRP VRRP VRRP vrrp action disable VRRP vrrp action enable VRRP VRRP Initialize:Disabled VRRP LAN LAN HUB Ether offline VRRP VRRP VRRP LAN VRRP VRRP LAN Ether VRRP VRRP VRRP VRRP VRRP diallockdialreject PPPoE VRRP offline PPPoE 40

V2 2.10 USB USB USB output.txt USB 2.7.3 P.5 4 USB Si-R G200 3.5 P.7 3 Si-R G100 3.5 P.6 1 2.11 WindowsTCP NetBIOS 137 139 IP 41

V2 3 3.1 terminal window telnet telnet terminal window Ctrl+αα Ctrl+α Ctrl+α ESC ESCCtrl+α HyperTerminal Ctrl+BCtrl+FCtrl+P Ctrl+N 42

V2 4 FTP Si-R G200 ftp put FTP Si-R G ether 2 1 192.168.1.1 4.1 FTP 1. FTP 4.2 ether 2 1 IP 192.168.1.1 LAN FTP 1. 2. FTP LAN HUB 10/100/1000BASE-T Si-R G200 P.11 Si-R G100 P.11 AutoMDI/MDI-X HUB 10/100/1000BASE-T 3. 43

V2 4. 5 10 5 1 CHECK 4.3 1. FTP 2.5.2 FTP P.45 put 2. CHECK CHECK 3. 44

V2 5 LAN SELECT ENTER 5.3 SELECT ENTER P.49 LAN 5.2 P.47 URL : http://fenics.fujitsu.com/products/manual/cable3/ 1.2 P.11 HyperTerminal Si-R G200 5.1 LAN ether 2 1 IP 192.168.1.1 LAN 1. 2. LAN HUB 10/100/1000BASE-T Si-R G200 P.11 Si-R G100 P.11 LAN Si-R G2002.5 P.40 Si-R G1002.4 P.30 AutoMDI/MDI-X HUB 10/100/1000BASE-T 45

V2 3. 4. 5 10 5 1 CHECK 1. telnet IP IP 192.168.1.1255.255.255.0 2. [Return] [Enter] 3. backup# 4. reset clear [Return] [Enter] backup# reset clear 5. CHECK 46

V2 5.2 1. 2. 3. RJ45 4. 5. 5 10 5 1 CHECK 47

V2 1. 2. Bit Bit Bit Bit 1 8 1 9600 3. ReturnEnter 4. 5. logon ReturnEnter 6. backup# 7. reset clear ReturnEnter >logon backup# reset clear > 8. CHECK 48

V2 5.3 SELECT ENTER LAN SELECT ENTER VPN PPPoE FUNC CHECK 1. POWER 2. SELECT 1 PPPoE VPN 3. SELECT 1 VPN PPPoE 4. ENTER PPPoE 5. 2. 4. 10 2. 49

V2 C CHECK...11 F FTP...43 H HyperTerminal...45 I ipconfig...13 L LAN...45 N NetBIOS...41 P POWER...11 PPPoE...16 R RIP...7 S SELECT...49 T telnet...13 W Windows NT 4.0...14...11... 45... 45... 8... 9... 44... 45... 7... 41... 15... 9... 13... 43 IP... 13... 6... 47...7 50

Si-R G P3NK-4472-09Z0 2016 7