MR1000　コマンド設定事例集

Similar documents

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

MR1000　Webリファレンス

インターネットVPN_IPoE_IPv6_fqdn

クラウド接続「Windows Azure」との接続

Si-R/Si-R brin シリーズ設定例

SR-Sシリーズセキュアスイッチ　コマンド設定事例集

FUJITSU Network SR-S　コマンド設定事例集

Si-R30コマンドリファレンス

技術情報：Si-R/Si-R brinシリーズ設定例「Oracle Cloud Infrastructure Classic」との接続

Si-R30取扱説明書

SRT/RTX/RT設定例集

FUJITSU Network Si-R Si-Rシリーズ　トラブルシューティング

FUJITSU Network Si-R Si-R Gシリーズトラブルシューティング

帯域を測ってみよう (適応型QoS/QoS連携/帯域検出機能)

Si-R180　ご利用にあたって

橡sirahasi.PDF

CS-SEIL-510/C コマンドリファレンス

JANOG14-コンバージェンスを重視したMPLSの美味しい使い方

All Rights Reserved. Copyright(c)1997 Internet Initiative Japan Inc. 1

SGX808 IPsec機能

FutureNet CS-SEILシリーズコマンドリファレンス ver.1.82対応版

Microsoft PowerPoint - Amazon VPCとのVPN接続.pptx

AirMac ネットワーク構成の手引き

橡2-TrafficEngineering(revise).PDF

AirMac ネットワーク for Windows

FUJITSU Network Si-R Si-Rシリーズ Si-R240B　ご利用にあたって

IIJ Technical WEEK SEILシリーズ開発動向:IPv6対応の現状と未来

RT107e 取扱説明書

FUJITSU Network Si-R Si-RシリーズSi-R220C　ご利用にあたって

ヤマハルーターのCLI:Command Line Interface

Teradici Corporation # Canada Way, Burnaby, BC V5G 4X8 Canada p f Teradici Corporation Teradi

SRX300 Line of Services Gateways for the Branch

橡3-MPLS-VPN.PDF

SRT100 コマンド設定運用説明書

Si-R30コマンドリファレンス

2001年12月VPN&ブロードバンドソリューションフォーラム

Win XP SP3 Japanese Ed. NCP IPSec client Hub L3 SW SRX100 Policy base VPN fe-0/0/0 vlan.0 Win 2003 SVR /

R70_Software_Manual_JP1.3

ヤマハルーターでつくるブロードバンド企業ネットワーク

TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2

IPSEC-VPN IPsec(Security Architecture for Internet Protocol) IP SA(Security Association, ) SA IKE IKE 1 1 ISAKMP SA( ) IKE 2 2 IPSec SA( 1 ) IPs

NATディスクリプタ機能

RT107eセミナー用資料

RT300i/RT140x/RT105i 取扱説明書

Si-R30Bコマンドリファレンス

RT300/140/105シリーズ取扱説明書

2008, 2009 TOSHIBA TEC CORPORATION All rights reserved

ネットワーク製品総合カタログ Vol.37 ルータ

ヤマハルーターファイアウォール機能～説明資料～

RT57i 困ったときは

宛先変更のトラブルシューティング

RTX830 取扱説明書

FW Migration Guide(ipsec2)

Soliton Net’Attest EPS + AR router series L2TP+IPsec RADIUS 設定例

FW Migration Guide(ipsec1)

2011 NTT Information Sharing Platform Laboratories

Microsoft Azure AR4050S, AR3050S, AR2050V 接続設定例

Amazon Web Services (AWS) - ARX640S 接続設定例

Microsoft PowerPoint - 情報システム pptx

CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編

RT58i 接続ガイド

ループ防止技術を使用して OSPFv3 を PE-CE プロトコルとして設定する

AMF Cloud ソリューション

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

Mac OS X Server QuickTime Streaming Server 5.0 の管理（バージョン 10.3 以降用）

CS-SEIL-510/C ユーザーズガイド Webインターフェイス編

VoIP Broadcasting System 2/2 IP Convergence Communication Solution IP paradigm Integration & Management VoIP IP VoIP VoIP IT < >

LSM-L3-24設定ガイド(初版)

Transcription:

V21 LAN 2005 1 2005 3 2 Microsoft Corporation OMRON Corporation 2004-2005 All Rights Reserved. 2

V21... 2... 6... 6... 6... 6 1... 7 1.1 LAN... 8 1.2 CATV... 10 1.3 LAN... 12 1.4 IPv4 IPv6... 14 1.5... 15 1.6 PPPoE... 17 1.7 LAN ISDN... 19 1.8 LAN... 21 1.9 LAN... 24 1.10 IPv6 LAN ISDN... 26 1.11 IPv6 LAN IPv6... 29 1.12 LAN IP-VPN... 33 1.12.1 ADSL IP-VPN... 34 1.12.2 IP-VPN... 37 1.13 NAT IP VPN... 41 1.14 NAT IP VPN... 47 1.15 NAT IP VPN... 53 2... 59 2.1 RIP IPv4... 62 2.1.1... 64 2.1.2... 65 2.1.3... 66 2.1.4... 67 2.1.5... 68 2.1.6... 69 2.2 RIP IPv6... 70 2.2.1... 72 2.2.2... 73 2.2.3... 74 2.2.4... 75 2.2.5... 76 2.2.6... 77 2.3 OSPFv2 IPv4... 78 2.3.1... 83 2.3.2... 87 2.4 OSPF IPv4... 92 2.4.1 OSPF LSA... 92 2.4.2 AS OSPF... 93 2.4.3 LSA... 94 3

V21 2.5 BGP IPv4... 95 2.5.1... 95 2.5.2 AS... 96 2.5.3 IP-VPN IP-VPN... 97 2.5.4... 98 2.6 MPLS... 100 2.6.1 MPLS LSP... 101 2.6.2 MPLS LSP... 104 2.7 MPLS 2VPN EoMPLS... 107 2.8 MPLS 3VPN BGP/MPLS VPN... 111 2.8.1 MPLS LAN... 112 2.8.2 MPLS... 116 2.9... 120 2.10... 121 2.10.1 PIM-DM... 121 2.10.2 PIM-SM... 125 2.11 VLAN... 131 2.12 IP... 133 2.12.1... 137 2.12.2... 141 2.12.3 SPI... 145 2.12.4 IPv6... 149 2.12.5... 153 2.12.6... 155 2.12.7... 156 2.12.8 ping... 157 2.13 IPsec... 159 2.13.1 IPv4 over IPv4 IP VPN... 161 2.13.2 IPv4 over IPv6 IP VPN... 165 2.13.3 IPv4 over IPv6 IP VPN... 168 2.13.4 IPv6 over IPv4 IP VPN... 172 2.13.5 IPv6 over IPv4 IP VPN... 176 2.13.6 IPv6 over IPv6 IP VPN... 180 2.13.7 IPv6 over IPv6 IP VPN... 184 2.13.8 IPv4 over IPv4 1 IKE IPsec VPN.188 2.13.9 IPsec... 192 2.14... 196 2.15 NAT... 198 2.15.1 LAN... 199 2.15.2 PPPoE... 200 2.15.3... 202 2.15.4 LAN... 204 2.15.5 NAT IPsec IPsec.205 2.16 VoIP NAT... 206 2.17 TOS/Traffic Class... 208 2.18 VLAN... 210 2.19... 211 2.19.1... 211 2.19.2... 212 2.20... 213 2.21 WFQ... 215 4

V21 2.22 DHCP... 217 2.22.1 DHCP... 218 2.22.2 DHCP... 220 2.22.3 DHCP... 222 2.22.4 DHCP... 223 2.22.5 IPv6 DHCP... 226 2.23 DNS ProxyDNS... 228 2.23.1 DNS... 228 2.23.2 DNS... 230 2.23.3 DNS... 231 2.23.4 DNS... 233 2.23.5 DNS... 234 2.24 URL URL... 235 2.25 SNMP... 237 2.26 ECMP... 239 2.27 VRRP... 244 2.27.1... 245 2.27.2... 248 2.28... 251 2.29... 252 2.29.1... 253 2.29.2... 253 2.30... 254 2.30.1... 254 2.30.2... 255 2.30.3... 256 2.31... 257 2.31.1... 258 2.31.2... 259 2.32 STP... 260 2.32.1 FNA STP... 260 2.32.2... 264 2.32.3 IP Ethernet over IP... 268 2.33 LAN HUB... 272 2.34 ISDN... 274 2.35 PIAFS... 276 2.36... 278 2.37... 282... 284 5

V21 CD-ROM README 1 2 Microsoft Windows Windows NT Microsoft Corporation Microsoft Windows 2000 Server Network operating system Microsoft Windows 2000 Professional operating system Windows 2000 NTT NTT ADSL NTT NTT 6

1 1 1.1 LAN..........................................................8 1.2 CATV......................................................10 1.3 LAN.......................................................12 1.4 IPv4 IPv6.......................................14 1.5....................................................15 1.6 PPPoE....................................................17 1.7 LAN ISDN.......................................................19 1.8 LAN.......................................................21 1.9 LAN...........................................24 1.10 IPv6 LAN ISDN..................................................26 1.11 IPv6 LAN IPv6............................................29 1.12 LAN IP-VPN........................................33 1.12.1 ADSL IP-VPN......................................34 1.12.2 IP-VPN..............................37 1.13 NAT IP VPN..................................41 1.14 NAT IP VPN....................................47 1.15 NAT IP VPN....................................53

V21 1 1.1 LAN LAN MR1000 5 P.42 LAN LAN0 IP DHCP NAT DHCP IP 1 5 LAN LAN1 IP / 192.168.1.1/24 DHCP IP 192.168.1.2 253 1 192.168.1.1 DNS 192.168.1.1 8 LAN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 IP LAN # delete lan 0 # lan 0 mode auto # lan 0 ip dhcp service client # lan 0 ip rip use off v1 0 off # lan 0 ip nat mode multi any 1 LAN # lan 1 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off # enable LAN DHCP DHCP LAN IP IP IP IP 2.22.2 DHCP P.220 IP MAC 9 LAN

V21 1 1.2 CATV CATV CATV CATV 2 CATV CATV CATV CATV CATV CATV LAN LAN CATV CATV CATV CATV LAN CATV LAN CATV LAN LAN IP MR1000 5 P.42 10 CATV

V21 1 CATV LAN0 IP 172.16.184.33 / 172.16.184.0/24 172.16.184.100 DNS 192.10.10.10 LAN IP 192.168.1.1 / 192.168.1.0/24 DHCP CATV CATV IP CATV # delete lan # lan 0 ip address 172.16.184.33/24 3 # lan 0 ip dhcp info time 1d # lan 0 ip route 0 default 172.16.184.100 1 0 # lan 0 ip rip use off v1 0 off # lan 0 ip nat mode multi any 1 5m LAN # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.10.10.10 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off ProxyDNS # proxydns domain 0 any * any static 192.10.10.10 # proxydns address 0 any static 192.10.10.10 # reset 11 CATV

V21 1 1.3 LAN LAN-B LAN-A MR1000 5 P.42 LAN-A LAN1 IP 192.168.1.1 / 192.168.1.0/24 DHCP NAT LAN-B LAN0 IP 192.168.0.1 / 192.168.0.0/24 DHCP RIP-V1 1 2 1 IP 192.168.0.5 2 IP 192.168.0.10 LAN-C / 192.168.2.0/24 NAT 12 LAN

V21 1 TIME 192.168.0.20 TIME SNTP TIME RFC868 SNTP Simple Network Time Protocol RFC1361 RFC1769 NTP Network Time Protocol IP LAN0 # lan 0 ip address 192.168.0.1/24 3 # lan 0 ip dhcp service off # lan 0 ip route 0 192.168.2.0/24 192.168.0.10 1 0 # lan 0 ip route 0 default 192.168.0.5 1 0 # lan 0 ip rip use v1 v1 0 off LAN1 # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off # time auto server 192.168.0.20 time # time auto interval start # enable 13 LAN

V21 1 1.4 IPv4 IPv6 IPv4 IPv6 LAN-A / 2001:db8:1111:1001::/64 LAN-B / 2001:db8:1111:1000::/64 LAN0 # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1000::/64 30d 7d c0 # lan 0 ip6 ra mode send # lan 0 ip6 rip use on on 0 # lan 0 ip6 rip site-local on LAN1 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:1001::/64 30d 7d c0 # lan 1 ip6 ra mode send # lan 1 ip6 rip use on on 0 # lan 1 ip6 rip site-local on # enable 14 IPv4 IPv6

V21 1 1.5 MR1000 5 P.42 ISDN OCN 128Kbps LAN0 LAN OCN DNS 192.10.10.10 OCN domain.ocn.ne.jp OCN IP IP / 172.16.184.32/29 172.16.184.33 172.16.184.38 172.16.184.39 LAN IP 172.16.184.33 internet 0 9 A Z a z < > & % MR1000 1.4 P.18 IP 15

V21 1 # wan 0 line hsd 128k IP # lan 0 ip address 172.16.184.33/29 3 DHCP # lan 0 ip dhcp info dns 192.10.10.10 # lan 0 ip dhcp info address 172.16.184.34/29 6 # lan 0 ip dhcp info gateway 172.16.184.33 # lan 0 ip dhcp info domain domain.ocn.ne.jp # lan 0 ip dhcp service server # remote 0 name internet # remote 0 ip route 0 default 1 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 ip dns 192.10.10.10 # reset 16

V21 1 1.6 PPPoE PPPoE ADSL MR1000 5 P.42 ID userid userpass LAN0 LAN IP 192.168.1.1 / 192.168.1.0/24 0 9 A Z a z < > & % MR1000 1.4 P.18 IP PPPoE MTU MTU 1454 PPPoE LAN lan mode lan mode lan LAN 17 PPPoE

V21 1 ADSL # delete lan 0 # lan 0 mode auto IP # lan 1 ip address 192.168.1.1/24 3 DHCP # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip dhcp service server # lan 1 ip nat mode off # remote 0 name internet # remote 0 mtu 1454 # remote 0 autodial enable # remote 0 ppp ipcp vjcomp disable # remote 0 ip route 0 default 1 # remote 0 ip rip use off off 0 off # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass ProxyDNS # proxydns domain 0 any * any to 0 # proxydns address 0 any to 0 # reset 18 PPPoE

V21 1 1.7 LAN ISDN ISDN 2 MR1000 5 P.42 ISDN ISDN 64Kbps intranet 1 IP / 192.168.1.1/24 03-7777-7777 ID tokyo tokyopass kawasaki kawapass IP / 192.168.2.1/24 044-999-9999 ID kawasaki kawapass tokyo tokyopass IP 19 LAN ISDN

V21 1 # wan 0 line isdn IP # lan 0 ip address 192.168.1.1/24 3 # remote 0 name intranet # remote 0 ip route 0 192.168.2.0/24 1 # remote 0 ap 0 name kawasaki # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 044-999-9999 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send tokyo tokyopass # remote 0 ap 0 ppp auth receive kawasaki kawapass # remote 0 ap 0 idle 1m # reset # wan 0 line isdn IP # lan 0 ip address 192.168.2.1/24 3 # remote 0 name intranet # remote 0 ip route 0 192.168.1.0/24 1 # remote 0 ap 0 name tokyo # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 03-7777-7777 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send kawasaki kawapass # remote 0 ap 0 ppp auth receive tokyo tokyopass # remote 0 ap 0 idle 1m # reset 20 LAN ISDN

V21 1 1.8 LAN 2 MR1000 5 P.42 ISDN BRI 128Mbps DHCP honsya honsya-1 / 192.168.1.0/24 LAN IP 192.168.1.1 DNS 192.168.1.2 IP 192.168.1.3 shisya1 shisya-1 / 192.168.2.0/24 LAN IP 192.168.2.1 DNS IP DHCP 21 LAN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 IP # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip route 0 default 192.168.1.3 1 # remote 0 name shisya1 # remote 0 ip route 0 192.168.2.1/24 1 # remote 0 ap 0 name shisya-1 # remote 0 ap 0 datalink bind wan 0 # reset 22 LAN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.2.1/24 3 # remote 0 name honsya # remote 0 ap 0 name honsya-1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ip route 0 default 1 # reset 1.5 P.15 DHCP DHCP 23 LAN

V21 1 1.9 LAN LAN MR1000 5 P.42 ISDN 128Kbps RIPv1 LAN IP / 10.100.87.3/24 1 center1 ap1 WAN IP 10.200.3.18 WAN IP 10.200.3.1 DLCI 16 CIR 64Kbps 2 center2 ap2 24 LAN

V21 1 WAN IP 10.200.103.18 WAN IP 10.200.103.1 DLCI 17 CIR 64Kbps IP # wan 0 line fr 128k LAN IP # lan 0 ip address 10.100.87.3/24 3 RIP # lan 0 ip rip use v1 v1 0 off 1 # remote 0 name center1 # remote 0 ip address local 10.200.3.18 # remote 0 ip address remote 10.200.3.1 # remote 0 ip rip use v1 v1 0 off # remote 0 ap 0 name ap1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 fr dlci 16 # remote 0 ap 0 fr cir 64 2 # remote 1 name center2 # remote 1 ip address local 10.200.103.18 # remote 1 ip address remote 10.200.103.1 # remote 1 ip rip use v1 v1 0 off # remote 1 ap 0 name ap2 # remote 1 ap 0 datalink bind wan 0 # remote 1 ap 0 fr dlci 17 # remote 1 ap 0 fr cir 64 # reset 25 LAN

V21 1 1.10 IPv6 LAN ISDN ISDN 2 IPv6 MR1000 5 P.42 ISDN ISDN 64Kbps IPv6 kaisya 1 / 2001:db8:1111:1000::/64 tokyo 03-7777-7777 ID tokyo tokyopass kawasaki kawapass / 2001:db8:1111:1001::/64 kawasaki 044-999-9999 ID kawasaki kawapass tokyo tokyopass 26 IPv6 LAN ISDN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 # wan 0 line isdn LAN # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1000::/64 30d 7d # lan 0 ip6 ra mode send # remote 0 name kaisya # remote 0 ap 0 name kawasaki # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 044-999-9999 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send tokyo tokyopass # remote 0 ap 0 ppp auth receive kawasaki kawapass # remote 0 ap 0 idle 1m # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1001::/64 1 # reset ISDN RIP IPv6 RIP IPv6 27 IPv6 LAN ISDN

V21 1 # wan 0 line isdn LAN # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1001::/64 30d 7d # lan 0 ip6 ra mode send # remote 0 name kaisya # remote 0 ap 0 name tokyo # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 03-7777-7777 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send kawasaki kawapass # remote 0 ap 0 ppp auth receive tokyo tokyopass # remote 0 ap 0 idle 1m # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1000::/64 1 # reset 28 IPv6 LAN ISDN

V21 1 1.11 IPv6 LAN IPv6 IPv4 2 IPv6 LAN0 IPv4 172.16.184.1 LAN1 IPv4 172.16.185.1 LAN1 IPv6 / 2001:db8:1111:10b9::/64 LAN0 IPv4 172.16.21.1 LAN1 IPv4 172.16.22.1 LAN1 IPv6 / 2001:db8:1111:1016::/64 IPv4 IPv6 0 9 A Z a z < > & % MR1000 1.4 P.18 IPv6 over IPv4 IPv4 MTU 1280 IP 29 IPv6 LAN IPv6

V21 1 IPv4 # lan 0 ip address 172.16.184.1/24 3 # lan 0 ip rip use v1 v1 0 # lan 0 ip dhcp service off # lan 0 ip nat mode off # lan 1 ip address 172.16.185.1/24 3 # lan 1 ip rip use v1 v1 0 # lan 1 ip dhcp service off # lan 1 ip nat mode off IPv6 # lan 1 ip6 use on # lan 1 ip6 ifid auto # lan 1 ip6 address 0 2001:db8:1111:10b9::/64 30d 7d c0 # lan 1 ip6 ra mode send IP # remote 0 name v6kawasa # remote 0 mtu 1280 # remote 0 ap 0 name tun-kawa # remote 0 ap 0 datalink type ip # remote 0 ap 0 tunnel local 172.16.184.1 # remote 0 ap 0 tunnel remote 172.16.21.1 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1016::/64 1 # reset 30 IPv6 LAN IPv6

V21 1 IPv4 # lan 0 ip address 172.16.21.1/24 3 # lan 0 ip rip use v1 v1 0 # lan 0 ip dhcp service off # lan 0 ip nat mode off # lan 1 ip address 172.16.22.1/24 3 # lan 1 ip rip use v1 v1 0 # lan 1 ip dhcp service off # lan 1 ip nat mode off IPv6 # lan 1 ip6 use on # lan 1 ip6 ifid auto # lan 1 ip6 address 0 2001:db8:1111:1016::/64 30d 7d c0 # lan 1 ip6 ra mode send IP # remote 0 name v6tokyo # remote 0 mtu 1280 # remote 0 ap 0 name tun-tkyo # remote 0 ap 0 datalink type ip # remote 0 ap 0 tunnel local 172.16.21.1 # remote 0 ap 0 tunnel remote 172.16.184.1 # remote 0 ip6 use on # remote 0 ip 6 route 0 2001:db8:1111:10b9::/64 1 # reset 31 IPv6 LAN IPv6

V21 1 NAT IPv6 over IPv4 IPv4 NAT IPv6 over IPv4 IPv6 IPv4 NAT IPv4 IPv6 over IPv4 NAT IP LAN IP IP remote ip address local IP PPP IP NAT GW IP IPv6 over IPv4 GW NAT IP IP IP IP GW IPv6 over IPv4 NAT 172.16.0.1 LAN 192.168.1.1 GW IP 172.31.0.1 IPv6 over IPv4 192.168.1.1 172.31.0.1 remote 0 ap 0 tunnel local 192.168.1.1 remote 0 ap 0 tunnel remote 172.31.0.1 NAT lan 0 ip nat static 0 192.168.1.1 any 172.16.0.1 any 41 GW 172.16.0.1 172.31.0.1 GW NAT remote 0 ap 0 tunnel local 172.31.0.1 remote 0 ap 0 tunnel remote 172.16.0.1 32 IPv6 LAN IPv6

V21 1 1.12 LAN IP-VPN BGP4 IP-VPN MR1000 5 P.42 0 9 A Z a z < > & % MR1000 1.4 P.18 NAT 4 BGP BGP MR1000 2.3 P.19 BGP BGP BGP BGP enable IP 33 LAN IP-VPN

V21 1 1.12.1 ADSL IP-VPN LAN0 ADSL IP-VPN IP 172.16.1.2 IP 172.16.2.2 IP 172.16.3.2 AS 1 IP-VPN LAN0 LAN0 IP 192.168.1.1 LAN0 / 192.168.1.0/24 LAN1 IP 10.10.10.1 LAN1 / 10.10.10.0/24 AS 65000 RIPv2 IP-VPN LAN0 LAN0 IP 192.168.2.1 LAN0 / 192.168.2.0/24 LAN1 IP 10.20.10.1 LAN1 / 10.20.10.0/24 AS 65001 34 LAN IP-VPN

V21 1 IP-VPN LAN0 LAN0 IP 192.168.3.1 LAN0 / 192.168.3.0/24 LAN1 IP 10.30.10.1 LAN1 / 10.30.10.0/24 AS 65002 LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.1.0/24 192.168.1.2 1 # lan 1 ip address 10.10.10.1/24 3 # lan 1 ip rip use v2m v2 0 off # routemanage ip redist rip bgp on # routemanage ip redist bgp rip on # bgp as 65000 # bgp network route 0 10.10.10.0/24 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset 35 LAN IP-VPN

V21 1 LAN # lan 0 ip address 192.168.2.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.2.0/24 192.168.2.2 1 # lan 1 ip address 10.20.10.1/24 3 # bgp as 65001 # bgp network route 0 10.20.10.0/24 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset LAN # lan 0 ip address 192.168.3.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.3.0/24 192.168.3.2 1 # lan 1 ip address 10.30.10.1/24 3 # bgp as 65002 # bgp network route 0 10.30.10.0/24 # bgp neighbor 0 address 172.16.3.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset 36 LAN IP-VPN

V21 1 1.12.2 IP-VPN ISDN IP-VPN IP 172.16.1.2 IP 172.16.2.2 IP 172.16.3.2 AS 1 LAN IP 192.168.1.1 LAN / 192.168.1.0/24 LAN / 192.168.11.0/24 LAN RIPv2 WAN IP 172.16.1.1 AS 65000 LAN IP 192.168.2.1 LAN / 192.168.2.0/24 WAN IP 172.16.2.1 AS 65001 LAN IP 192.168.3.1 LAN / 192.168.3.0/24 WAN IP 172.16.3.1 AS 65002 37 LAN IP-VPN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip rip use v2m v2 0 off # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.1.1 # remote 0 ip address remote 172.16.1.2 # routemanage ip redist rip bgp on # routemanage ip redist bgp rip on # bgp as 65000 # bgp network route 0 192.168.1.0/24 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # reset 38 LAN IP-VPN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.2.1/24 3 # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.2.1 # remote 0 ip address remote 172.16.2.2 # bgp as 65001 # bgp network route 0 192.168.2.0/24 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # reset # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.3.1/24 3 # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.3.1 # remote 0 ip address remote 172.16.3.2 # bgp as 65002 # bgp network route 0 192.168.3.0/24 # bgp neighbor 0 address 172.16.3.2 # bgp neighbor 0 as 1 # reset 39 LAN IP-VPN

V21 1 BGP4 BGP4 BGP WAN BGP BGP BGP BGP - BGP BGP - BGP BGP 40 LAN IP-VPN

V21 1 1.13 NAT IP VPN IPsec VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 IP 202.168.3.66/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.1.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 41 NAT IP VPN

V21 1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.3.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 42 NAT IP VPN

V21 1 A vpn-hon honsya IPsec/IKE 202.168.1.66-202.168.2.66 IPsec 192.168.1.0/24-any4 B vpn-hon honsya IPsec/IKE 202.168.3.66-202.168.2.66 IPsec 192.168.3.0/24-any4 vpn-shia shisyaa IPsec/IKE 202.168.2.66-202.168.1.66 IPsec any4-i192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66-202.168.3.66 IPsec any4-i192.168.3.0/24 A Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Main Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 43 NAT IP VPN

V21 1 DH IKE A VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 44 NAT IP VPN

V21 1 B VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.3.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 45 NAT IP VPN

V21 1 VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 202.168.1.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 tunnel remote 202.168.3.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 46 NAT IP VPN

V21 1 1.14 NAT IP VPN IPsec VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 IP 10.0.1.1/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 IP 202.168.3.66/24 IP 10.0.3.1/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.1.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 47 NAT IP VPN

V21 1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.3.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 48 NAT IP VPN

V21 1 A vpn-hon honsya IPsec/IKE 10.0.1.1-202.168.2.66 IPsec 192.168.1.0/24-any4 B vpn-hon honsya IPsec/IKE 10.0.3.1-202.168.2.66 IPsec 192.168.3.0/24-any4 vpn-shia shisyaa IPsec/IKE 202.168.2.66-10.0.1.1 IPsec any4-i192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66-10.0.3.1 IPsec any4-i192.168.3.0/24 A Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Main Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 49 NAT IP VPN

V21 1 DH IKE A IPsec/IKE # remote 0 ip nat static 0 202.168.1.66 500 10.0.1.1 500 17 # remote 0 ip nat static 1 202.168.1.66 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 50 NAT IP VPN

V21 1 B IPsec/IKE # remote 0 ip nat static 0 202.168.3.66 500 10.0.3.1 500 17 # remote 0 ip nat static 1 202.168.3.66 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.3.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 51 NAT IP VPN

V21 1 VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 10.0.1.1 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 tunnel remote 10.0.3.1 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 52 NAT IP VPN

V21 1 1.15 NAT IP VPN IP VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 53 NAT IP VPN

V21 1 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 A Initiator vpn-hon honsya IPsec/IKE A - 202.168.2.66 IPsec 192.168.1.0/24-any4 IKE UDP 500 192.168.1.1 ESP 192.168.1.1 B Initiator vpn-hon honsya IPsec/IKE B - 202.168.2.66 IPsec 192.168.3.0/24-any4 IKE UDP 500 192.168.3.1 54 NAT IP VPN

V21 1 ESP 192.168.3.1 vpn-shia shisyaa IPsec/IKE 202.168.2.66 - A IPsec any4-192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66 - B IPsec any4-192.168.3.0/24 A Aggressive Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE A ID ID shisyaa FQDN IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Aggressive Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE B ID ID shisyab FQDN IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 55 NAT IP VPN

V21 1 DH IKE ID Aggressive Mode ID VPN IP VPN IP IP IKE NAT A Initiator IPsec/IKE # remote 0 ip nat static 0 192.168.1.1 500 any 500 17 # remote 0 ip nat static 1 192.168.1.1 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisyaa # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 56 NAT IP VPN

V21 1 B Initiator IPsec/IKE # remote 0 ip nat static 0 192.168.3.1 500 any 500 17 # remote 0 ip nat static 1 192.168.3.1 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisyab # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 57 NAT IP VPN

V21 1 Responder VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode aggressive # remote 0 ap 0 ike name remote shisyaa # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name remote shisyab # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 58 NAT IP VPN

2 2 2.1 RIP IPv4.........................................................62 2.1.1...............................................64 2.1.2..................................65 2.1.3...............................................66 2.1.4..................................67 2.1.5...............................................68 2.1.6...............................................69 2.2 RIP IPv6.........................................................70 2.2.1...............................................72 2.2.2..................................73 2.2.3...............................................74 2.2.4..................................75 2.2.5...............................................76 2.2.6...............................................77 2.3 OSPFv2 IPv4.......................................78 2.3.1......................................................83 2.3.2..........................................................87 2.4 OSPF IPv4.......................................................92 2.4.1 OSPF LSA...........................92 2.4.2 AS OSPF...............................93 2.4.3 LSA..............................94 2.5 BGP IPv4........................................................95 2.5.1..............................................95 2.5.2 AS.......................................96 2.5.3 IP-VPN IP-VPN..........................97 2.5.4.................................................98 2.6 MPLS.......................................100 2.6.1 MPLS LSP.........101 2.6.2 MPLS LSP. 104 2.7 MPLS 2VPN EoMPLS....................................107 2.8 MPLS 3VPN BGP/MPLS VPN.............................111

2.8.1 MPLS LAN............................................112 2.8.2 MPLS...........................................116 2.9............................................................120 2.10..........................................................121 2.10.1 PIM-DM.........................................121 2.10.2 PIM-SM.........................................125 2.11 VLAN.................................................................131 2.12 IP........................................................133 2.12.1....................................137 2.12.2....................................141 2.12.3 SPI........................145 2.12.4 IPv6.................149 2.12.5....................................153 2.12.6................................................155 2.12.7...........................................156 2.12.8 ping.....................................157 2.13 IPsec..................................................................159 2.13.1 IPv4 over IPv4 IP VPN...........................161 2.13.2 IPv4 over IPv6 IP VPN...........................165 2.13.3 IPv4 over IPv6 IP VPN...........................168 2.13.4 IPv6 over IPv4 IP VPN...........................172 2.13.5 IPv6 over IPv4 IP VPN...........................176 2.13.6 IPv6 over IPv6 IP VPN...........................180 2.13.7 IPv6 over IPv6 IP VPN...........................184 2.13.8 IPv4 over IPv4 1 IKE IPsec VPN 188 2.13.9 IPsec...................................................192 2.14............................................................196 2.15 NAT............................................198 2.15.1 LAN.......................................199 2.15.2 PPPoE................................................200 2.15.3.........................................202 2.15.4 LAN.......204 2.15.5 NAT IPsec IPsec.205 2.16 VoIP NAT....................................................206 2.17 TOS/Traffic Class...............................................208 2.18 VLAN............................................210 2.19............................................................211 2.19.1..................................211 2.19.2...........................................212 2.20...................................................213 2.21 WFQ........................................................215 2.22 DHCP.................................................................217 2.22.1 DHCP......................................................218 2.22.2 DHCP................................................220 2.22.3 DHCP................................................222 2.22.4 DHCP...........................................223

2.22.5 IPv6 DHCP............................................226 2.23 DNS ProxyDNS..................................................228 2.23.1 DNS..................................228 2.23.2 DNS..................................230 2.23.3 DNS.......................................231 2.23.4 DNS.......................................233 2.23.5 DNS.......................................................234 2.24 URL URL..................................235 2.25 SNMP......................................................237 2.26 ECMP.................................................................239 2.27 VRRP.................................................................244 2.27.1..............................................245 2.27.2....................................................248 2.28.......................................................251 2.29.................................252 2.29.1.............................................253 2.29.2................................................253 2.30............................................................254 2.30.1.....................................................254 2.30.2.....................................................255 2.30.3.............................................256 2.31..................................................257 2.31.1.....................................................258 2.31.2.....................................................259 2.32 STP..........................................................260 2.32.1 FNA STP......................................260 2.32.2..............................................264 2.32.3 IP Ethernet over IP................268 2.33 LAN HUB.....................................272 2.34 ISDN.........................................274 2.35 PIAFS...................................................276 2.36..............................................278 2.37...............................282

V21 2 2.1 RIP IPv4 IP RIP IP 0 any 1 16 RIP IP IP IP IP 172.21.0.0/16 172.21.0.0/16 172.21.0.0/24 IP IP 172.21.0.0/16 172.21.0.0/24 172.21.10.0/24 RIPv1 lan 0 ip address 192.168.1.1/24 10.0.0.0 10.0.0.0/8 62 RIP IPv4

V21 2 2 A. B. A B RIP RIP RIP RIP 63 RIP IPv4

V21 2 2.1.1 # lan 0 ip rip filter 0 act pass out # lan 0 ip rip filter 0 route default # lan 0 ip rip filter 1 act reject out # lan 0 ip rip filter 1 route any # enable 64 RIP IPv4

V21 2 2.1.2 2 192.168.10.0/24 1 1 192.168.10.0/24 10 192.168.20.0/24 1 192.168.10.0/24 1 192.168.10.0/24 192.168.10.0/24 1 # lan 1 ip rip filter 0 act pass out # lan 1 ip rip filter 0 route 192.168.10.0/24 # lan 1 ip rip filter 0 set metric 1 # lan 1 ip rip filter 1 act pass out # lan 1 ip rip filter 1 route any # enable RIP 16 65 RIP IPv4

V21 2 2.1.3 # lan 0 ip rip filter 0 act pass in # lan 0 ip rip filter 0 route default # lan 0 ip rip filter 1 act reject in # lan 0 ip rip filter 1 route any # enable 66 RIP IPv4

V21 2 2.1.4 1 2 192.168.10.0/24 1 1 192.168.10.0/24 1 2 192.168.10.0/24 5 LAN0 192.168.10.0/24 1 # lan 0 ip rip filter 0 act pass in # lan 0 ip rip filter 0 route 192.168.10.0/24 # lan 0 ip rip filter 0 set metric 1 LAN0 # lan 0 ip rip filter 1 act pass in # lan 0 ip rip filter 1 route any lan1 192.168.10.0/24 5 # lan 1 ip rip filter 0 act pass in # lan 1 ip rip filter 0 route 192.168.10.0/24 # lan 1 ip rip filter 0 set metric 5 lan1 # lan 1 ip rip filter 1 act pass in # lan 1 ip rip filter 1 route any # enable 16 67 RIP IPv4

V21 2 2.1.5 10.20.30.0/24 10.20.30.0/24 10.20.30.0/24 # lan 0 ip rip filter 0 act reject out # lan 0 ip rip filter 0 route 10.20.30.0/24 # lan 0 ip rip filter 1 act pass out # lan 0 ip rip filter 1 route any # enable 68 RIP IPv4

V21 2 2.1.6 10.20.30.0/24 10.20.30.0/24 10.20.30.0/24 # lan 0 ip rip filter 0 act reject in # lan 0 ip rip filter 0 route 10.20.30.0/24 # lan 0 ip rip filter 1 act pass in # lan 0 ip rip filter 1 route any # enable 69 RIP IPv4

V21 2 2.2 RIP IPv6 RIP IPv6 0 any 1 16 RIP 2001:db8:1111::/32 2001:db8:1111::/32 2001:db8:1111::/64 2001:db8::/16 2001:db8::/32 2001:db8:1111::/32 70 RIP IPv6

V21 2 2 A. B. A B RIP RIP RIP RIP 71 RIP IPv6

V21 2 2.2.1 # lan 0 ip6 rip filter 0 act pass out # lan 0 ip6 rip filter 0 route default # lan 0 ip6 rip filter 1 act reject out # lan 0 ip6 rip filter 1 route any # enable 72 RIP IPv6

V21 2 2.2.2 2 2001:db8:1111::/64 1 1 2001:db8:1111::/64 10 2001:db8:2222::/64 1 2001:db8:1111::/64 1 2001:db8:1111::/64 2001:db8:1111::/64 1 # lan 1 ip6 rip filter 0 act pass out # lan 1 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 1 ip6 rip filter 0 set metric 1 # lan 1 ip6 rip filter 1 act pass out # lan 1 ip6 rip filter 1 route any # enable RIP 16 73 RIP IPv6

V21 2 2.2.3 # lan 0 ip6 rip filter 0 act pass in # lan 0 ip6 rip filter 0 route default # lan 0 ip6 rip filter 1 act reject in # lan 0 ip6 rip filter 1 route any # enable 74 RIP IPv6

V21 2 2.2.4 1 2 2001:db8:1111::/64 1 1 2001:db8:1111::/64 1 2 2001:db8:1111::/64 5 LAN0 2001:db8:1111::/64 1 # lan 0 ip6 rip filter 0 act pass in # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 set metric 1 LAN0 # lan 0 ip6 rip filter 1 act pass in # lan 0 ip6 rip filter 1 route any lan1 2001:db8:1111::/64 5 # lan 1 ip6 rip filter 0 act pass in # lan 1 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 1 ip6 rip filter 0 set metric 5 lan1 # lan 1 ip6 rip filter 1 act pass in # lan 1 ip6 rip filter 1 route any # enable 16 75 RIP IPv6

V21 2 2.2.5 2001:db8:1111::/64 2001:db8:1111::/64 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 act reject out # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 1 act pass out # lan 0 ip6 rip filter 1 route any # enable 76 RIP IPv6

V21 2 2.2.6 2001:db8:1111::/64 2001:db8:1111::/64 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 act reject in # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 1 act pass in # lan 0 ip6 rip filter 1 route any # enable 77 RIP IPv6

V21 2 2.3 OSPFv2 IPv4 OSPFv2 OSPF ID 0.0.0.0 ID 0.0.0.0 ID MR1000 2.5 OSPF P.33 NAT OSPF IP IP OSPF 50 2 Designated Router OSPF MTU OSPF OSPF LSA LSDB LSA LSA enable/reset 60 OSPF enable LSA MaxAge OSPF OSPF 30000 LSA 15Kbps 5 6 remote 78 OSPFv2 IPv4

V21 2 1 6 IP 1 6 NAT DHCP 5 6 ISDN 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 LAN1 0 0.0.0.1 10.20.0.0/16 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN0 1 LAN1 passive-interface 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN0 255 LAN1 passive-interface 4 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN1 passive-interface LAN0 1 5 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.0 remote0 OSPF ID 0.0.0.2 0.0.0.2 10.30.0.0/16 6 LAN0 OSPF 79 OSPFv2 IPv4

V21 2 remote0 OSPF LAN0 OSPF ID 0.0.0.2 remote0 OSPF ID 0.0.0.2 LAN0 passive-interface 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 # lan 1 ip ospf priority 0 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 range 0 10.20.0.0/16 # reset 2 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 1 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 80 OSPFv2 IPv4

V21 2 3 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 255 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 4 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 1 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 5 LAN # lan 0 ip ospf use on 0 # remote 0 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 range 0 10.30.0.0/16 # reset 81 OSPFv2 IPv4

V21 2 6 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf passive on # remote 0 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.2 # reset WAN WAN IP OSPF OSPF 82 OSPFv2 IPv4

V21 2 2.3.1 OSPF ID OSPF ID 4 5 remote 1 5 IP 1 5 NAT DHCP 4 5 ISDN 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 83 OSPFv2 IPv4

V21 2 LAN1 OSPF ID 0.0.0.1 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.2 OSPF ID 10.30.10.1 OSPF ID 10.40.10.1 4 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.2 remote0 OSPF ID 0.0.0.3 OSPF ID 10.40.10.1 OSPF ID 10.30.10.1 5 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.3 remote0 OSPF ID 0.0.0.3 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # reset 84 OSPFv2 IPv4

V21 2 2 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.1 # reset 3 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip id 10.30.10.1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 vlink 0 id 10.40.10.1 # reset 4 LAN # lan 0 ip ospf use on 0 5 # remote 0 ip ospf use on 1 OSPF # ospf ip id 10.40.10.1 # ospf ip area 0 id 0.0.0.2 # ospf ip area 0 vlink 0 id 10.30.10.1 # ospf ip area 1 id 0.0.0.3 # reset 85 OSPFv2 IPv4

V21 2 5 LAN # lan 0 ip ospf use on 0 4 # remote 0 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.3 # reset 86 OSPFv2 IPv4

V21 2 2.3.2 OSPF OSPF RIP BGP OSPF OSPF RIP BGP OSPF OSPF OSPF NSSA OSPF OSPF OSPF 5 6 remote IP-VPN 1 6 IP 1 6 NAT DHCP 5 6 ISDN 87 OSPFv2 IPv4

V21 2 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 ID 0.0.0.1 stub 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 ID 0.0.0.1 stub 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.2 ID 0.0.0.2 nssa 4 LAN0 OSPF LAN1 RIP V2,OSPF LAN0 OSPF ID 0.0.0.2 LAN1 passive-interface ID0.0.0.2 nssa OSPF RIP RIP OSPF 5 LAN0 OSPF remote0 BGP LAN0 OSPF ID 0.0.0.0 BGP OSPF BGP AS 65000 BGP IGP BGP 10.10.10.0/24 BGP 10.0.0.0/8 AS 20.10.0.0/16 6 BGP AS 65001 BGP IGP 88 OSPFv2 IPv4

V21 2 BGP 20.10.10.0/24 20.10.20.0/24 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 type stub # reset 2 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.1 # ospf ip area 0 type stub # reset 89 OSPFv2 IPv4

V21 2 3 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 type nssa # reset 4 LAN # lan 0 ip ospf use on 0 # lan 1 ip rip use v2m v2 0 off # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on # routemanage ip redist ospf rip on # routemanage ip redist rip ospf on OSPF # ospf ip area 0 id 0.0.0.2 # ospf ip area 0 type nssa # reset 90 OSPFv2 IPv4

V21 2 5 LAN # lan 0 ip ospf use on 0 # routemanage ip redist ospf bgp on BGP # bgp as 65000 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # bgp network igp on # bgp network route 0 10.10.10.0/24 # bgp aggregate 0 10.0.0.0/8 summary-only OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip summary 0 20.10.0.0/16 # reset 6 BGP # bgp as 65001 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # bgp network igp on # bgp network route 0 20.10.10.0/24 # bgp network route 1 20.10.20.0/24 # reset 91 OSPFv2 IPv4

V21 2 2.4 OSPF IPv4 LSA 2.4.1 OSPF LSA LSA LSA LAN0 OSPF LAN1 OSPF LAN0 ID 0.0.0.0 LAN1 ID 0.0.0.1 10.20.0.0/16 OSPF # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 range 0 10.20.0.0/16 # enable 92 OSPF IPv4

V21 2 2.4.2 AS OSPF AS OSPF AS AS AS OSPF AS LAN0 OSPF remote0 BGP LAN0 ID 0.0.0.0 20.10.0.0/16 OSPF # lan 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.0 OSPF AS # routemanage ip redist ospf bgp on # ospf ip summary 0 20.10.0.0/16 AS # ospf ip redist 0 pass 20.10.0.0/16 inexact # ospf ip redist 1 reject any # enable 93 OSPF IPv4

V21 2 2.4.3 LSA TYPE3 LSA 1 10.0.0.0/8 2 10.0.0.0/8 LAN0 OSPF remote0 OSPF LAN0 ID 0.0.0.0 remote0 ID 0.0.0.2 10.0.0.0/8 LSA OSPF # lan 0 ip ospf use on 0 # remote 0 ip ospf use on 1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 2 # ospf ip area 1 type3-lsa 0 reject 10.0.0.0/8 in exact # ospf ip area 1 type3-lsa 1 pass any in # enable 94 OSPF IPv4

V21 2 2.5 BGP IPv4 MR1000 2.4 BGP4 P.30 2.5.1 10.0.0.0/8 11.0.0.0/8 # bgp neighbor 0 filter 0 act pass in # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 1 act pass in # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 2 act reject in # bgp neighbor 0 filter 2 route any # enable 95 BGP IPv4

V21 2 2.5.2 AS AS4 # bgp neighbor 0 filter 0 act reject in # bgp neighbor 0 filter 0 as 4 # bgp neighbor 0 filter 1 act pass in # bgp neighbor 0 filter 1 route any # enable 96 BGP IPv4

V21 2 2.5.3 IP-VPN IP-VPN IP-VPN IP-VPN 1 IP-VPN 2 IP-VPN 2 IP-VPN 1 AS2 AS3 AS3 AS2 IP-VPN 1 # bgp neighbor 0 filter 0 act reject out # bgp neighbor 0 filter 0 as 3 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route any IP-VPN 2 # bgp neighbor 1 filter 0 act reject out # bgp neighbor 1 filter 0 as 2 # bgp neighbor 1 filter 1 act pass out # bgp neighbor 1 filter 1 route any # enable 97 BGP IPv4

V21 2 2.5.4 IP-VPN 2 OSPF AS1 IP-VPN AS2 10/8 1 11/8 2 MED AS1 OSPF BGP AS2 1 MED # bgp neighbor 0 filter 0 act pass out # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 0 set medmetric 0 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 1 set medmetric 10 # bgp neighbor 0 filter 2 act pass out # bgp neighbor 0 filter 2 route any BGP OSPF # routemanage ip redist bgp ospf on # enable 98 BGP IPv4

V21 2 2 MED # bgp neighbor 0 filter 0 act pass out # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 0 set medmetric 10 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 1 set medmetric 0 # bgp neighbor 0 filter 2 act pass out # bgp neighbor 0 filter 2 route any BGP OSPF # routemanage ip redist bgp ospf on # enable BGP/MPLS VPN BGP MED AS MED AS BGP enable 99 BGP IPv4

V21 2 2.6 MPLS MPLS LSP label Switching Path LSP MPLS LSP MPLS MPLS MPLS LSP LSR MPLS LSP MPLS LSP MPLS LSP IPv4 IPv6 MPLS LSP BGP/MPLS VPN LDP over LDP MPLS LSP MPLS MPLS LSP IPv6 2 IPv6 Explicit NULL MPLS TTL TTL MPLS LSP LSP LSP IP TOS NAT RIP OSPF MPLS LSP MPLS LSP MPLS LSP MPLS EXP MPLS LSP 100 MPLS

V21 2 2.6.1 MPLS LSP 1 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 1 2 EBGP 2 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 2 1 EBGP 1 LAN0 MPLS IP 10.1.101.2 MPLS LSR IP 10.1.101.1 LAN1 IP 192.168.101.1 IP 10.0.0.101 1 AS 101 2 AS 201 2 LAN0 MPLS IP 10.1.201.2 MPLS LSR IP 10.1.201.1 LAN1 IP 192.168.201.1 IP 10.0.0.201 2 AS 201 1 AS 101 101 MPLS

V21 2 1 MPLS # lan 0 ip address 10.1.101.2/24 3 # lan 0 mpls use on # mpls ip propagate-ttl off # mpls ldp router-id 10.1.101.2 # mpls ldp ip transport 10.1.101.2 # routemanage ip redist ldp connected off # routemanage ip redist ldp rip off # routemanage ip redist ldp ospf off MPLS # remote 0 name tokyo # remote 0 ap 0 name lsp1 # remote 0 ap 0 datalink type mpls # remote 0 ap 0 mpls to lan 0 # remote 0 ap 0 mpls nexthop 10.1.101.1 # remote 0 ap 0 tunnel local 10.1.101.2 # remote 0 ap 0 tunnel remote 10.1.201.2 # loopback ip address 10.0.0.101 LAN1 # lan 1 ip address 192.168.101.1/24 3 2 # bgp as 101 # bgp neighbor 0 address 10.0.0.201 # bgp neighbor 0 as 201 # bgp neighbor 0 enforce-multihop on # bgp neighbor 0 source 10.0.0.101 # bgp network igp on # bgp network route 0 192.168.101.0/24 # remote 0 ip route 0 10.0.0.201/32 # enable 102 MPLS

V21 2 2 MPLS # lan 0 ip address 10.1.201.2/24 3 # lan 0 mpls use on # mpls ip propagate-ttl off # mpls ldp router-id 10.1.201.2 # mpls ldp ip transport 10.1.201.2 # routemanage ip redist ldp connected off # routemanage ip redist ldp rip off # routemanage ip redist ldp ospf off MPLS # remote 0 name kawasaki # remote 0 ap 0 name lsp1 # remote 0 ap 0 datalink type mpls # remote 0 ap 0 mpls to lan 0 # remote 0 ap 0 mpls nexthop 10.1.201.1 # remote 0 ap 0 tunnel local 10.1.201.2 # remote 0 ap 0 tunnel remote 10.1.101.2 # loopback ip address 10.0.0.201 LAN1 # lan 1 ip address 192.168.201.1/24 3 1 # bgp as 201 # bgp neighbor 0 address 10.0.0.101 # bgp neighbor 0 as 101 # bgp neighbor 0 enforce-multihop on # bgp neighbor 0 source 10.0.0.201 # bgp network igp on # bgp network route 0 192.168.201.0/24 # remote 0 ip route 0 10.0.0.101/32 # enable 103 MPLS

V21 2 2.6.2 MPLS LSP 1 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 1 2 LSP OSPF MPLS LSP 5Mbps LSP 2 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 1 2 LSP OSPF MPLS LSP 5Mbps LSP 1 LAN0 MPLS IP 10.1.101.2 MPLS LSR IP 10.1.101.1 LAN1 IP 192.168.101.1 MPLS IP 10.0.0.101 MPLS IP 10.0.0.201 2 LAN0 MPLS IP 10.1.201.2 MPLS LSR IP 10.1.201.1 LAN1 IP 192.168.201.1 MPLS IP 10.0.0.101 MPLS IP 10.0.0.201 104 MPLS

V21 2 1 MPLS # lan 0 ip address 10.1.101.2/24 3 # lan 0 mpls use on # mpls ip propagate-ttl off # mpls ldp router-id 10.1.101.2 # mpls ldp ip transport 10.1.101.2 # routemanage ip redist ldp connected off # routemanage ip redist ldp rip off # routemanage ip redist ldp ospf off MPLS # remote 0 name tokyo # remote 0 ap 0 name lsp1 # remote 0 ap 0 datalink type mpls # remote 0 ap 0 mpls to lan 0 # remote 0 ap 0 mpls nexthop 10.1.101.1 # remote 0 ap 0 tunnel local 10.0.0.101 # remote 0 ap 0 tunnel remote 10.0.0.201 # remote 0 ip address local 10.0.0.101 # remote 0 ip address remote 10.0.0.201 MPLS # remote 0 shaping 5m on MPLS # remote 0 ap 0 sessionwatch 10.0.0.101 10.0.0.201 1s 1m 5s 1s 1 LAN1 # lan 1 ip address 192.168.101.1/24 3 2 # remote 0 ip ospf use on 0 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on # ospf ip area 0 id 0.0.0.0 # enable 105 MPLS

V21 2 2 MPLS # lan 0 ip address 10.1.201.2/24 3 # lan 0 mpls use on # mpls ip propagate-ttl off # mpls ldp router-id 10.1.201.2 # mpls ldp ip transport 10.1.201.2 # routemanage ip redist ldp connected off # routemanage ip redist ldp rip off # routemanage ip redist ldp ospf off MPLS # remote 0 name kawasaki # remote 0 ap 0 name lsp1 # remote 0 ap 0 datalink type mpls # remote 0 ap 0 mpls to lan 0 # remote 0 ap 0 mpls nexthop 10.1.201.1 # remote 0 ap 0 tunnel local 10.0.0.201 # remote 0 ap 0 tunnel remote 10.0.0.101 # remote 0 ip address local 10.0.0.201 # remote 0 ip address remote 10.0.0.101 MPLS # remote 0 shaping 5m on MPLS # remote 0 ap 0 sessionwatch 10.0.0.201 10.0.0.101 1s 1m 5s 1s 1 LAN1 # lan 1 ip address 192.168.201.1/24 3 1 # remote 0 ip ospf use on 0 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on # ospf ip area 0 id 0.0.0.0 # enable 106 MPLS

V21 2 2.7 MPLS 2VPN EoMPLS MPLS MR1000 2.7.1 MPLS 2VPN EoMPLS P.39 MPLS MPLS MPLS LSP 2VPN EoMPLS VC LSP MPLS VC LAN VLAN IP IPv6 MAC VRRP EoMPLS MAC STP Ethernet EoMPLS LAN STP Ethernet VLAN Tag VLAN VC LAN STP VLAN Tag 107 MPLS 2VPN EoMPLS

V21 2 1 LAN0 MPLS LAN1 LAN2 LAN MPLS LSR MPLS 2 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 3 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 1 LAN0 MPLS IP 10.1.104.2 IP 10.0.0.104 LAN1 VC 10 LAN2 VC 20 2 LAN0 MPLS IP 10.1.204.2 IP 10.0.0.204 LAN1 VC 10 3 LAN0 MPLS IP 10.1.214.2 IP 10.0.0.214 LAN1 VC 20 108 MPLS 2VPN EoMPLS

V21 2 1 MPLS # lan 0 ip address 10.1.104.2/24 3 # lan 0 ip route 0 10.0.0.204/32 10.1.104.1 1 0 # lan 0 ip route 1 10.0.0.214/32 10.1.104.1 1 0 # lan 0 mpls use on # mpls ldp ip transport 10.0.0.104 # mpls ldp router-id 10.0.0.104 # loopback ip address 10.0.0.104 # loopback mpls ldp interface-label on VC # lan 1 mpls l2-circuit vc 10 10.0.0.204 # lan 2 mpls l2-circuit vc 20 10.0.0.214 # enable 2 MPLS # lan 0 ip address 10.1.204.2/24 3 # lan 0 ip route 0 10.0.0.104/32 10.1.204.1 1 0 # lan 0 mpls use on # mpls ldp ip transport 10.0.0.204 # mpls ldp router-id 10.0.0.204 # loopback ip address 10.0.0.204 # loopback mpls ldp interface-label on VC # lan 1 mpls l2-circuit vc 10 10.0.0.104 # enable 109 MPLS 2VPN EoMPLS

V21 2 3 MPLS # lan 0 ip address 10.1.214.2/24 3 # lan 0 ip route 0 10.0.0.104/32 10.1.214.1 1 0 # lan 0 mpls use on # mpls ldp ip transport 10.0.0.214 # mpls ldp router-id 10.0.0.214 # loopback ip address 10.0.0.214 # loopback mpls ldp interface-label on VC # lan 1 mpls l2-circuit vc 20 10.0.0.104 # enable MPLS LSP REMOTE EoMPLS REMOTE MPLS LDP Multicast Hello 110 MPLS 2VPN EoMPLS

V21 2 2.8 MPLS 3VPN BGP/MPLS VPN MPLS MR1000 2.7.2 MPLS 3VPN BGP/MPLS VPN P.41 MPLS VPN MPLS VPN 1 2 BGP/MPLS VPN IPv4 IPv6 BGP 1 IP-VPN BGP BGP BGP BGP/MPLS VPN NAT LER BGP/MPLS VPN VPN EBGP OSPF RIP VPN VPN IP VPN MPLS RIP VPN RIP MPLS LER IP IP IP TOS VPN VPN IPsec WFQ IP VRRP VPN BGP/MPLS VPN LER MTU IP MTU VoIP IP BGP IP IP MPLS MPLS LDP BRI LDP LDP Hello 30 MPLS Ethernet 4 2 1526 Ethernet Ethernet 1518 1526 MPLS MTU 1500 1492 VPN MPLS IP 10.1.1.1/24 10.1.1.0/24 VPN VPN SNMP VPN BGP LSP 111 MPLS 3VPN BGP/MPLS VPN

V21 2 2.8.1 MPLS LAN 1 VLAN HUB VLAN ID VLAN ID : 2 10.10.10.0/24 VLAN ID : 3 10.20.10.0/24 LAN1 VLAN LAN LAN2 LAN3 VLAN LAN1 LAN0 IP 172.16.2.2 LAN2 IP 10.10.10.1 LAN3 IP 10.20.10.1 LAN0 3 NAT DHCP 2 VLAN HUB VLAN ID VLAN ID : 2 10.10.20.0/24 VLAN ID : 3 10.20.20.0/24 LAN1 VLAN LAN LAN2 LAN3 VLAN LAN1 LAN0 IP 172.16.1.2 LAN2 IP 10.10.20.1 LAN3 IP 10.20.20.1 LAN0 3 NAT DHCP MPLS BGP AS 10 RR IP 172.16.100.1 112 MPLS 3VPN BGP/MPLS VPN

V21 2 MPLS IPv4 OSPF VPN-A 10:1 10.10.10/24 10.10.20/24 10.10.21/24 VPN-B 10:2 10.20.10/24 10.20.20/24 10.20.21/24 1 IP 10.1.1.1 OSPF OSPF ID 0.0.0.1 LAN0 OSPF LAN0 OSPF ID 0.0.0.1 LAN2 VPN VPN-A LAN3 VPN VPN-B 2 IP 10.2.1.1 OSPF OSPF ID 0.0.0.2 LAN0 OSPF LAN0 OSPF ID 0.0.0.2 LAN2 VPN VPN-A LAN2 BGP/MPLS VPN IP 10.10.21.0/24 10.10.20.2 LAN3 VPN VPN-B LAN3 BGP/MPLS VPN IP 10.20.21.0/24 10.20.20.2 113 MPLS 3VPN BGP/MPLS VPN

V21 2 1 # loopback ip address 0 10.1.1.1 MPLS # lan 0 mpls use on # mpls ldp router-id 10.1.1.1 # mpls ldp ip transport 10.1.1.1 # lan 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.1 # loopback ip ospf use on 0 RR # bgp as 10 # bgp id 10.1.1.1 # bgp neighbor 0 address 172.16.100.1 # bgp neighbor 0 as 10 # bgp neighbor 0 family vpnv4 # bgp neighbor 0 source 10.1.1.1 VPN-A VRF0 # bgp vrf 0 rd 10 1 # routemanage ip redist bgp vrf 0 connected on VPN-B VRF1 # bgp vrf 1 rd 10 2 # routemanage ip redist bgp vrf 1 connected on LAN2 VPN-A VRF0 # lan 2 ip vrf use on 0 LAN3 VPN-B VRF1 # lan 3 ip vrf use on 1 # enable 114 MPLS 3VPN BGP/MPLS VPN

V21 2 2 # loopback ip address 0 10.2.1.1 MPLS # lan 0 mpls use on # mpls ldp router-id 10.2.1.1 # mpls ldp ip transport 10.2.1.1 # lan 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.2 # loopback ip ospf use on 0 RR # bgp as 10 # bgp id 10.2.1.1 # bgp neighbor 0 address 172.16.100.1 # bgp neighbor 0 as 10 # bgp neighbor 0 family vpnv4 # bgp neighbor 0 source 10.2.1.1 VPN-A VRF0 # bgp vrf 0 rd 10 1 # routemanage ip redist bgp vrf 0 static on # routemanage ip redist bgp vrf 0 connected on VPN-B VRF1 # bgp vrf 1 rd 10 2 # routemanage ip redist bgp vrf 1 static on # routemanage ip redist bgp vrf 1 connected on LAN2 VPN-A VRF0 # lan 2 ip vrf use on 0 # lan 2 ip vrf route 0 10.10.21.0/24 10.10.20.2 LAN3 VPN-B VRF1 # lan 3 ip vrf use on 1 # lan 3 ip vrf route 0 10.20.21.0/24 10.20.20.2 # enable 115 MPLS 3VPN BGP/MPLS VPN

V21 2 2.8.2 MPLS IP NAT DHCP MPLS BGP AS 10 RR IP 172.16.100.1 MPLS IPv4 OSPF VPN-A 10:1 10.10.10/24 10.10.20/24 10.10.21/24 VPN-B 10:2 10.20.10/24 10.20.20/24 10.20.21/24 116 MPLS 3VPN BGP/MPLS VPN

V21 2 1 IP 10.1.1.1 OSPF OSPF ID 0.0.0.1 rmt0 OSPF rmt0 OSPF ID 0.0.0.1 LAN0 VPN VPN-A LAN1 VPN VPN-B 2 IP 10.2.1.1 OSPF OSPF ID 0.0.0.2 rmt0 OSPF rmt0 OSPF ID 0.0.0.2 LAN0 VPN VPN-A LAN0 BGP/MPLS VPN IP 10.10.21.0/24 10.10.20.2 LAN1 VPN VPN-B LAN1 BGP/MPLS VPN IP 10.20.21.0/24 10.20.20.2 117 MPLS 3VPN BGP/MPLS VPN

V21 2 1 # loopback ip address 0 10.1.1.1 MPLS # remote 0 mpls use on # mpls ldp router-id 10.1.1.1 # mpls ldp ip transport 10.1.1.1 # remote 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.1 # loopback ip ospf use on 0 RR # bgp as 10 # bgp id 10.1.1.1 # bgp neighbor 0 address 172.16.100.1 # bgp neighbor 0 as 10 # bgp neighbor 0 family vpnv4 # bgp neighbor 0 source 10.1.1.1 VPN-A VRF0 # bgp vrf 0 rd 10 1 # routemanage ip redist bgp vrf 0 connected on VPN-B VRF1 # bgp vrf 1 rd 10 2 # routemanage ip redist bgp vrf 1 connected on LAN0 VPN-A VRF0 # lan 0 ip vrf use on 0 # lan 0 ip address 10.10.10.1/24 3 LAN1 VPN-B VRF1 # lan 1 ip vrf use on 1 # lan 1 ip address 10.20.10.1/24 3 # enable 118 MPLS 3VPN BGP/MPLS VPN

V21 2 2 # loopback ip address 0 10.2.1.1 MPLS # remote 0 mpls use on # mpls ldp router-id 10.2.1.1 # mpls ldp ip transport 10.2.1.1 # remote 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.2 # loopback ip ospf use on 0 RR # bgp as 10 # bgp id 10.2.1.1 # bgp neighbor 0 address 172.16.100.1 # bgp neighbor 0 as 10 # bgp neighbor 0 family vpnv4 # bgp neighbor 0 source 10.2.1.1 VPN-A VRF0 # bgp vrf 0 rd 10 1 # routemanage ip redist bgp vrf 0 static on # routemanage ip redist bgp vrf 0 connected on VPN-B VRF1 # bgp vrf 1 rd 10 2 # routemanage ip redist bgp vrf 1 static on # routemanage ip redist bgp vrf 1 connected on LAN0 VPN-A VRF0 # lan 0 ip vrf use on 0 # lan 0 ip address 10.10.20.1/24 3 # lan 0 ip vrf route 0 10.10.21.0/24 10.10.20.2 LAN1 VPN-B VRF1 # lan 1 ip vrf use on 1 # lan 1 ip address 10.20.20.1/24 3 # lan 1 ip vrf route 0 10.20.21.0/24 10.20.20.2 # enable BRI ISDN HSD LAN FR MPLS BGP OSPF RIP BGP/MPLS VPN 119 MPLS 3VPN BGP/MPLS VPN

V21 2 2.9 ISDN B 64Kbps 2 128Kbps BAP/ BACP MR1000 2.8 P.44 ISDN 0 remote 0 0 remote 0 ISDN 2 90% 60 40% 10 MP # remote 0 ap 0 ppp mp use on 2 # remote 0 ppp mp start 2 # remote 0 ppp mp traffic use on # remote 0 ppp mp traffic increase 90 60s # remote 0 ppp mp traffic decrease 40 10s # remote 0 ppp mp order on # enable 120

V21 2 2.10 2 PIM-DM PIM-SM MR1000 2.9 P.45 2.10.1 PIM-DM PIM-DM LAN PIM-DM IP IP IP 121

V21 2 PIM-DM VLAN HUB VLAN ID VLAN ID 2 192.168.2.0/24 VLAN ID 3 192.168.3.0/24 PIM-DM 1 LAN1 LAN2 LAN3 LAN0 VLAN LAN LAN2 LAN3 VLAN LAN0 RIP LAN1 IP 192.168.1.1/24 LAN2 IP 192.168.2.1/24 LAN3 IP 192.168.3.1/24 2 LAN1 LAN2 LAN0 VLAN LAN LAN2 VLAN LAN0 RIP LAN1 IP 192.168.4.1/24 LAN2 IP 192.168.2.2/24 3 LAN1 LAN2 LAN0 VLAN LAN LAN2 VLAN LAN0 RIP LAN1 IP 192.168.5.1/24 LAN2 IP 192.168.3.2/24 122

V21 2 1 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.1.0/24 # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip multicast mode pimdm 192.168.2.0/24 # lan 2 ip address 192.168.2.1/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimdm # lan 2 vlan bind 0 # lan 2 vlan tag vid 2 192.168.3.0/24 # lan 3 ip address 192.168.3.1/24 3 # lan 3 ip rip use v2 v2 0 on # lan 3 ip multicast mode pimdm # lan 3 vlan bind 0 # lan 3 vlan tag vid 3 # enable 2 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.4.0/24 # lan 1 ip address 192.168.4.1/24 3 # lan 1 ip multicast mode pimdm 192.168.2.0/24 # lan 2 ip address 192.168.2.2/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimdm # lan 2 vlan bind 0 # lan 2 vlan tag vid 2 # enable 123

V21 2 3 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.5.0/24 # lan 1 ip address 192.168.5.1/24 3 # lan 1 ip multicast mode pimdm 192.168.3.0/24 # lan 2 ip address 192.168.3.2/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimdm # lan 2 vlan bind 0 # lan 2 vlan tag vid 3 # enable 124

V21 2 2.10.2 PIM-SM PIM-SM PIM-SM IP IP IP BSR Bootstrap Router 1 BSR RP Rendezvous Point RP 1 RP SPT Shortest Path Tree PIM-SM RP RP SPT lasthop router lasthop router SPT 125

V21 2 PIM-SM VLAN RP 2 1 2 3 4 1 2 2 4 4 SPT 1 3 4 1 5 VLAN ID VLAN ID 2 192.168.2.0/24 VLAN ID 3 192.168.3.0/24 VLAN ID : 11 192.168.11.0/24 VLAN ID : 12 192.168.12.0/24 VLAN ID : 13 192.168.13.0/24 PIM-SM RIP RP 2 192.168.12.2 BSR 2 192.168.12.2 SPT 1 LAN1 LAN2 LAN3 LAN0 VLAN LAN LAN2 LAN3 VLAN LAN0 LAN1 IP 192.168.10.1/24 LAN2 IP 192.168.11.1/24 LAN3 IP 192.168.12.1/24 2 LAN1 LAN2 LAN0 VLAN LAN LAN1 LAN2 VLAN LAN0 LAN1 IP 192.168.12.2/24 LAN2 IP 192.168.13.1/24 RP 192.168.12.2 BSR 192.168.12.2 3 LAN2 LAN3 LAN4 LAN5 LAN0 LAN1 VLAN LAN LAN2 LAN3 VLAN LAN0 LAN4 LAN5 VLAN LAN1 LAN2 IP 192.168.11.2/24 LAN3 IP 192.168.13.2/24 LAN4 IP 192.168.2.1/24 LAN5 IP 192.168.3.1/24 126

V21 2 4 LAN1 LAN2 LAN0 VLAN LAN LAN2 VLAN LAN0 LAN1 IP 192.168.4.1/24 LAN2 IP 192.168.2.2/24 5 LAN1 LAN2 LAN0 VLAN LAN LAN2 VLAN LAN0 LAN1 IP 192.168.5.1/24 LAN2 IP 192.168.3.2/24 1 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.10.0/24 # lan 1 ip address 192.168.10.1/24 3 # lan 1 ip multicast mode pimsm 192.168.11.0/24 # lan 2 ip address 192.168.11.1/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimsm # lan 2 vlan bind 0 # lan 2 vlan tag vid 11 192.168.12.0/24 # lan 3 ip address 192.168.12.1/24 3 # lan 3 ip rip use v2 v2 0 on # lan 3 ip multicast mode pimsm # lan 3 vlan bind 0 # lan 3 vlan tag vid 12 # enable 127

V21 2 2 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.12.0/24 # lan 1 ip address 192.168.12.2/24 3 # lan 1 ip rip use v2 v2 0 on # lan 1 ip multicast mode pimsm # lan 1 vlan bind 0 # lan 1 vlan tag vid 12 192.168.13.0/24 # lan 2 ip address 192.168.13.1/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimsm # lan 2 vlan bind 0 # lan 2 vlan tag vid 13 # multicast ip pimsm candrp mode on # multicast ip pimsm candrp address 192.168.12.2 # multicast ip pimsm candbsr mode on # multicast ip pimsm candbsr address 192.168.12.2 # enable 128

V21 2 3 LAN0 LAN1 # delete lan 0 LAN 0 LAN 1 # lan 0 mode auto # lan 1 mode auto 192.168.11.0/24 # lan 2 ip address 192.168.11.2/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimsm # lan 2 vlan bind 0 # lan 2 vlan tag vid 11 192.168.13.0/24 # lan 3 ip address 192.168.13.2/24 3 # lan 3 ip rip use v2 v2 0 on # lan 3 ip multicast mode pimsm # lan 3 vlan bind 0 # lan 3 vlan tag vid 13 192.168.2.0/24 # lan 4 ip address 192.168.2.1/24 3 # lan 4 ip rip use v2 v2 0 on # lan 4 ip multicast mode pimsm # lan 4 vlan bind 1 # lan 4 vlan tag vid 2 192.168.2.0/24 # lan 5 ip address 192.168.3.1/24 3 # lan 5 ip rip use v2 v2 0 on # lan 5 ip multicast mode pimsm # lan 5 vlan bind 1 # lan 5 vlan tag vid 3 # enable 129

V21 2 4 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.4.0/24 # lan 1 ip address 192.168.4.1/24 3 # lan 1 ip multicast mode pimsm 192.168.2.0/24 # lan 2 ip address 192.168.2.2/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimsm # lan 2 vlan bind 0 # lan 2 vlan tag vid 2 # enable 5 LAN0 # delete lan 0 LAN 0 # lan 0 mode auto 192.168.5.0/24 # lan 1 ip address 192.168.5.1/24 3 # lan 1 ip multicast mode pimsm 192.168.3.0/24 # lan 2 ip address 192.168.3.2/24 3 # lan 2 ip rip use v2 v2 0 on # lan 2 ip multicast mode pimsm # lan 2 vlan bind 0 # lan 2 vlan tag vid 3 # enable 130

V21 2 2.11 VLAN VLAN 1 3 MR1000 2.10 VLAN P.48 LAN0 VLAN ID 2 3 4 VLAN HUB VLAN ID VLAN ID 2 192.168.20.0/24 VLAN ID 3 192.168.30.0/24 VLAN ID 4 192.168.40.0/24 131 VLAN

V21 2 LAN0 # delete lan # lan 0 mode auto VLAN ID 2 # lan 1 ip address 192.168.20.1/24 3 # lan 1 ip rip use v1 v1 0 off # lan 1 vlan bind 0 # lan 1 vlan tag vid 2 VLAN ID 3 # lan 2 ip address 192.168.30.1/24 3 # lan 2 ip rip use v1 v1 0 off # lan 2 vlan bind 0 # lan 2 vlan tag vid 3 VLAN ID 4 # lan 3 ip address 192.168.40.1/24 3 # lan 3 ip rip use v1 v1 0 off # lan 3 vlan bind 0 # lan 3 vlan tag vid 4 # reset VLAN Ethernet 4 VLAN 1522 Ethernet Ethernet 1518 1522 1522 VLAN MTU 1496 VLAN WFQ VLAN VLAN VLAN VLAN ID VLAN HUB VLAN LAN VLAN HUB VLAN VLAN PC arp arp enable VLAN LAN lan mode lan mode LAN LAN 132 VLAN

V21 2 2.12 IP MR1000 2.11 IP P.49 IP IP IP IP TCP TOS 133 IP

V21 2 TCP TCP TCP TCP TCP TCP SYN ACK 2 TCP SYN ACK TCP 1 0 1 1 0 1 SYN 1 ACK 0 TCP IP IP TCP/IP telnet 23 IP IP IP IP IP 134 IP

V21 2 IP IP reverse IP IP IP NAT NAT IP NAT IP LAN LAN IP LAN LAN IP IP IP 135 IP

V21 2 IP IP 2 A. B. A SPI IPv6 B TCP TCP IP WWW 80 WWW IP DHCP 67 68 DHCP IP PPPoE remote IP reverse - IP IP - 136 IP

V21 2 2.12.1 LAN LAN LAN FTP WWW FTP DNS ftp DNS DNS DNS ftp DNS FTP DNS DNS ftp-data LAN 192.168.1.0/24 LAN FTP LAN 192.168.1.0/24 LAN DNS ICMP ICMP IP ICMP ICMP 137 IP

V21 2 FTP 1 192.168.1.0/24 FTP 21 ftp TCP 2 1 DNS 1 192.168.1.0/24 DNS 53 domain UDP 2 1 ICMP 1 ICMP 1 FTP 21 TCP # lan 0 ip filter 0 pass 192.168.1.0/24 any any 21 6 yes any any FTP # lan 0 ip filter 1 pass any 21 192.168.1.0/24 any 6 no any any DNS 53 UDP # lan 0 ip filter 2 pass 192.168.1.0/24 any 192.168.0.10/32 53 17 yes any any DNS # lan 0 ip filter 3 pass 192.168.0.10/32 53 192.168.1.0/24 any 17 yes any any ICMP # lan 0 ip filter 4 pass any any any any 1 yes any any # lan 0 ip filter 5 reject any any any any 0 yes any any # enable 138 IP

V21 2 LAN FTP WWW FTP DNS ftp DNS DNS DNS ftp DNS FTP DNS DNS ftp-data LAN 192.168.1.0/24 FTP LAN 192.168.1.0/24 WAN DNS ICMP ICMP IP ICMP ICMP 139 IP

V21 2 FTP 1 192.168.1.0/24 FTP 21 ftp TCP 2 1 DNS 1 192.168.1.0/24 DNS 53 domain UDP 2 1 ICMP 1 ICMP 1 FTP 21 TCP # remote 0 ip filter 0 pass 192.168.1.0/24 any any 21 6 yes any any FTP # remote 0 ip filter 1 pass any 21 192.168.1.0/24 any 6 no any any DNS 53 UDP # remote 0 ip filter 2 pass 192.168.1.0/24 any any 53 17 yes any any DNS # remote 0 ip filter 3 pass any 53 192.168.1.0/24 any 17 yes any any ICMP # remote 0 ip filter 4 pass any any any any 1 yes any any # remote 0 ip filter 5 reject any any any any 0 yes any any # enable 140 IP

V21 2 2.12.2 LAN LAN FTP DNS ftp DNS DNS DNS ftp DNS ftp DNS DNS ftp-data LAN 192.168.1.5/32 FTP LAN DNS ICMP ICMP IP ICMP ICMP 141 IP

V21 2 LAN FTP 1 192.168.1.5/32 21 ftp TCP 2 1 DNS 1 192.168.0.0/24 DNS 53 domain UDP 2 1 ICMP 1 ICMP 1 LAN 21 TCP # lan 0 ip filter 0 pass 192.168.0.0/24 any 192.168.1.5/32 21 6 yes any any LAN # lan 0 ip filter 1 pass 192.168.1.5/32 21 192.168.0.0/24 any 6 no any any DNS 53 UDP # lan 0 ip filter 2 pass 192.168.0.0/24 any 192.168.1.10/32 53 17 yes any any DNS # lan 0 ip filter 3 pass 192.168.1.10/32 53 192.168.0.0/24 any 17 yes any any ICMP # lan 0 ip filter 4 pass any any any any 1 yes any any # lan 0 ip filter 5 reject any any any any 0 yes any any # enable 142 IP

V21 2 LAN WWW LAN LAN WWW LAN 192.168.1.2/32 WWW LAN 192.168.1.3/32 WWW LAN 192.168.1.0/24 WAN DNS ICMP ICMP IP ICMP ICMP LAN WWW 1 192.168.1.2/32 80 www-http 2 1 WWW 1 192.168.1.3/32 WWW 80 www-http 2 1 DNS 1 192.168.1.0/24 DNS 53 domain UDP 2 1 ICMP 1 ICMP 1 143 IP

V21 2 LAN 80 # remote 0 ip filter 0 pass any any 192.168.1.2/32 80 6 yes any any LAN # remote 0 ip filter 1 pass 192.168.1.2/32 80 any any 6 yes any any WWW 80 # remote 0 ip filter 2 pass 192.168.1.3/32 any any 80 6 yes any any WWW # remote 0 ip filter 3 pass any 80 192.168.1.3/32 any 6 yes any any DNS 53 UDP # remote 0 ip filter 4 pass 192.168.1.0/24 any any 53 17 yes any any DNS # remote 0 ip filter 5 pass any 53 192.168.1.0/24 any 17 yes any any ICMP # remote 0 ip filter 6 pass any any any any 1 yes any any # remote 0 ip filter 7 reject any any any any 0 yes any any # enable 144 IP

V21 2 2.12.3 SPI LAN LAN SPI FTP DNS ftp DNS DNS DNS ftp DNS ftp DNS DNS ftp-data LAN 192.168.1.5/32 FTP LAN DNS ICMP LAN ICMP IP ICMP ICMP 145 IP

V21 2 LAN FTP 1 192.168.1.5/32 21 ftp TCP 2 1 DNS 1 192.168.0.0/24 DNS 53 domain UDP 2 1 ICMP 1 ICMP LAN 1 SPI IP LAN 21 TCP # lan 0 ip filter 0 pass 192.168.0.0/24 any 192.168.1.5/32 21 6 yes any any LAN # lan 0 ip filter 1 pass 192.168.1.5/32 21 192.168.0.0/24 any 6 no any any DNS 53 UDP # lan 0 ip filter 2 pass 192.168.0.0/24 any 192.168.1.10/32 53 17 yes DNS # lan 0 ip filter 3 pass 192.168.1.10/32 53 192.168.0.0/24 any 17 yes ICMP # lan 0 ip filter 4 pass any any any any 1 yes SPI IP # lan 0 ip filter default spi # enable 146 IP

V21 2 LAN WWW LAN LAN SPI IP LAN 192.168.1.2/32 WWW ICMP LAN ICMP IP ICMP ICMP LAN WWW 1 192.168.1.2/32 80 www-http TCP 2 (1) ICMP 1 ICMP LAN 1 SPI IP 147 IP

V21 2 LAN 80 # remote 0 ip filter 0 pass any any 192.168.1.2/32 80 6 yes any any LAN # remote 0 ip filter 1 pass 192.168.1.2/32 80 any any 6 no any any ICMP # remote 0 ip filter 2 pass any any any any 1 yes SPI IP # remote 0 ip filter default spi # enable 148 IP

V21 2 2.12.4 IPv6 LAN IPv6 LAN LAN FTP WWW FTP DNS ftp DNS DNS DNS ftp DNS ftp-data LAN 2001:db8:1111:1000::/64 FTP LAN 2001:db8:1111:1000::/64 LAN DNS ICMPv6 ICMPv6 IPv6 ICMPv6 ICMPv6 149 IP

V21 2 FTP 1 2001:db8:1111:1000::/64 21 ftp TCP 2 1 DNS 1 2001:db8:1111:1000::/64 DNS 53 domain UDP 2 1 ICMPv6 1 ICMPv6 1 FTP 21 TCP # lan 0 ip6 filter 0 pass 2001:db8:1111:1000::/64 any any 21 6 yes any any any any FTP # lan 0 ip6 filter 1 pass any 21 2001:db8:1111:1000::/64 any 6 no any any any any DNS 53 UDP # lan 0 ip6 filter 2 pass 2001:db8:1111:1000::/64 any any 53 17 yes any any any any DNS # lan 0 ip6 filter 3 pass any 53 2001:db8:1111:1000::/64 any 17 yes any any any any ICMPv6 # lan 0 ip6 filter 4 pass any any any any 58 yes any any any any # lan 0 ip6 filter 5 reject any any any any any yes any any any any # enable 150 IP

V21 2 IPv6 LAN FTP WWW FTP DNS ftp DNS DNS DNS ftp DNS ftp-data LAN 2001:db8:1111:1000::/64 FTP LAN 2001:db8:1111:1000::/64 WAN DNS ICMPv6 ICMPv6 IPv6 ICMPv6 ICMPv6 151 IP

V21 2 FTP 1 2001:db8:1111:1000::/64 FTP 21 ftp TCP 2 1 DNS 1 2001:db8:1111:1000::/64 DNS 53 domain UDP 2 1 ICMPv6 1 ICMPv6 1 FTP 21 TCP # remote 0 ip6 filter 0 pass 2001:db8:1111:1000::/64 any any 21 6 yes any any any any FTP # remote 0 ip6 filter 1 pass any 21 2001:db8:1111:1000::/64 any 6 yes any any any any DNS 53 UDP # remote 0 ip6 filter 2 pass 2001:db8:1111:1000::/64 any any 53 17 yes any any any any DNS # remote 0 ip6 filter 3 pass any 53 2001:db8:1111:1000::/64 any 17 yes any any any any ICMPv6 # remote 0 ip6 filter 4 pass any any any any 58 yes any any any any # remote 0 ip6 filter 5 reject any any any any any yes any any any any # enable 152 IP

V21 2 2.12.5 LAN LAN FTP LAN 192.168.1.0/24 LAN FTP 192.168.0.5 FTP 1 192.168.1.0/24 192.168.0.5 21 ftp TCP LAN 192.168.0.5 FTP # lan 0 ip filter 0 reject 192.168.1.0/24 any 192.168.0.5/32 21 6 yes any any # enable 153 IP

V21 2 LAN 192.168.1.0/24 100.100.100.100 1 192.168.1.0/24 100.100.100.100 100.100.100.100 # remote 0 ip filter 0 reject 192.168.1.0/24 any 100.100.100.100/32 any 0 yes any any # enable 154 IP

V21 2 2.12.6 LAN NetBIOS 137 139 NetBIOS 137 139 1 137 139 2 137 139 Windows TCP NetBIOS 137 139 137 139 # remote 0 ip filter 0 reject any any any 137-139 0 yes any any 137 139 # remote 0 ip filter 1 reject any 137-139 any any 0 yes any any # enable 155 IP

V21 2 2.12.7 PING PPPoE ISDN ICMP PING ICMP IP DNS PING PING 1 ICMP ICMP # remote 0 ip filter 0 restrict any any any any 1 yes any any # enable 156 IP

V21 2 2.12.8 ping LAN LAN ping ICMP ECHO ICMP LAN 192.168.1.5/32 ping ICMP ECHO LAN 192.168.1.5/32 ping ICMP ECHO 1 192.168.1.5/32 ICMP TYPE 8 ICMP 1 192.168.1.5/32 ICMP TYPE 8 ICMP # lan 0 ip filter 0 reject any any 192.168.1.5/32 any 1 yes any any 8 any # lan 0 ip filter 1 pass any any any any any yes any any any any # enable 157 IP

V21 2 LAN ping ICMP ECHO ICMP LAN 192.168.1.5/32 ping ICMP ECHO LAN 192.168.1.5/32 ping ICMP ECHO 1 192.168.1.5/32 ICMP TYPE 8 ICMP 1 192.168.1.5/32 ICMP TYPE 8 ICMP # remote 0 ip filter 0 reject any any 192.168.1.5/32 any 1 yes any any 8 any # remote 0 ip filter 1 pass any any any any any yes any any any any # enable 158 IP

V21 2 2.13 IPsec VPN Virtual Private Network LAN LAN LAN VPN IPsec IP VPN IP IP VPN IP VPN IP IP VPN IP VPN IP IP VPN 1 IKE IPsec VPN IPsec IPsec any IKE 1 VPN IPsec IPsec MR1000 2.13 IPsec P.58 IPsec IPv4 IPv6 NAT IPsec IPsec IPsec IPsec remote ip nat IPsec remote ip nat VPN VPN VPN IP NAT NAT NAT IP VPN IPsec IPv4 IPv6 IPv4 IPv6 VPN IPsec NAT NAT IPsec NAT NAT IPsec/IKE VPN IPsec IKE IPsec IPsec IPsec IPsec any IKE IPsec IPsec SA IPsec any IKE IPsec AES 128 128 159 IPsec

V21 2 VPN VPN IPsec NAT IPsec IPsec NAT IPsec NAT IPsec NAT LAN remote NAT IP VPN IP VPN ESP IP IP IP IP VPN IP ESP IKE IP IP 500 IP IP VPN IP 500 UDP ESP IP IP IP IP VPN IP ESP WAN IP 202.168.1.66 202.168.1.66 202.168.2.66 IPsec/IKE IPsec/IKE 202.168.1.66 NAT IP IP 202.16.1.66 IP VPN Initiator IKE IP IP LAN IP 500 IP IP 500 UDP 160 IPsec

V21 2 IP VPN Initiator ESP IP IP LAN IP IP IP ESP 2.13.1 IPv4 over IPv4 IP VPN IPsec VPN PPPoE VPN PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip address local 202.168.1.66 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 # lan 1 ip address 192.168.2.1/24 3 161 IPsec

V21 2 IPsec 202.168.1.66-202.168.2.66 IPsec IPsec IPsec esp IPsec SPI 100 16 IPsec SA des-cbc 0123456789 16 IPsec SA hmac-md5 123456789a 16 IPsec SPI 101 16 IPsec SA des-cbc 23456789ab 16 IPsec SA hmac-md5 3456789abc 16 IPsec 202.168.2.66-202.168.1.66 IPsec IPsec IPsec esp IPsec SPI 101 16 IPsec SA des-cbc 23456789ab 16 IPsec SA hmac-md5 3456789abc 16 IPsec SPI 100 16 IPsec SA des-cbc 0123456789 16 IPsec SA hmac-md5 123456789a 16 162 IPsec

V21 2 SPI SPI SPI des-cbc 3des-cbc 16 3 3 des-cbc 0101 0101 0101 0101 1F1F 1F1F E0E0 E0E0 E0E0 E0E0 1F1F 1F1F FEFE FEFE FEFE FEFE 01FE 01FE 01FE 01FE 1FE0 1FE0 0EF1 0EF1 01E0 01E0 01F1 01F1 FE01 FE01 FE01 FE01 E01F E01F F10E F10E E001 E001 F101 F101 1FFE 1FFE 0EFE 0EFE 011F 011F 010E 010E E0FE E0FE F1FE F1FE FE1F FE1F FE0E FE0E 1F01 1F01 0E01 0E01 FEE0 FEE0 FEF1 FEF1 3des 16 3 1 2 3 : 1122334455667788 9900aabbccddeeff 1122334455667788 1 16 2 16 3 16 1 3 16 1 2 2 3 3 1 des-cbc 1 2 3 163 IPsec

V21 2 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honten # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type manual SA # remote 1 ap 0 ipsec send protocol esp # remote 1 ap 0 ipsec send spi 100 # remote 1 ap 0 ipsec send encrypt des-cbc hex 0123456789 # remote 1 ap 0 ipsec send auth hmac-md5 hex 123456789a SA # remote 1 ap 0 ipsec receive protocol esp # remote 1 ap 0 ipsec receive spi 101 # remote 1 ap 0 ipsec receive encrypt des-cbc hex 23456789ab # remote 1 ap 0 ipsec receive auth hmac-md5 hex 3456789abc # enable VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shiten # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 202.168.1.66 # remote 0 ap 0 ipsec type manual SA # remote 0 ap 0 ipsec send protocol esp # remote 0 ap 0 ipsec send spi 101 # remote 0 ap 0 ipsec send encrypt des-cbc hex 23456789ab # remote 0 ap 0 ipsec send auth hmac-md5 hex 3456789abc SA # remote 0 ap 0 ipsec receive protocol esp # remote 0 ap 0 ipsec receive spi 100 # remote 0 ap 0 ipsec receive encrypt des-cbc hex 0123456789 # remote 0 ap 0 ipsec receive auth hmac-md5 hex 123456789a # enable 164 IPsec

V21 2 2.13.2 IPv4 over IPv6 IP VPN IPsec IPv4 IPv6 VPN PPPoE VPN PPPoE IPv4 192.168.1.1/24 IPv4 202.168.1.66/24 IPv6 2001:db8:1111:1::66/64 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv4 202.168.2.66/24 IPv6 2001:db8:1111:2::66/64 IPv4 202.168.2.65 IPv6 2001:db8:1111:2::65 PPPoE # delete lan 0 # lan 0 mode auto # lan 0 ip6 use on # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip address local 202.168.1.66 # remote 0 ip route 0 default 1 0 # remote 0 ip6 use on # remote 0 ip6 address 0 2001:db8:1111:1::66/64 infinity infinity c0 # remote 0 ip6 route 0 default 1 # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:2::66/64 infinity infinity c0 # lan 0 ip6 route 0 default 2001:db8:1111:2::65 1 # lan 1 ip address 192.168.2.1/24 3 165 IPsec

V21 2 vpn-hon honsya IPsec/IKE 2001:db8:1111:1::66-2001:db8:1111:2::66 IPsec IPsec vpn-shi shisya IPsec/IKE 2001:db8:1111:2::66-2001:db8:1111:1::66 IPsec IPsec Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 166 IPsec

V21 2 DH IKE VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 2001:db8:1111:1::66 # remote 1 ap 0 tunnel remote 2001:db8:1111:2::66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 2001:db8:1111:2::66 # remote 0 ap 0 tunnel remote 2001:db8:1111:1::66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 167 IPsec

V21 2 2.13.3 IPv4 over IPv6 IP VPN IP VPN IPv4 IPv6 IPsec PPPoE VPN PPPoE IPv4 192.168.1.1/24 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv4 202.168.2.66/24 IPv6 2001:db8:1111:2::66/64 IPv4 202.168.2.65 IPv6 2001:db8:1111:2::65 PPPoE # delete lan 0 # lan 0 mode auto # lan 0 ip6 use on # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 default 1 # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 0 ip6 use on # lan 0 ip6 route 0 default 2001:db8:1111:2::65 1 # lan 0 ip6 address 0 2001:db8:1111:2::66/64 infinity infinity c0 # lan 1 ip address 192.168.2.1/24 3 168 IPsec

V21 2 Initiator vpn-hon honsya IPsec/IKE -2001:db8:1111:2::66 IPsec IPsec IKE UDP:500 2001:db8:1111:1::66 IPv6 ESP 2001:db8:1111:1::66 IPv6 vpn-shi shisya IPsec/IKE 2001:db8:1111:2::66- IPsec IPsec Aggressive Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE ID/ID shisya /FQDN 169 IPsec

V21 2 IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 DH IKE ID Aggressive Mode ID VPN Initiator VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 2001:db8:1111:2::66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisya # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 170 IPsec

V21 2 Responder VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 2001:db8:1111:2::66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode aggressive # remote 0 ap 0 ike name remote shisya # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 171 IPsec

V21 2 2.13.4 IPv6 over IPv4 IP VPN IPsec IPv6 IPv4 VPN PPPoE VPN PPPoE IPv4 192.168.1.1/24 IPv6 2001:db8:1111:1::1/64 IPv4 202.168.1.66/24 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv6 2001:db8:1111:2::1/64 IPv4 202.168.2.66/24 IPv4 202.168.2.65 PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:1::1/64 infinity infinity c0 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:2::1/64 infinity infinity c0 172 IPsec

V21 2 vpn-hon honsya IPsec/IKE 202.168.1.66-202.168.2.66 IPsec IPsec vpn-shi shisya IPsec/IKE 202.168.2.66-202.168.1.66 IPsec IPsec Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 173 IPsec

V21 2 DH IKE Initiator VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ip6 use on # remote 1 ip6 route 0 2001:db8:1111:2::/64 1 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any6 any6 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 174 IPsec

V21 2 VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1::/64 1 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 202.168.1.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any6 any6 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 175 IPsec

V21 2 2.13.5 IPv6 over IPv4 IP VPN IP VPN IPv6 IPv4 IPsec PPPoE VPN PPPoE IPv4 192.168.1.1/24 IPv6 2001:db8:1111:1::1/64 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv6 2001:db8:1111:2::1/64 IPv4 202.168.2.66/24 IPv4 202.168.2.65 PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:1::1/64 infinity infinity c0 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:2::1/64 infinity infinity c0 176 IPsec

V21 2 Initiator vpn-hon honsya IPsec/IKE -202.168.2.66 IPsec IPsec IKE UDP:500 192.168.1.1 ESP 192.168.1.1 vpn-shi shisya IPsec/IKE 202.168.2.66- IPsec IPsec Aggressive Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE ID/ID shisya /FQDN IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared 177 IPsec

V21 2 IKE des-cbc IKE hmac-md5 IKE DH modp768 DH IKE ID Aggressive Mode ID VPN Initiator IPsec/IKE # remote 0 ip nat static 0 192.168.1.1 500 any 500 17 # remote 0 ip nat static 1 192.168.1.1 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ip6 use on # remote 1 ip6 route 0 2001:db8:1111:2::/64 1 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any6 any6 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisya # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 178 IPsec

V21 2 Responder VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1::/64 1 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any6 any6 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode aggressive # remote 0 ap 0 ike name remote shisya # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 179 IPsec

V21 2 2.13.6 IPv6 over IPv6 IP VPN IPsec IPv6 VPN PPPoE VPN PPPoE IPv4 192.168.1.1/24 IPv6 2001:db8:1111:3::1/64 IPv4 202.168.1.66/24 IPv6 2001:db8:1111:1::66/64 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv6 2001:db8:1111:4::1/64 IPv4 202.168.2.66/24 IPv6 2001:db8:1111:2::66/64 IPv4 202.168.2.65 IPv6 2001:db8:1111:2::65 PPPoE # delete lan 0 # lan 0 mode auto # lan 0 ip6 use on # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:3::1/64 infinity infinity c0 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 default 1 # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:2::66/64 infinity infinity c0 # lan 0 ip6 route 0 default 2001:db8:1111:2::65 1 # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:4::1/64 infinity infinity c0 180 IPsec

V21 2 vpn-hon honsya IPsec/IKE 2001:db8:1111:1::66-2001:db8:1111:2::66 IPsec IPsec vpn-shi shisya IPsec/IKE 2001:db8:1111:2::66-2001:db8:1111:1::66 IPsec IPsec Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 181 IPsec

V21 2 DH IKE VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ip6 use on # remote 1 ip6 route 0 2001:db8:1111:4::/64 1 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 2001:db8:1111:1::66 # remote 1 ap 0 tunnel remote 2001:db8:1111:2::66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any6 any6 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 182 IPsec

V21 2 VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:3::0/64 1 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 2001:db8:1111:2::66 # remote 0 ap 0 tunnel remote 2001:db8:1111:1::66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any6 any6 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 183 IPsec

V21 2 2.13.7 IPv6 over IPv6 IP VPN IPv6 VPN PPPoE VPN PPPoE IPv4 192.168.1.1/24 IPv6 2001:db8:1111:3::1/64 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IPv4 192.168.2.1/24 IPv6 2001:db8:1111:4::1/64 IPv4 202.168.2.66/24 IPv6 2001:db8:1111:2::66/64 IPv4 202.168.2.65 IPv6 2001:db8:1111:2::65 PPPoE # delete lan 0 # lan 0 mode auto # lan 0 ip6 use on # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:3::1/64 infinity infinity c0 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 default 1 # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 0 ip6 use on # lan 0 ip6 route 0 default 2001:db8:1111:2::65 1 # lan 0 ip6 address 0 2001:db8:1111:2::66/64 infinity infinity c0 # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:4::1/64 infinity infinity c0 184 IPsec

V21 2 Initiator vpn-hon honsya IPsec/IKE -2001:db8:1111:2::66 IPsec IPsec IKE UDP:500 2001:db8:1111:1::66 IPv6 ESP 2001:db8:1111:1::66 IPv6 vpn-shi shisya IPsec/IKE 2001:db8:1111:2::66- IPsec IPsec Aggressive Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH 185 IPsec

V21 2 IKE ID/ID shisya /FQDN IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 DH IKE ID Aggressive Mode ID VPN Initiator VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ip6 use on # remote 1 ip6 route 0 2001:db8:1111:4::/64 1 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 2001:db8:1111:2::66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any6 any6 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisya # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 186 IPsec

V21 2 Responder VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:3::/64 1 # remote 0 ap 0 name shisya # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 2001:db8:1111:2::66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any6 any6 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode aggressive # remote 0 ap 0 ike name remote shisya # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # enable 187 IPsec

V21 2 2.13.8 IPv4 over IPv4 1 IKE IPsec VPN IPsec IPsec SA IP PPPoE VPN PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 PPPoE ID userid PPPoE userpass PPPoE LAN LAN0 IP 1 LAN0 IP 2 192.168.3.1/24 IP 202.168.2.66/24 IP 202.168.2.65 PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip address local 202.168.1.66 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ap 0 keep connect # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip route 0 192.168.3.0/24 192.168.2.2 1 188 IPsec

V21 2 IPsec/IKE 202.168.1.66-202.168.2.66 IPsec 1 any - 192.168.2.0/24 IPsec 2 any - 192.168.3.0/24 IPsec/IKE 202.168.2.66-202.168.1.66 IPsec 1 192.168.2.0/24 - any IPsec 2 192.168.3.0/24 - any Main Mode IPsec esp IPsec des-cbc IPsec PFS DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 1 189 IPsec

V21 2 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ip route 1 192.168.3.0/24 1 0 # remote 1 ap 0 name honten1 # remote 1 ap 0 multiroute pattern 0 use any any 192.168.2.0/24 any 0 any # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.2.0/24 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike bind self # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # remote 1 ap 1 datalink type ipsec # remote 1 ap 1 ipsec type ike # remote 1 ap 1 ipsec ike protocol esp # remote 1 ap 1 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 1 ipsec ike encrypt des-cbc # remote 1 ap 1 ipsec ike auth hmac-md5 # remote 1 ap 1 ike bind ap 0 # enable 190 IPsec

V21 2 VPN # remote 0 name vpn-shi # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shiten # remote 0 ap 0 multiroute pattern 0 use 192.168.2.0/24 any any any 0 any # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 202.168.1.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range 192.168.2.0/24 any4 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike bind self # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 0 ap 1 datalink type ipsec # remote 0 ap 1 ipsec type ike # remote 0 ap 1 ipsec ike protocol esp # remote 0 ap 1 ipsec ike range 192.168.3.0/24 any4 # remote 0 ap 1 ipsec ike encrypt des-cbc # remote 0 ap 1 ipsec ike auth hmac-md5 # remote 0 ap 1 ike bind ap 0 # enable 191 IPsec

V21 2 2.13.9 IPsec IPsec IPv4 over IPv4 IP VPN IPv4 over IPv4 IP VPN IPsec NAT IP TOS IPsec WFQ IPsec MSS IPsec MTU IKE RIP IPv6 IPsec NAT IKE IPsec NAT IP TOS NAT NAT 192.168.1.1 1 5 IP - telnet ftp TOS ftp 0xa0 IP - telnet ftp TOS ftp 0xa0 # remote 1 ip nat mode multi 192.168.1.1 1 # remote 1 ip filter 0 pass 192.168.1.0/24 any 192.168.2.0/24 21,23 6 yes any any # remote 1 ip filter 1 pass 192.168.2.0/24 21,23 192.168.1.0/24 any 6 no any any # remote 1 ip filter 2 reject any any any any 0 yes any any # remote 1 ip tos 0 any any 192.168.2.0/24 20,21 6 any a0 192 IPsec

V21 2 # remote 0 ip filter 0 pass 192.168.1.0/24 any 192.168.2.0/24 21,23 6 yes any any # remote 0 ip filter 1 pass 192.168.2.0/24 21,23 192.168.1.0/24 any 6 no any any # remote 0 ip filter 2 reject any any any any 0 yes any any # remote 0 ip tos 0 192.168.2.0/24 20,21 192.168.1.0/24 20,21 6 any a0 IPsec WFQ 2Mbps IP 192.168.2.0/24 IP 192.168.1.0/24 TCP TOS # remote 0 shaping on 2m # remote 0 ip priority 0 192.168.2.0/24 any 192.168.1.0/24 any 6 any express IPsec WFQ IPsec IPsec remote IPsec remote remote IPsec IPsec MSS MSS 1414Byte # remote 1 ip msschange 1414 193 IPsec

V21 2 # remote 0 ip msschange 1414 IPsec MTU MTU 1460Byte # remote 1 mtu 1460 # remote 0 mtu 1460 IP 192.168.1.1 IP 192.168.2.1 5 10 1 VPN # remote 1 ap 0 sessionwatch 192.168.1.1 192.168.2.1 10s 1m 5s 194 IPsec

V21 2 IKE IP 192.168.2.1 5 10 1 VPN # remote 1 ap 0 ike sessionwatch 192.168.2.1 10s 1m 5s IKE IP remote ap ipsec ike range IPsec IP IKE IP IPsec IP IKE IP IKE IPsec/IKE SA RIP RIP v1 RIP v1 RIP 0 # delete remote 1 ip route # remote 1 ip rip use v1 v1 0 off # delete remote 1 ip route # remote 0 ip rip use v1 v1 0 off 195 IPsec

V21 2 2.14 PPP IP URL NAT DHCP IPv4 IPv6 - LOG_ERROR - LOG_WARNING - LOG_NOTICE - LOG_INFO - IP - NAT - PPP - DHCP - Proxy DNS IP 192.168.1.10 196

V21 2 # syslog server 192.168.1.10 # syslog pri error,warn,notice,info # syslog security ipfilter,nat,ppp,dhcp,proxydns # enable MR1000 2.1.12 P.41 197

V21 2 2.15 NAT NAT NAT NAT IP Web MR1000 2.14 NAT P.63 NAT IP NAT NAT IP NAT 1024 NAT 64 IP IP 0 9 A Z a z < > & % MR1000 1.4 P.18 198 NAT

V21 2 2.15.1 LAN NAT FTP A LAN0 NAT LAN IP 172.16.1.1 / 172.16.1.0/24 FTP IP 172.16.1.2 IP # lan 0 ip address 192.168.0.1/24 3 # lan 1 ip address 172.16.1.1/24 3 NAT # lan 0 ip nat mode multi any 1 5m # lan 0 ip nat static 0 172.16.1.2 21 192.168.0.1 21 6 # enable NAT FTP DNS NAT # lan 0 ip nat rule 0 ftp any 21 off # lan 0 ip nat rule 1 dns global 53 off 199 NAT

V21 2 2.15.2 PPPoE PPPoE PPPoE NAT LAN ID userid userpass / 192.168.1.0/24 192.168.1.255 200 NAT

V21 2 PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass # remote 0 ppp ipcp vjcomp disable # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # proxydns domain 0 any * any to 0 # proxydns address 0 any to 0 NAT # remote 0 ip nat static 0 192.168.1.2 80 any 80 any # remote 0 ip nat static 1 192.168.1.3 21 any 21 any # enable NAT NAT NAT NAT IP NAT IP NAT FTP DNS NAT # remote 0 ip nat rule 0 ftp any 21 off # remote 0 ip nat rule 1 dns global 53 off 201 NAT

V21 2 2.15.3 NAT ISDN ISDN ISDN ID userid userpass LAN 10.10.10.96/29 www IP 10.10.10.98 ftp IP 10.10.10.99 NAT IP 10.10.10.100 102 / 192.168.1.0/24 192.168.1.255 202 NAT

V21 2 # wan 0 line isdn IP # lan 0 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 ip route 0 default 1 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 03-1234-5678 # remote 0 ap 0 ppp auth send userid userpass NAT # remote 0 ip nat mode multi 10.10.10.100 3 5m # remote 0 ip nat static 0 192.168.1.2 80 10.10.10.98 80 any # remote 0 ip nat static 1 192.168.1.3 21 10.10.10.99 21 any # reset NAT FTP DNS NAT # remote 0 ip nat rule 0 ftp any 21 off # remote 0 ip nat rule 1 dns global 53 off 203 NAT

V21 2 2.15.4 LAN NAT FTP A LAN0 NAT LAN IP 172.16.1.1 / 172.16.1.0/24 FTP IP 172.16.1.2 IP # lan 0 ip address 192.168.0.1/24 3 # lan 1 ip address 172.16.1.1/24 3 NAT # lan 0 ip nat mode multi any 1 5m # lan 0 ip nat static 0 172.16.1.2 21 192.168.0.1 21 6 # enable NAT FTP DNS NAT # lan 0 ip nat rule 0 ftp any 21 off # lan 0 ip nat rule 1 dns global 53 off 204 NAT

V21 2 2.15.5 NAT IPsec IPsec NAT NAT IPsec IPsec IPsec LAN0 NAT IP # lan 0 ip address 192.168.0.1/24 3 # lan 1 ip address 172.16.1.1/24 3 NAT # lan 0 ip nat mode multi any 1 5m # lan 0 ip nat wellknown 0 500 off # enable NAT FTP DNS NAT # lan 0 ip nat rule 0 ftp any 21 off # lan 0 ip nat rule 1 dns global 53 off 205 NAT

V21 2 2.16 VoIP NAT NAT VoIP UPnP VoIP NAT UPnP NAT MR1000 2.15 VoIP NAT P.66 UPnP VoIP UPnP LAN LAN0 IP DHCP NAT IP 1 5 UPnP LAN LAN1 IP 192.168.1.1/24 DHCP 192.168.1.2 253 1 192.168.1.1 DNS 192.168.1.1 206 VoIP NAT

V21 2 0 9 A Z a z < > & % MR1000 1.4 P.18 LAN # delete lan 0 # lan 0 mode auto # lan 0 ip dhcp service client # lan 0 ip rip use off v1 0 off # lan 0 ip nat mode multi any 1 UPnP LAN # lan 1 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip rip use v1 v1 0 off UPnP # upnp use on # enable LAN UPnP 207 VoIP NAT

V21 2 2.17 TOS/Traffic Class IP TOS/Traffic Class MR1000 2.16 TOS/Traffic Class P.69 TOS/Traffic Class TOS/Traffic Class IP IP IP TOS IPv6 Traffic Class TOS Traffic Class FTP TOS a0 208 TOS/Traffic Class

V21 2 IP / 192.168.1.0/24 IP / 20 ftp-data 21 ftp TCP TOS 00 TOS a0 FTP TOS 00 a0 # remote 0 ip tos 0 192.168.1.0/24 any any 20,21 6 0 a0 # enable 209 TOS/Traffic Class

V21 2 2.18 VLAN VLAN 2 QoS VLAN VLAN IP TOS IPv6 MR1000 2.17 VLAN P.71 VLAN TOS/Traffic Class IP TOS a0 7 0 IP TOS a0 7 TOS a0 7 # lan 0 vlan tag primap 0 ip a0 7 # enable 210 VLAN

V21 2 2.19 LAN WAN 2.19.1 Ethernet Ethernet Ethernet 5Mbps LAN1 5Mbps # lan 1 shaping on 5m # enable 211

V21 2 2.19.2 Ethernet L2-VPN A 3Mbps B 3Mbps A B 5Mbps LAN # lan1 shaping on 5m A # remote 0 name kyotena # remote 0 ip route 0 192.168.128.0/24 1 1 # remote 0 shaping on 3m # remote 0 ap 0 name OV-A # remote 0 ap 0 datalink type overlap # remote 0 ap 0 overlap to lan 1 # remote 0 ap 0 overlap nexthop 172.16.0.128 B # remote 1 name kyotenb # remote 1 ip route 0 192.168.192.0/24 1 1 # remote 1 shaping on 3m # remote 1 ap 0 name OV-B # remote 1 ap 0 datalink type overlap # remote 1 ap 0 overlap to lan 1 # remote 1 ap 0 overlap nexthop 172.16.0.192 # enable 212

V21 2 2.20 PPP ISDN - LZS - VJ VJ RFC1144 - IPHC IP RFC2507/RFC2508 RFC2509 PPPoE 0 remote 0 0 remote 0 PPPoE # remote 0 ppp ipcp vjcomp enable # remote 0 ppp ipcp iphc enable # enable 213

V21 2 ISDN ISDN 0 remote 0 0 remote 0 ISDN # remote 0 ppp compress on # remote 0 ppp ipcp vjcomp enable # remote 0 ppp ipcp iphc enable # enable MP # remote 0 ppp mp order on 214

V21 2 2.21 WFQ WFQ IP MR1000 2.19 WFQ P.73 WFQ IP IP TOS IPv6 Traffic Class Ethernet LAN0 Ethernet Ethernet 1Mbps TOS a0 215 WFQ

V21 2 # lan 0 shaping on 1m WFQ # lan 0 ip priority 0 any any any any any a0 express # enable # lan 0 shaping on 1m WFQ # lan 0 ip priority 0 any any any any any a0 express # enable 216 WFQ

V21 2 2.22 DHCP IPv4 DHCP DHCP DHCP DHCP DHCP MR1000 2.20.1 IPv4 DHCP P.76 DHCP 1 1 DHCP IPv6 DHCP IPv6 DHCP IPv6 DHCP IPv6 DHCP MR1000 2.20.2 IPv6 DHCP P.78 217 DHCP

V21 2 2.22.1 DHCP DHCP IP IP DHCP IP DHCP IP IP DNS IP DHCP DHCP DHCP DHCP IP 253 IP 192.168.2.1 3 1 IP 192.168.2.2 192.168.2.33 IP 32 / 192.168.2.0/24 DHCP 218 DHCP

V21 2 DHCP # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip dhcp info dns 192.168.2.1 # lan 1 ip dhcp info address 192.168.2.2/24 32 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.2.1 # lan 1 ip dhcp service server # enable 219 DHCP

V21 2 2.22.2 DHCP DHCP IP IP IP IP IP MAC DHCP IP DHCP DHCP IP MAC MAC LAN IP IP DHCP DHCP DHCP DHCP DNS DHCP 64 / 192.168.2.0/24 IP MAC 00:00:0e:12:34:56 IP 192.168.2.2 DHCP DHCP DHCP 220 DHCP

V21 2 DHCP # lan 1 ip address 192.168.2.1/24 3 # lan 1 ip dhcp info dns 192.168.2.1 # lan 1 ip dhcp info address 192.168.2.2/24 32 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.2.1 # lan 1 ip dhcp service server DHCP # host 0 ip address 192.168.2.2 # host 0 mac 00:00:0e:12:34:56 # enable 221 DHCP

V21 2 2.22.3 DHCP DHCP DHCP IP DHCP LAN IP DHCP IP IP DNS IP TIME IP NTP IP DHCP IP DHCP DHCP # lan 0 ip dhcp service client NAT # lan 0 ip nat mode multi any 1 LAN1 # lan 1 ip address 192.168.2.1/24 3 # enable 222 DHCP

V21 2 2.22.4 DHCP DHCP IP DHCP DHCP DHCP DHCP DHCP LAN LAN IP 192.168.1.1 DHCP LAN IP 192.168.0.1 DHCP 192.168.0.10 DHCP NAT IP # lan 0 ip address 192.168.0.1/24 3 # lan 1 ip address 192.168.1.1/24 3 DHCP # lan 1 ip dhcp service relay 192.168.0.10 # enable 223 DHCP

V21 2 DHCP DHCP DHCP IP 192.168.2.1 / 192.168.2.0/24 DHCP IP 192.168.2.10 IP 192.168.1.1 / 192.168.1.0/24 1.8 LAN P.21 224 DHCP

V21 2 LAN # wan 0 line hsd 128k # lan 0 ip address 192.168.1.1/24 3 # remote 0 name kaisya # remote 0 ap 0 name shisya # remote 0 ap 0 datalink bind wan 0 # remote 0 ip route 0 192.168.2.1/24 1 # reset DHCP # lan 0 ip dhcp service relay 192.168.2.10 # enable 225 DHCP

V21 2 2.22.5 IPv6 DHCP IPv6 DHCP IPv6 DHCP IPv6 IPv6 Router Advertisement Message RA 64 IPv6 PPPoE IPv6 DHCP PPPoE LAN LAN0 ID userid userpass IPv6 DHCP IPv6 48 IPv6 LAN LAN1 RA IPv6 ID 0001 226 DHCP

V21 2 ADSL #delete lan 0 #lan 0 mode auto #remote 0 name internet #remote 0 mtu 1454 #remote 0 ap 0 name ISP-1 #remote 0 ap 0 keep connect #remote 0 ap 0 datalink bind lan 0 #remote 0 ap 0 ppp auth send userid userpass #remote 0 ip6 use on IPv6 DHCP #remote 0 ip6 dhcp service client ProxyDNS #proxydns domain 0 any * any on 0 #proxydns address 0 any on 0 LAN #lan 1 ip6 use on #lan 1 ip6 address 0 dhcp@rmt0:1::/64 infinity infinity #lan 1 ip6 ra mode send #save #reset 227 DHCP

V21 2 2.23 DNS ProxyDNS ProxyDNS DNS DNS DNS DNS MR1000 2.21 DNS P.80 2.23.1 DNS ProxyDNS IP DNS IP DNS DNS honsya.co.jp DNS IP 192.168.2.2 DNS honsya.co.jp DNS IP 100.100.100.100 DNS # proxydns domain 0 any *.honsya.co.jp any static 192.168.2.2 # proxydns domain 1 any * any static 100.100.100.100 # enable 228 DNS ProxyDNS

V21 2 1. DHCP DHCP 0 9 A Z a z < > & % MR1000 1.4 P.18 229 DNS ProxyDNS

V21 2 2.23.2 DNS ProxyDNS IP DNS DNS 192.168.0.0 DNS IP 192.168.2.2 DNS 192.168.0.0 DNS IP 100.100.100.100 0 9 A Z a z < > & % MR1000 1.4 P.18 DNS # proxydns address 0 192.168.0.0/24 static 192.168.2.2 # proxydns address 1 any static 100.100.100.100 # enable 230 DNS ProxyDNS

V21 2 1. DHCP DHCP 2.23.3 DNS ProxyDNS DNS DNS DNS RFC1877 DNS 0 9 A Z a z < > & % MR1000 1.4 P.18 DNS # proxydns domain 0 any * any on 0 off # enable 231 DNS ProxyDNS

V21 2 Windows 2000 1. 2. 3. TCP/IP 4. 5. DNS 6. DNS IP 7. OK 8. DHCP DNS IP ProxyDNS DHCP DHCP DNS IP IP ProxyDNS DNS DNS # proxydns domain 0 any * any on 0 on DNS DNS DNS DNS DNS DNS 232 DNS ProxyDNS

V21 2 2.23.4 DNS DNS QTYPE Windows 2000 DNS SOA 6 SRV 33 ProxyDNS A 1 DNS SOA 6 0 9 A Z a z < > & % MR1000 1.4 P.18 DNS # proxydns domain 0 6 * any reject # enable DNS P.232 233 DNS ProxyDNS

V21 2 2.23.5 DNS IP DNS ProxyDNS DNS LAN LAN DNS host.com IPv4 192.168.1.2 IPv6 2001:db8::2 0 9 A Z a z < > & % MR1000 1.4 P.18 # host 0 name host.com # host 0 ip address 192.168.1.2 # host 0 ip6 address 2001:db8::2 # enable DHCP DNS DNS P.232 234 DNS ProxyDNS

V21 2 2.24 URL URL URL URL ProxyDNS URL MR1000 2.21 DNS P.80 ProxyDNS www.danger.com URL LAN IP DNS IP 0 9 A Z a z < > & % MR1000 1.4 P.18 www.danger.com XXX.danger.com URL.danger.com 235 URL URL

V21 2 URL # proxydns domain 0 any www.danger.com any reject # proxydns domain 1 any * any on 0 # enable 236 URL URL

V21 2 2.25 SNMP SNMP Simple Network Management Protocol SNMP MIB MR1000 2.22 SNMP P.82 SNMP SNMP Simple Network Management Protocol SNMP SNMP MIB Management Information Base trap Trap MR1000 3.1 MIB P.23 3.2 Trap P.35 SNMP suzuki MR1000 1 1F 192.168.1.1 IP SNMP public 237 SNMP

V21 2 SNMP # snmp agent contact suzuki # snmp agent sysname MR1000 # snmp agent location 1F # snmp agent address 192.168.1.1 # snmp manager 0 0.0.0.0 public off disable # snmp service on # enable IP IP SNMP 238 SNMP

V21 2 2.26 ECMP ECMP ADSL ADSL 2 MR1000 2.23 ECMP P.83 239 ECMP

V21 2 1 2 1 1 2 1 ISP A 2 ISP B LAN0 # lan 0 ip address 172.16.1.252/24 3 # lan 0 vrrp use on # lan 0 vrrp group 0 id 10 254 172.16.1.254 # lan 0 vrrp group 0 trigger 0 ifdown rmt0 LAN1 # lan 1 ip address 202.168.1.66/24 3 # lan 1 ip route 0 default 202.168.1.65 1 0 # lan 1 ip filter 0 pass any 500 202.168.1.66/32 500 17 yes # lan 1 ip filter 1 pass 202.168.1.66/32 500 any 500 17 yes # lan 1 ip filter 2 pass any any 202.168.1.66/32 any 50 yes # lan 1 ip filter 3 pass 202.168.1.66/32 any any any 50 yes # lan 1 ip filter 4 reject any any any any 0 yes # remote 0 name RMTbyA # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip msschange 1360 # remote 0 mtu 1400 # remote 0 ap 0 name IPsecbyA # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.1.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 any4 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ipsec ike pfs modp768 # remote 0 ap 0 ike name remote RMTbyA # remote 0 ap 0 ike shared key text 12345678-A # remote 0 ap 0 ike proposal 0 encrypt des-cbc # remote 0 ap 0 sessionwatch 172.16.1.252 192.168.1.1 5s 1m 5s # enable 240 ECMP

V21 2 LAN0 # lan 0 ip address 172.16.1.253/24 3 # lan 0 vrrp use on # lan 0 vrrp group 0 id 10 100 172.16.1.254 # lan 0 vrrp group 0 trigger 0 ifdown rmt0 LAN1 # lan 1 ip address 202.168.1.67/24 3 # lan 1 ip route 0 default 202.168.1.65 1 0 # lan 1 ip filter 0 pass any 500 202.168.1.67/32 500 17 yes # lan 1 ip filter 1 pass 202.168.1.67/32 500 any 500 17 yes # lan 1 ip filter 2 pass any any 202.168.1.67/32 any 50 yes # lan 1 ip filter 3 pass 202.168.1.67/32 any any any 50 yes # lan 1 ip filter 4 reject any any any any 0 yes # remote 0 name RMTbyB # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ip msschange 1360 # remote 0 mtu 1400 # remote 0 ap 0 name IPsecbyB # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.1.67 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 any4 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ipsec ike pfs modp768 # remote 0 ap 0 ike name remote RMTbyB # remote 0 ap 0 ike shared key text 12345678-B # remote 0 ap 0 ike proposal 0 encrypt des-cbc # remote 0 ap 0 sessionwatch 172.16.1.253 192.168.1.1 5s 1m 5s # enable 241 ECMP

V21 2 LAN # lan 0 ip address 192.168.1.1/24 3 PPPoE LAN # lan 1 mode auto # lan 2 vlan bind 1 # lan 2 vlan tag vid 10 # lan 3 vlan bind 1 # lan 3 vlan tag vid 20 A PPPoE # remote 0 name INTER-A # remote 0 ip route 0 202.168.1.66/32 1 0 # remote 0 ip filter 0 pass any 500 202.168.1.66/32 500 17 yes # remote 0 ip filter 1 pass 202.168.1.66/32 500 any 500 17 yes # remote 0 ip filter 2 pass any any 202.168.1.66/32 any 50 yes # remote 0 ip filter 3 pass 202.168.1.66/32 any any any 50 yes # remote 0 ip filter 4 reject any any any any 0 yes # remote 0 ip msschange 1414 # remote 0 mtu 1454 # remote 0 ap 0 name ISP-A # remote 0 ap 0 datalink bind lan 2 # remote 0 ap 0 ppp auth send UIDtoA PASStoA # remote 0 ap 0 keep connect # remote 0 ip nat mode multi any 1 5m # remote 0 ip nat static 0 192.168.1.1 500 any 500 17 # remote 0 ip nat static 1 192.168.1.1 any any any 50 B PPPoE # remote 1 name INTER-B # remote 1 ip route 0 202.168.1.67/32 1 0 # remote 1 ip filter 0 pass any 500 202.168.1.67/32 500 17 yes # remote 1 ip filter 1 pass 202.168.1.67/32 500 any 500 17 yes # remote 1 ip filter 2 pass any any 202.168.1.67/32 any 50 yes # remote 1 ip filter 3 pass 202.168.1.67/32 any any any 50 yes # remote 1 ip filter 4 reject any any any any 0 yes # remote 1 ip msschange 1414 # remote 1 mtu 1454 # remote 1 ap 0 name ISP-B # remote 1 ap 0 datalink bind lan 3 # remote 1 ap 0 ppp auth send UIDtoB PASStoB # remote 1 ap 0 keep connect # remote 1 ip nat mode multi any 1 5m # remote 1 ip nat static 0 192.168.1.1 500 any 500 17 # remote 1 ip nat static 1 192.168.1.1 any any any 50 # remote 2 name CENTER-A # remote 2 ip route 0 172.16.1.0/24 1 1 # remote 2 ip msschange 1360 # remote 2 mtu 1400 # remote 2 ap 0 name IPsecbyA # remote 2 ap 0 datalink type ipsec # remote 2 ap 0 tunnel remote 202.168.1.66 # remote 2 ap 0 ipsec type ike # remote 2 ap 0 ipsec ike protocol esp # remote 2 ap 0 ipsec ike range any4 any4 # remote 2 ap 0 ipsec ike encrypt des-cbc # remote 2 ap 0 ipsec ike auth hmac-md5 # remote 2 ap 0 ipsec ike pfs modp768 # remote 2 ap 0 ike name local RMTbyA 242 ECMP

V21 2 # remote 2 ap 0 ike shared key text 12345678-A # remote 2 ap 0 ike proposal 0 encrypt des-cbc # remote 2 ap 0 sessionwatch 192.168.1.1 172.16.1.252 5s 1m 5s # remote 3 name CENTER-B # remote 3 ip route 0 172.16.1.0/24 1 1 # remote 3 ip msschange 1360 # remote 3 mtu 1400 # remote 3 ap 0 name IPsecbyB # remote 3 ap 0 datalink type ipsec # remote 3 ap 0 tunnel remote 202.168.1.67 # remote 3 ap 0 ipsec type ike # remote 3 ap 0 ipsec ike protocol esp # remote 3 ap 0 ipsec ike range any4 any4 # remote 3 ap 0 ipsec ike encrypt des-cbc # remote 3 ap 0 ipsec ike auth hmac-md5 # remote 3 ap 0 ipsec ike pfs modp768 # remote 3 ap 0 ike name local RMTbyB # remote 3 ap 0 ike shared key text 12345678-B # remote 3 ap 0 ike proposal 0 encrypt des-cbc # remote 3 ap 0 sessionwatch 192.168.1.1 172.16.1.253 5s 1m 5s ECMP # routemanage ip ecmp mode hash # enable 243 ECMP

V21 2 2.27 VRRP VRRP 2 1 VRRP RIP VRRP 2 MR1000 2.24 VRRP P.86 on off vrrpctl LAN IP IP IP IP IP IP VRRP VRRP master VRRP "master" IP VRRP VRRP-AD IP IP 224.0.0.18 112 244 VRRP

V21 2 2.27.1 2 2 PPPoE WAN PPPoE LAN LAN0 IP / 192.168.1.10/24 ID userid userpass IP 202.168.2.1 DNS PPPoE LAN LAN0 IP / 192.168.1.11/24 ID userid2 userpass2 245 VRRP

V21 2 ADSL # delete lan # lan 0 ip address 0.0.0.0/0 3 # lan 0 mode auto IP # lan 1 ip address 192.168.1.10/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass VRRP # lan 1 vrrp use on # lan 1 vrrp group 0 id 10 254 192.168.1.1 # lan 1 vrrp group 0 preempt off # lan 1 vrrp group 0 trigger 0 node 202.168.2.1 any # reset 246 VRRP

V21 2 ADSL # delete lan # lan 0 ip address 0.0.0.0/0 3 # lan 0 mode auto IP # lan 1 ip address 192.168.1.11/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid2 userpass2 VRRP # lan 1 vrrp use on # lan 1 vrrp group 0 id 10 100 192.168.1.1 # lan 1 vrrp group 0 preempt on # reset WAN PPPoE # lan 1 vrrp 0 trigger 0 ifdown rmt0 247 VRRP

V21 2 2.27.2 2 ID 2 PPPoE PPPoE A ID 10 IP 192.168.1.1 B ID 11 IP 192.168.1.2 PPPoE LAN LAN0 IP / 192.168.1.10/24 ID userid userpass PPPoE LAN LAN0 IP / 192.168.1.11/24 ID userid2 userpass2 PC PC 248 VRRP

V21 2 ADSL # delete lan # lan 0 ip address 0.0.0.0/0 3 # lan 0 mode auto IP # lan 1 ip address 192.168.1.10/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass VRRP # lan 1 vrrp use on # lan 1 vrrp group 0 id 10 254 192.168.1.1 # lan 1 vrrp group 0 preempt off # lan 1 vrrp group 0 trigger 0 ifdown rmt0 254 # lan 1 vrrp group 1 id 11 100 192.168.1.2 # reset 249 VRRP

V21 2 ADSL # delete lan # lan 0 ip address 0.0.0.0/0 3 # lan 0 mode auto IP # lan 1 ip address 192.168.1.11/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid2 userpass2 VRRP # lan 1 vrrp use on # lan 1 vrrp group 0 id 10 100 192.168.1.1 # lan 1 vrrp group 1 id 11 254 192.168.1.2 # lan 1 vrrp group 1 preempt off # lan 1 vrrp group 1 trigger 0 ifdown rmt0 254 # reset 250 VRRP

V21 2 2.28 IPsec VPN remote 0 ap 0 2.13.1 IPv4 over IPv4 IP VPN P.161 BRI:128Kbps TOS a0 IP-VPN IP-VPN IP-VPN # wan 0 line hsd 128k IP-VPN # remote 0 ap 0 multiroute pattern 0 backup any any any any 0 a0 # remote 0 ap 0 multiroute pattern 1 use any any any any 0 any # remote 0 ap 1 name hsd # remote 0 ap 1 datalink bind wan 0 # reset 251

V21 2 2.29 Wakeup on LAN 1 6 host1 MAC 00:00:0e:12:34:56 Wakeup on LAN AMD OFF Magic Packet Wakeup on LAN OFF OFF Wakeup on LAN Wakeup on LAN 0 9 A Z a z < > & % MR1000 1.4 P.18 DHCP DNS 252

V21 2 2.29.1 # host 0 name host1 # host 0 mac 00:00:0e:12:34:56 # enable 2.29.2 1. telnet 2. Wakeup on LAN # rpon all Magic Packet OS 253

V21 2 2.30 16 4 1 4 2 MR1000 1.1 P.7 2.30.1 11 8 23:00 08:00 # schedule 0 in any 2300-0800 diallock # enable 254

V21 2 8 08:00 # schedule 0 at any 0800 rpon all # enable host rpon off 2.29 P.252 2.30.2 2004 7 1 2 06-123-4567 06-6123-4567 2004 7 1 2 00 06-123-4567 06-6123-4567 # dnconvinfo 0 date 0407010200 # dnconvinfo 0 dial 0 06-123-4567 06-6123-4567 # enable 255

V21 2 2.30.3 2 2004 7 1 6 30 1 2 2004 7 1 6 30 1 2 # addact 0 0407010630 reset config2 # enable 256

V21 2 2.31 ISDN 3 10 3 10 60 3 MR1000 2.1.8 P.34 257

V21 2 2.31.1 remote0 ap0 60 08:00 19:00 19:00 23:00 23:00 08:00 180 180 240 # remote 0 ap 0 idle 1m # remote 0 ap 0 step 1800 # remote 0 ap 0 step2 1800 # remote 0 ap 0 step3 2400 # enable 258

V21 2 2.31.2 50 10,000 50 10,000 # wan 0 isdn limit time 50h yes # wan 0 isdn limit charge 10000 yes # enable wan <number> isdn limit diallock no INS 64 - INS - 259

V21 2 2.32 STP FNA STP IP 0 9 A Z a z < > & % MR1000 1.4 P.18 STP 0 VLAN STP WAN 1 remote 1 ap SNMP IPv4 IP IPv4 IP IPv6 LAN IPv4 IP VLAN MAC VLAN MAC VLAN SVL Shared VLAN Learning VLAN VLAN MAC WAN LAN 2.32.1 FNA STP LAN 1 STP MR1000 2.25 P.91 260 STP

V21 2 LAN LAN FNA FNA STP IP # lan 0 bridge use on # lan 0 bridge stp use on # lan 1 bridge use on # lan 1 bridge stp use on FNA # lan 0 bridge filter 0 pass any 00:00:0e:0a:12:34 llc 8080 FNA # lan 0 bridge filter 1 pass 00:00:0e:0a:12:34 any llc 8080 STP # lan 0 bridge filter 2 pass any 01:80:c0:00:00:00 llc 4242 # lan 0 bridge filter 3 reject any any any # enable 261 STP

V21 2 LAN FNA WAN WAN WAN ISDN 128kbps FNA STP ISDN STP 1.8 LAN P.21 262 STP

V21 2 LAN # wan 0 line hsd 128k # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip dhcp service off # remote 0 name Siten1 # remote 0 ip route 0 192.168.2.1/24 1 # remote 0 ap 0 name shisya-1 # remote 0 ap 0 datalink bind wan 0 # reset # lan 0 bridge use on # lan 0 bridge stp use on # remote 0 bridge use on # remote 0 bridge stp use on FNA # remote 0 bridge filter 0 pass any 00:00:0e:0a:12:34 llc 8080 FNA # remote 0 bridge filter 1 pass 00:00:0e:0a:12:34 any llc 8080 STP # remote 0 bridge filter 2 pass any 01:80:c0:00:00:00 llc 4242 # remote 0 bridge filter 3 reject any any any # reset 263 STP

V21 2 2.32.2 0 VLAN 1 VLAN IP IP LAN IP LAN - FTP - telnet - Web - syslog - SNMP Trap - IP loose IP STP 0 0 0 STP IP WAN WAN Ethernet IP IP IP LAN IP WAN IP Loose WAN LAN LAN LAN WAN LAN WAN 264 STP

V21 2 LAN0 LAN0 A LAN1 LAN1 B IP A A-gyomu A FR-16 A DLCI 16 A CIR 64Kbps B B-gyomu B FR-17 B DLCI 17 B CIR 64Kbps LAN0 IPv4 192.168.1.1/24 LAN1 IPv4 192.168.2.1/24 LAN0 IPv4 192.168.1.2/24 LAN1 IPv4 192.168.2.2/24 2 A B IPv4 strict IPv4 265 STP

V21 2 1 WAN WAN 0 # lan 0 bridge use on # lan 0 ip address 192.168.1.1/24 3 # lan 0 bridge group 0 # remote 0 bridge use on # remote 0 bridge group 0 0 # bridge 0 ip routing off # bridge 0 ip policy strict 1 # lan 1 bridge use on # lan 1 ip address 192.168.2.1/24 3 # lan 1 bridge group 1 # remote 1 bridge use on # remote 1 bridge group 1 1 # bridge 1 ip routing off # bridge 1 ip policy strict WAN # wan 0 line fr 128k # remote 0 name A-gyomu # remote 0 ap 0 name FR-16 # remote 0 ap 0 fr dlci 16 # remote 0 ap 0 fr cir 64 # remote 1 name B-gyomu # remote 1 ap 0 name FR-17 # remote 1 ap 0 fr dlci 17 # remote 1 ap 0 fr cir 64 # reset 266 STP

V21 2 2 WAN WAN 0 # lan 0 bridge use on # lan 0 ip address 192.168.1.2/24 3 # lan 0 bridge group 0 # remote 0 bridge use on # remote 0 bridge group 0 0 # bridge 0 ip routing off # bridge 0 ip policy strict 1 # lan 1 bridge use on # lan 1 ip address 192.168.2.2/24 3 # lan 1 bridge group 1 # remote 1 bridge use on # remote 1 bridge group 1 1 # bridge 1 ip routing off # bridge 1 ip policy strict WAN # wan 0 line fr 128k # remote 0 name A-gyomu # remote 0 ap 0 name FR-16 # remote 0 ap 0 fr dlci 16 # remote 0 ap 0 fr cir 64 # remote 1 name B-gyomu # remote 1 ap 0 name FR-17 # remote 1 ap 0 fr dlci 17 # remote 1 ap 0 fr cir 64 # reset 267 STP

V21 2 2.32.3 IP Ethernet over IP IP IP 0 VLAN 1 VLAN IP IP LAN IP LAN - FTP - telnet - Web - syslog - SNMP Trap - IP loose IP STP 0 0 0 STP IP WAN WAN Ethernet IP IP IP LAN IP WAN IP Loose WAN LAN LAN LAN WAN LAN WAN Ethernet over IP 268 STP

V21 2 IP IPv4 IP PPPoE LAN CUG Closed Users Group PPPoE IPv4 LAN0 192.168.10.1/24 PPPoE ID userid1@groupname PPPoE userpass1 PPPoE LAN LAN1 NAT PPPoE IPv4 LAN0 192.168.20.1/24 PPPoE ID userid2@groupname PPPoE userpass2 PPPoE LAN LAN1 NAT 192.168.10.1 192.168.20.1 192.168.20.1 192.168.10.1 LAN0 IP IPv4 IPv6 269 STP

V21 2 1 # delete lan CUG PPPoE # lan 1 mode auto # remote 0 name CUG # remote 0 mtu 1454 # remote 0 ap 0 name user1 # remote 0 ap 0 datalink bind lan 1 # remote 0 ap 0 ppp auth send userid1@groupname userpass1 # remote 0 ap 0 keep connect # remote 0 ppp ipcp vjcomp disable # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 LAN0 IP # lan 0 ip address 192.168.10.1/24 3 IPv4 # remote 1 name EtherIP # remote 1 ap 0 name EtherIP # remote 1 ap 0 datalink type ip # remote 1 ap 0 tunnel local 192.168.10.1 # remote 1 ap 0 tunnel remote 192.168.20.1 # remote 1 bridge use on # lan 0 bridge use on # bridge 0 ip routing on # bridge 0 ip6 routing off # enable 270 STP

V21 2 2 # delete lan CUG PPPoE # lan 1 mode auto # remote 0 name CUG # remote 0 mtu 1454 # remote 0 ap 0 name user2 # remote 0 ap 0 datalink bind lan 1 # remote 0 ap 0 ppp auth send userid2@groupname userpass2 # remote 0 ap 0 keep connect # remote 0 ppp ipcp vjcomp disable # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 LAN0 IP # lan 0 ip address 192.168.20.1/24 3 IPv4 # remote 1 name EtherIP # remote 1 ap 0 name EtherIP # remote 1 ap 0 datalink type ip # remote 1 ap 0 tunnel local 192.168.20.1 # remote 1 ap 0 tunnel remote 192.168.10.1 # remote 1 bridge use on # lan 0 bridge use on # bridge 0 ip routing on # bridge 0 ip6 routing off # enable 271 STP

V21 2 2.33 LAN HUB 1 LAN PPPoE LAN HUB LAN MR1000 2.25 P.91 LAN LAN IPv4 IPv6 IP LAN 3 3 3 LAN OSPF VRRP 3 3 3 LAN 1.6 PPPoE P.17 MR1000 2.25 P.91 LAN 192.168.1.0/24 3 LAN1 LAN1 LAN2 LAN3 HUB LAN IPv4 LAN 272 LAN HUB

V21 2 HUB LAN # lan 1 bridge use on # lan 1 bridge group 0 # lan 2 bridge use on # lan 2 bridge group 0 # lan 3 bridge use on # lan 3 bridge group 0 # bridge 0 ip routing off # bridge 0 ip policy loose # bridge 0 ip6 routing off # bridge 0 ip6 policy loose # reset 273 LAN HUB

V21 2 2.34 ISDN ISDN 192.168.254.0/24 ISDN ISDN BRI # wan 0 line isdn # wan 0 isdn autodial disable LAN # lan 0 ip address 192.168.254.128/24 3 # lan 0 ip rip use v2m v2 0 off # remote 0 name kyoten # remote 0 ip route 0 192.168.1.0/24 1 1 # remote 0 ap 0 name kyoten # remote 0 ap 0 dial 0 number 1234 # remote 0 ap 0 ppp auth receive kyoten kyotenpass # reset 274 ISDN

V21 2 # remote 0 name center # remote 0 ip route 0 default 1 1 # remote 0 ap 0 name center # remote 0 ap 0 dial 0 number 5678 # remote 0 ap 0 ppp auth send kyoten kyotenpass # remote 0 ap 0 idle 1m send # enable 275 ISDN

V21 2 2.35 PIAFS PIAFS PHS PIAFS PIAFS 1.0/2.0/2.1 MR1000 5 P.42 0 9 A Z a z < > & % MR1000 1.4 P.18 LAN Proxy ARP ISDN LAN Proxy ARP Ethernet MAC IP MAC ARP Address Resolution Protocol ARP LAN IP ARP MAC Proxy ARP ARP ISDN U ISDN LAN 192.168.1.0/24 276 PIAFS

V21 2 PC0 PHS - pc0 - phs0 - IP 192.168.1.34-070-1234-5678 - ID mobileid - mobilepass PC1 PHS - pc1 - phs1 - IP 192.168.1.35-070-1234-5679 - ID mobileid - mobilepass ISDN # wan 0 line isdn LAN # lan 0 ip address 192.168.1.1/24 3 PC0 # remote 0 name pc0 # remote 0 autodial disable # remote 0 ap 0 name phs0 # remote 0 ap 0 ppp auth receive mobileid mobilepass # remote 0 ap 0 dial 0 number 070-1234-5678 # remote 0 ip address local 192.168.1.1 # remote 0 ip address remote 192.168.1.34 PC1 # remote 1 name pc1 # remote 1 autodial disable # remote 1 ap 0 name phs1 # remote 1 ap 0 ppp auth receive mobileid mobilepass # remote 1 ap 0 dial 0 number 070-1234-5679 # remote 1 ip address local 192.168.1.1 # remote 1 ip address remote 192.168.1.35 # reset 277 PIAFS

V21 2 2.36 COM IP-VPN IP-VPN BGP IP-VPN BGP BGP COM 9600/19200/38400/57600/115200/230400bps RS/CS `+++` COM AT CONNECT DCE ATZ ATV1 ATE0 ATW2 ATH ATA AT ATD P T X3 X4 278

V21 2 OFF M0 ON ON ON LOW Midium High M1 M2 M3 L0 L2 L3 OK CONNECT < > ERROR +FCERROR +FCON +F4 FAX DATA VOICE NO CARRIER NO DIALTONE NO DIAL TONE BUSY PHONE IN USE HAND SET IN USE NO ANSWER RING : 0-9 0-9 ME5614E2 COM - - - - - - IPv4 IPv6 56Kbps 279

V21 2 IP-VPN 1.12 LAN IP-VPN P.33 ADSL IP-VPN backup yokohama WAN IP 172.17.1.1 WAN IP 172.17.1.2 044-999-9999 1 ID tokyo tokyopass kawasaki kawapass 10.20.0.0/16 30 backup tokyo WAN IP 172.17.1.2 WAN IP 172.17.1.1 033-999-9999 1 ID kawasaki kawapass tokyo tokyopass 10.10.0.0/16 30 280

V21 2 # remote 0 name backup # remote 0 ap 0 name yokohama # remote 0 ap 0 datalink bind serial 0 # remote 0 ap 0 dial 0 number 044-999-9999 # remote 0 ap 0 ppp auth send yokohama yokopass # remote 0 ap 0 ppp auth receive tokyo tyokyopass # remote 0 ap 0 idle 1m # serial 0 use on # answer accept enable BGP # remote 0 ip route 0 10.20.0.0/16 1 30 # reset # remote 0 name backup # remote 0 ap 0 name tokyo # remote 0 ap 0 datalink bind serial 0 # remote 0 ap 0 dial 0 number 033-999-9999 # remote 0 ap 0 ppp auth send tokyo tyokyopass # remote 0 ap 0 ppp auth receive yokohama yokopass # remote 0 ap 0 idle 1m # serial 0 use on # answer accept enable BGP # remote 0 ip route 0 10.10.0.0/16 1 30 # reset 281

V21 2 2.37 ISDN +TA ISDN +ISDN ISDN +PIAFS +PHS PHS ISDN ISDN AAA MR1000 2.27 P.117 PHS ISDN U ISDN rmt30 2 PC0 PHS - ID mobile-a - mobilepass-a - PHS PC1 PHS - ID mobile-b - mobilepass-b - PHS LAN 192.168.1.0/24 IP 192.168.1.34 192.168.1.35 282

V21 2 ISDN MP rmt remote rmt30 47 remote 30 47 remote IP rmt 48 10 38 AAA AAA AAA CLID AAA PPP AAA AAA ID AAA ID ID ID LAN IP # lan 0 ip address 192.168.1.1/24 3 # wan 0 bind mb 0 # wan 0 line isdn # template 0 name mobile # template 0 datalink bind wan 0 # template 0 interface pool 30 2 # template 0 ip address remote-pool 192.168.1.34 2 # template 0 aaa 0 AAA # aaa 0 name mobile # aaa 0 user 0 id mobile-a # aaa 0 user 0 password mobilepass-a # aaa 0 user 1 id mobile-b # aaa 0 user 1 password mobilepass-b 283

V21 A ADSL...34 arp...132 AS...93 AS...93 B BAP/BACP...120 BGP/MPLS VPN...111 BGP4...33 BGP IPv4...95 BSR...125 B...120 C CATV...10 COM...278 CUG Closed Users Group...269 D DHCP...217 DHCP...222 DHCP...218 DHCP...220 DHCP...223 DH...44, 50 DNS...139 DNS...231 DNS...234 DNS...230 DNS...228 DNS...233 E ECMP...239 EoMPLS...107 Ethernet over IP...268 Ethernet...132 F FNA...260 I ID...56 IKE...44, 50 IKE...195 IPsec...159 IPsec...205 IPsec...205 IPv6...29 IPv6 DHCP...226 IPv6 over IPv4...32 IPv6...29 IPv6...14 IPv6...149 IP-VPN...33 IP...62, 134, 215 IP...218 IP...268 IP...133, 192 IP...133 IP...136 ISDN IPv6...26 ISDN LAN...19 L LAN...12 LSA...92 LSP...100 M MAC...220 MED...98 MIB...237 MPLS...111 MPLS LSP...100 MPLS...100 MPLS LAN...112 MPLS...116 MSS...193 MTU...132 MTU...194 N NAT...32 NAT...205 NetBIOS...155 O OSPFv2 IPv4...78 OSPF IPv4...92 P PIAFS...276 284

V21 PIM-DM...121 PIM-SM...125 PING...156 PPPoE...17 Proxy ARP...276 ProxyDNS...228 R RFC1877...231 RIP IPv4...62 RIP IPv6...70 RP...125 S SNMP...237 SNMP...237 SNTP...13 SPI...145, 163 SPT...125 STP...260 T TCP...133, 134, 136 TIME...13 TOS...208, 215 TOS/Traffic Class...210 TOS/Traffic Class...208 TOS...133 TOS...192 Traffic Class...208, 215 Trap...237 U URL...235 V VLAN ID...131 VLAN...132 VLAN...131 VLAN...210 VLAN...210 VoIP NAT...206 VPN...159, 160 VRRP...244 W Wakeup on LAN...252 WAN...262 WFQ...215...133, 208...198...62, 134...278...159 ID...78...92...257...259...257...258...107, 111 IP...53...244, 245 NAT...198...230...244, 248 ID...248...264...274...10...10...254, 256...37 IP...41, 47, 161...134 PPPoE...200...202 LAN 199, 204 285

V21...193, 211...196...197...41, 47, 159, 160...159, 161...87...228...97...98 TOS...208 HUB...131, 272...254...254...87...133 NAT...198...133...194...15 LAN...21...133, 208...193, 215...10...133...98...274, 278...213...254, 255...121 NAT...198 RIP...195...228...95...96...29...101, 104...159...19, 21...244...78, 92...254...62 63, 71...239...210 LAN...8...135...260...272...264 LAN...24 ADSL...17...133, 208, 210, 215...24...213...62, 70, 133...215...234...220...208...244 NAT...192, 198...121 286

V21...125...120...251...257...62, 70...136...121...282...252...255 2VPN...107 3VPN...111 287

MR1000 2 2005 3 K1N-D-04167B Printed in Japan