MR1000　コマンド設定事例集

V21 LAN 2005 1 2005 3 2 Microsoft Corporation OMRON Corporation 2004-2005 All Rights Reserved. 2

V21... 2... 6... 6... 6... 6 1... 7 1.1 LAN... 8 1.2 CATV... 10 1.3 LAN... 12 1.4 IPv4 IPv6... 14 1.5... 15 1.6 PPPoE... 17 1.7 LAN ISDN... 19 1.8 LAN... 21 1.9 LAN... 24 1.10 IPv6 LAN ISDN... 26 1.11 IPv6 LAN IPv6... 29 1.12 LAN IP-VPN... 33 1.12.1 ADSL IP-VPN... 34 1.12.2 IP-VPN... 37 1.13 NAT IP VPN... 41 1.14 NAT IP VPN... 47 1.15 NAT IP VPN... 53 2... 59 2.1 RIP IPv4... 62 2.1.1... 64 2.1.2... 65 2.1.3... 66 2.1.4... 67 2.1.5... 68 2.1.6... 69 2.2 RIP IPv6... 70 2.2.1... 72 2.2.2... 73 2.2.3... 74 2.2.4... 75 2.2.5... 76 2.2.6... 77 2.3 OSPFv2 IPv4... 78 2.3.1... 83 2.3.2... 87 2.4 OSPF IPv4... 92 2.4.1 OSPF LSA... 92 2.4.2 AS OSPF... 93 2.4.3 LSA... 94 3

V21 2.5 BGP IPv4... 95 2.5.1... 95 2.5.2 AS... 96 2.5.3 IP-VPN IP-VPN... 97 2.5.4... 98 2.6 MPLS... 100 2.6.1 MPLS LSP... 101 2.6.2 MPLS LSP... 104 2.7 MPLS 2VPN EoMPLS... 107 2.8 MPLS 3VPN BGP/MPLS VPN... 111 2.8.1 MPLS LAN... 112 2.8.2 MPLS... 116 2.9... 120 2.10... 121 2.10.1 PIM-DM... 121 2.10.2 PIM-SM... 125 2.11 VLAN... 131 2.12 IP... 133 2.12.1... 137 2.12.2... 141 2.12.3 SPI... 145 2.12.4 IPv6... 149 2.12.5... 153 2.12.6... 155 2.12.7... 156 2.12.8 ping... 157 2.13 IPsec... 159 2.13.1 IPv4 over IPv4 IP VPN... 161 2.13.2 IPv4 over IPv6 IP VPN... 165 2.13.3 IPv4 over IPv6 IP VPN... 168 2.13.4 IPv6 over IPv4 IP VPN... 172 2.13.5 IPv6 over IPv4 IP VPN... 176 2.13.6 IPv6 over IPv6 IP VPN... 180 2.13.7 IPv6 over IPv6 IP VPN... 184 2.13.8 IPv4 over IPv4 1 IKE IPsec VPN.188 2.13.9 IPsec... 192 2.14... 196 2.15 NAT... 198 2.15.1 LAN... 199 2.15.2 PPPoE... 200 2.15.3... 202 2.15.4 LAN... 204 2.15.5 NAT IPsec IPsec.205 2.16 VoIP NAT... 206 2.17 TOS/Traffic Class... 208 2.18 VLAN... 210 2.19... 211 2.19.1... 211 2.19.2... 212 2.20... 213 2.21 WFQ... 215 4

V21 2.22 DHCP... 217 2.22.1 DHCP... 218 2.22.2 DHCP... 220 2.22.3 DHCP... 222 2.22.4 DHCP... 223 2.22.5 IPv6 DHCP... 226 2.23 DNS ProxyDNS... 228 2.23.1 DNS... 228 2.23.2 DNS... 230 2.23.3 DNS... 231 2.23.4 DNS... 233 2.23.5 DNS... 234 2.24 URL URL... 235 2.25 SNMP... 237 2.26 ECMP... 239 2.27 VRRP... 244 2.27.1... 245 2.27.2... 248 2.28... 251 2.29... 252 2.29.1... 253 2.29.2... 253 2.30... 254 2.30.1... 254 2.30.2... 255 2.30.3... 256 2.31... 257 2.31.1... 258 2.31.2... 259 2.32 STP... 260 2.32.1 FNA STP... 260 2.32.2... 264 2.32.3 IP Ethernet over IP... 268 2.33 LAN HUB... 272 2.34 ISDN... 274 2.35 PIAFS... 276 2.36... 278 2.37... 282... 284 5

V21 CD-ROM README 1 2 Microsoft Windows Windows NT Microsoft Corporation Microsoft Windows 2000 Server Network operating system Microsoft Windows 2000 Professional operating system Windows 2000 NTT NTT ADSL NTT NTT 6

1 1 1.1 LAN..........................................................8 1.2 CATV......................................................10 1.3 LAN.......................................................12 1.4 IPv4 IPv6.......................................14 1.5....................................................15 1.6 PPPoE....................................................17 1.7 LAN ISDN.......................................................19 1.8 LAN.......................................................21 1.9 LAN...........................................24 1.10 IPv6 LAN ISDN..................................................26 1.11 IPv6 LAN IPv6............................................29 1.12 LAN IP-VPN........................................33 1.12.1 ADSL IP-VPN......................................34 1.12.2 IP-VPN..............................37 1.13 NAT IP VPN..................................41 1.14 NAT IP VPN....................................47 1.15 NAT IP VPN....................................53

V21 1 1.1 LAN LAN MR1000 5 P.42 LAN LAN0 IP DHCP NAT DHCP IP 1 5 LAN LAN1 IP / 192.168.1.1/24 DHCP IP 192.168.1.2 253 1 192.168.1.1 DNS 192.168.1.1 8 LAN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 IP LAN # delete lan 0 # lan 0 mode auto # lan 0 ip dhcp service client # lan 0 ip rip use off v1 0 off # lan 0 ip nat mode multi any 1 LAN # lan 1 mode auto # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off # enable LAN DHCP DHCP LAN IP IP IP IP 2.22.2 DHCP P.220 IP MAC 9 LAN

V21 1 1.2 CATV CATV CATV CATV 2 CATV CATV CATV CATV CATV CATV LAN LAN CATV CATV CATV CATV LAN CATV LAN CATV LAN LAN IP MR1000 5 P.42 10 CATV

V21 1 CATV LAN0 IP 172.16.184.33 / 172.16.184.0/24 172.16.184.100 DNS 192.10.10.10 LAN IP 192.168.1.1 / 192.168.1.0/24 DHCP CATV CATV IP CATV # delete lan # lan 0 ip address 172.16.184.33/24 3 # lan 0 ip dhcp info time 1d # lan 0 ip route 0 default 172.16.184.100 1 0 # lan 0 ip rip use off v1 0 off # lan 0 ip nat mode multi any 1 5m LAN # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.10.10.10 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off ProxyDNS # proxydns domain 0 any * any static 192.10.10.10 # proxydns address 0 any static 192.10.10.10 # reset 11 CATV

V21 1 1.3 LAN LAN-B LAN-A MR1000 5 P.42 LAN-A LAN1 IP 192.168.1.1 / 192.168.1.0/24 DHCP NAT LAN-B LAN0 IP 192.168.0.1 / 192.168.0.0/24 DHCP RIP-V1 1 2 1 IP 192.168.0.5 2 IP 192.168.0.10 LAN-C / 192.168.2.0/24 NAT 12 LAN

V21 1 TIME 192.168.0.20 TIME SNTP TIME RFC868 SNTP Simple Network Time Protocol RFC1361 RFC1769 NTP Network Time Protocol IP LAN0 # lan 0 ip address 192.168.0.1/24 3 # lan 0 ip dhcp service off # lan 0 ip route 0 192.168.2.0/24 192.168.0.10 1 0 # lan 0 ip route 0 default 192.168.0.5 1 0 # lan 0 ip rip use v1 v1 0 off LAN1 # lan 1 ip address 192.168.1.1/24 3 # lan 1 ip dhcp service server # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip rip use v1 v1 0 off # time auto server 192.168.0.20 time # time auto interval start # enable 13 LAN

V21 1 1.4 IPv4 IPv6 IPv4 IPv6 LAN-A / 2001:db8:1111:1001::/64 LAN-B / 2001:db8:1111:1000::/64 LAN0 # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1000::/64 30d 7d c0 # lan 0 ip6 ra mode send # lan 0 ip6 rip use on on 0 # lan 0 ip6 rip site-local on LAN1 # lan 1 ip6 use on # lan 1 ip6 address 0 2001:db8:1111:1001::/64 30d 7d c0 # lan 1 ip6 ra mode send # lan 1 ip6 rip use on on 0 # lan 1 ip6 rip site-local on # enable 14 IPv4 IPv6

V21 1 1.5 MR1000 5 P.42 ISDN OCN 128Kbps LAN0 LAN OCN DNS 192.10.10.10 OCN domain.ocn.ne.jp OCN IP IP / 172.16.184.32/29 172.16.184.33 172.16.184.38 172.16.184.39 LAN IP 172.16.184.33 internet 0 9 A Z a z < > & % MR1000 1.4 P.18 IP 15

V21 1 # wan 0 line hsd 128k IP # lan 0 ip address 172.16.184.33/29 3 DHCP # lan 0 ip dhcp info dns 192.10.10.10 # lan 0 ip dhcp info address 172.16.184.34/29 6 # lan 0 ip dhcp info gateway 172.16.184.33 # lan 0 ip dhcp info domain domain.ocn.ne.jp # lan 0 ip dhcp service server # remote 0 name internet # remote 0 ip route 0 default 1 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 ip dns 192.10.10.10 # reset 16

V21 1 1.6 PPPoE PPPoE ADSL MR1000 5 P.42 ID userid userpass LAN0 LAN IP 192.168.1.1 / 192.168.1.0/24 0 9 A Z a z < > & % MR1000 1.4 P.18 IP PPPoE MTU MTU 1454 PPPoE LAN lan mode lan mode lan LAN 17 PPPoE

V21 1 ADSL # delete lan 0 # lan 0 mode auto IP # lan 1 ip address 192.168.1.1/24 3 DHCP # lan 1 ip dhcp info dns 192.168.1.1 # lan 1 ip dhcp info address 192.168.1.2/24 253 # lan 1 ip dhcp info time 1d # lan 1 ip dhcp info gateway 192.168.1.1 # lan 1 ip dhcp service server # lan 1 ip nat mode off # remote 0 name internet # remote 0 mtu 1454 # remote 0 autodial enable # remote 0 ppp ipcp vjcomp disable # remote 0 ip route 0 default 1 # remote 0 ip rip use off off 0 off # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid userpass ProxyDNS # proxydns domain 0 any * any to 0 # proxydns address 0 any to 0 # reset 18 PPPoE

V21 1 1.7 LAN ISDN ISDN 2 MR1000 5 P.42 ISDN ISDN 64Kbps intranet 1 IP / 192.168.1.1/24 03-7777-7777 ID tokyo tokyopass kawasaki kawapass IP / 192.168.2.1/24 044-999-9999 ID kawasaki kawapass tokyo tokyopass IP 19 LAN ISDN

V21 1 # wan 0 line isdn IP # lan 0 ip address 192.168.1.1/24 3 # remote 0 name intranet # remote 0 ip route 0 192.168.2.0/24 1 # remote 0 ap 0 name kawasaki # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 044-999-9999 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send tokyo tokyopass # remote 0 ap 0 ppp auth receive kawasaki kawapass # remote 0 ap 0 idle 1m # reset # wan 0 line isdn IP # lan 0 ip address 192.168.2.1/24 3 # remote 0 name intranet # remote 0 ip route 0 192.168.1.0/24 1 # remote 0 ap 0 name tokyo # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 03-7777-7777 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send kawasaki kawapass # remote 0 ap 0 ppp auth receive tokyo tokyopass # remote 0 ap 0 idle 1m # reset 20 LAN ISDN

V21 1 1.8 LAN 2 MR1000 5 P.42 ISDN BRI 128Mbps DHCP honsya honsya-1 / 192.168.1.0/24 LAN IP 192.168.1.1 DNS 192.168.1.2 IP 192.168.1.3 shisya1 shisya-1 / 192.168.2.0/24 LAN IP 192.168.2.1 DNS IP DHCP 21 LAN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 IP # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip route 0 default 192.168.1.3 1 # remote 0 name shisya1 # remote 0 ip route 0 192.168.2.1/24 1 # remote 0 ap 0 name shisya-1 # remote 0 ap 0 datalink bind wan 0 # reset 22 LAN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.2.1/24 3 # remote 0 name honsya # remote 0 ap 0 name honsya-1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ip route 0 default 1 # reset 1.5 P.15 DHCP DHCP 23 LAN

V21 1 1.9 LAN LAN MR1000 5 P.42 ISDN 128Kbps RIPv1 LAN IP / 10.100.87.3/24 1 center1 ap1 WAN IP 10.200.3.18 WAN IP 10.200.3.1 DLCI 16 CIR 64Kbps 2 center2 ap2 24 LAN

V21 1 WAN IP 10.200.103.18 WAN IP 10.200.103.1 DLCI 17 CIR 64Kbps IP # wan 0 line fr 128k LAN IP # lan 0 ip address 10.100.87.3/24 3 RIP # lan 0 ip rip use v1 v1 0 off 1 # remote 0 name center1 # remote 0 ip address local 10.200.3.18 # remote 0 ip address remote 10.200.3.1 # remote 0 ip rip use v1 v1 0 off # remote 0 ap 0 name ap1 # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 fr dlci 16 # remote 0 ap 0 fr cir 64 2 # remote 1 name center2 # remote 1 ip address local 10.200.103.18 # remote 1 ip address remote 10.200.103.1 # remote 1 ip rip use v1 v1 0 off # remote 1 ap 0 name ap2 # remote 1 ap 0 datalink bind wan 0 # remote 1 ap 0 fr dlci 17 # remote 1 ap 0 fr cir 64 # reset 25 LAN

V21 1 1.10 IPv6 LAN ISDN ISDN 2 IPv6 MR1000 5 P.42 ISDN ISDN 64Kbps IPv6 kaisya 1 / 2001:db8:1111:1000::/64 tokyo 03-7777-7777 ID tokyo tokyopass kawasaki kawapass / 2001:db8:1111:1001::/64 kawasaki 044-999-9999 ID kawasaki kawapass tokyo tokyopass 26 IPv6 LAN ISDN

V21 1 0 9 A Z a z < > & % MR1000 1.4 P.18 # wan 0 line isdn LAN # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1000::/64 30d 7d # lan 0 ip6 ra mode send # remote 0 name kaisya # remote 0 ap 0 name kawasaki # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 044-999-9999 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send tokyo tokyopass # remote 0 ap 0 ppp auth receive kawasaki kawapass # remote 0 ap 0 idle 1m # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1001::/64 1 # reset ISDN RIP IPv6 RIP IPv6 27 IPv6 LAN ISDN

V21 1 # wan 0 line isdn LAN # lan 0 ip6 use on # lan 0 ip6 address 0 2001:db8:1111:1001::/64 30d 7d # lan 0 ip6 ra mode send # remote 0 name kaisya # remote 0 ap 0 name tokyo # remote 0 ap 0 datalink bind wan 0 # remote 0 ap 0 dial 0 number 03-7777-7777 # remote 0 ap 0 dial 0 speed 64K # remote 0 ap 0 ppp auth type any # remote 0 ap 0 ppp auth send kawasaki kawapass # remote 0 ap 0 ppp auth receive tokyo tokyopass # remote 0 ap 0 idle 1m # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1000::/64 1 # reset 28 IPv6 LAN ISDN

V21 1 1.11 IPv6 LAN IPv6 IPv4 2 IPv6 LAN0 IPv4 172.16.184.1 LAN1 IPv4 172.16.185.1 LAN1 IPv6 / 2001:db8:1111:10b9::/64 LAN0 IPv4 172.16.21.1 LAN1 IPv4 172.16.22.1 LAN1 IPv6 / 2001:db8:1111:1016::/64 IPv4 IPv6 0 9 A Z a z < > & % MR1000 1.4 P.18 IPv6 over IPv4 IPv4 MTU 1280 IP 29 IPv6 LAN IPv6

V21 1 IPv4 # lan 0 ip address 172.16.184.1/24 3 # lan 0 ip rip use v1 v1 0 # lan 0 ip dhcp service off # lan 0 ip nat mode off # lan 1 ip address 172.16.185.1/24 3 # lan 1 ip rip use v1 v1 0 # lan 1 ip dhcp service off # lan 1 ip nat mode off IPv6 # lan 1 ip6 use on # lan 1 ip6 ifid auto # lan 1 ip6 address 0 2001:db8:1111:10b9::/64 30d 7d c0 # lan 1 ip6 ra mode send IP # remote 0 name v6kawasa # remote 0 mtu 1280 # remote 0 ap 0 name tun-kawa # remote 0 ap 0 datalink type ip # remote 0 ap 0 tunnel local 172.16.184.1 # remote 0 ap 0 tunnel remote 172.16.21.1 # remote 0 ip6 use on # remote 0 ip6 route 0 2001:db8:1111:1016::/64 1 # reset 30 IPv6 LAN IPv6

V21 1 IPv4 # lan 0 ip address 172.16.21.1/24 3 # lan 0 ip rip use v1 v1 0 # lan 0 ip dhcp service off # lan 0 ip nat mode off # lan 1 ip address 172.16.22.1/24 3 # lan 1 ip rip use v1 v1 0 # lan 1 ip dhcp service off # lan 1 ip nat mode off IPv6 # lan 1 ip6 use on # lan 1 ip6 ifid auto # lan 1 ip6 address 0 2001:db8:1111:1016::/64 30d 7d c0 # lan 1 ip6 ra mode send IP # remote 0 name v6tokyo # remote 0 mtu 1280 # remote 0 ap 0 name tun-tkyo # remote 0 ap 0 datalink type ip # remote 0 ap 0 tunnel local 172.16.21.1 # remote 0 ap 0 tunnel remote 172.16.184.1 # remote 0 ip6 use on # remote 0 ip 6 route 0 2001:db8:1111:10b9::/64 1 # reset 31 IPv6 LAN IPv6

V21 1 NAT IPv6 over IPv4 IPv4 NAT IPv6 over IPv4 IPv6 IPv4 NAT IPv4 IPv6 over IPv4 NAT IP LAN IP IP remote ip address local IP PPP IP NAT GW IP IPv6 over IPv4 GW NAT IP IP IP IP GW IPv6 over IPv4 NAT 172.16.0.1 LAN 192.168.1.1 GW IP 172.31.0.1 IPv6 over IPv4 192.168.1.1 172.31.0.1 remote 0 ap 0 tunnel local 192.168.1.1 remote 0 ap 0 tunnel remote 172.31.0.1 NAT lan 0 ip nat static 0 192.168.1.1 any 172.16.0.1 any 41 GW 172.16.0.1 172.31.0.1 GW NAT remote 0 ap 0 tunnel local 172.31.0.1 remote 0 ap 0 tunnel remote 172.16.0.1 32 IPv6 LAN IPv6

V21 1 1.12 LAN IP-VPN BGP4 IP-VPN MR1000 5 P.42 0 9 A Z a z < > & % MR1000 1.4 P.18 NAT 4 BGP BGP MR1000 2.3 P.19 BGP BGP BGP BGP enable IP 33 LAN IP-VPN

V21 1 1.12.1 ADSL IP-VPN LAN0 ADSL IP-VPN IP 172.16.1.2 IP 172.16.2.2 IP 172.16.3.2 AS 1 IP-VPN LAN0 LAN0 IP 192.168.1.1 LAN0 / 192.168.1.0/24 LAN1 IP 10.10.10.1 LAN1 / 10.10.10.0/24 AS 65000 RIPv2 IP-VPN LAN0 LAN0 IP 192.168.2.1 LAN0 / 192.168.2.0/24 LAN1 IP 10.20.10.1 LAN1 / 10.20.10.0/24 AS 65001 34 LAN IP-VPN

V21 1 IP-VPN LAN0 LAN0 IP 192.168.3.1 LAN0 / 192.168.3.0/24 LAN1 IP 10.30.10.1 LAN1 / 10.30.10.0/24 AS 65002 LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.1.0/24 192.168.1.2 1 # lan 1 ip address 10.10.10.1/24 3 # lan 1 ip rip use v2m v2 0 off # routemanage ip redist rip bgp on # routemanage ip redist bgp rip on # bgp as 65000 # bgp network route 0 10.10.10.0/24 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset 35 LAN IP-VPN

V21 1 LAN # lan 0 ip address 192.168.2.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.2.0/24 192.168.2.2 1 # lan 1 ip address 10.20.10.1/24 3 # bgp as 65001 # bgp network route 0 10.20.10.0/24 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset LAN # lan 0 ip address 192.168.3.1/24 3 # lan 0 ip nat mode off # lan 0 ip dhcp service off # lan 0 ip route 0 172.16.3.0/24 192.168.3.2 1 # lan 1 ip address 10.30.10.1/24 3 # bgp as 65002 # bgp network route 0 10.30.10.0/24 # bgp neighbor 0 address 172.16.3.2 # bgp neighbor 0 as 1 # bgp neighbor 0 ebgp-multihop 2 # reset 36 LAN IP-VPN

V21 1 1.12.2 IP-VPN ISDN IP-VPN IP 172.16.1.2 IP 172.16.2.2 IP 172.16.3.2 AS 1 LAN IP 192.168.1.1 LAN / 192.168.1.0/24 LAN / 192.168.11.0/24 LAN RIPv2 WAN IP 172.16.1.1 AS 65000 LAN IP 192.168.2.1 LAN / 192.168.2.0/24 WAN IP 172.16.2.1 AS 65001 LAN IP 192.168.3.1 LAN / 192.168.3.0/24 WAN IP 172.16.3.1 AS 65002 37 LAN IP-VPN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.1.1/24 3 # lan 0 ip rip use v2m v2 0 off # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.1.1 # remote 0 ip address remote 172.16.1.2 # routemanage ip redist rip bgp on # routemanage ip redist bgp rip on # bgp as 65000 # bgp network route 0 192.168.1.0/24 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # reset 38 LAN IP-VPN

V21 1 # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.2.1/24 3 # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.2.1 # remote 0 ip address remote 172.16.2.2 # bgp as 65001 # bgp network route 0 192.168.2.0/24 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # reset # wan 0 line hsd 128k LAN # lan 0 ip address 192.168.3.1/24 3 # remote 0 name IP-VPN # remote 0 ap 0 name ip-vpn # remote 0 ap 0 datalink bind wan 0 # remote 0 ip address local 172.16.3.1 # remote 0 ip address remote 172.16.3.2 # bgp as 65002 # bgp network route 0 192.168.3.0/24 # bgp neighbor 0 address 172.16.3.2 # bgp neighbor 0 as 1 # reset 39 LAN IP-VPN

V21 1 BGP4 BGP4 BGP WAN BGP BGP BGP BGP - BGP BGP - BGP BGP 40 LAN IP-VPN

V21 1 1.13 NAT IP VPN IPsec VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 IP 202.168.3.66/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.1.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 41 NAT IP VPN

V21 1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.3.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 42 NAT IP VPN

V21 1 A vpn-hon honsya IPsec/IKE 202.168.1.66-202.168.2.66 IPsec 192.168.1.0/24-any4 B vpn-hon honsya IPsec/IKE 202.168.3.66-202.168.2.66 IPsec 192.168.3.0/24-any4 vpn-shia shisyaa IPsec/IKE 202.168.2.66-202.168.1.66 IPsec any4-i192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66-202.168.3.66 IPsec any4-i192.168.3.0/24 A Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Main Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 43 NAT IP VPN

V21 1 DH IKE A VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 44 NAT IP VPN

V21 1 B VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.3.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 45 NAT IP VPN

V21 1 VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 202.168.1.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 tunnel remote 202.168.3.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 46 NAT IP VPN

V21 1 1.14 NAT IP VPN IPsec VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 IP 202.168.1.66/24 IP 10.0.1.1/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 IP 202.168.3.66/24 IP 10.0.3.1/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.1.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 47 NAT IP VPN

V21 1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 # remote 0 ap 0 keep connect # remote 0 ip address local 202.168.3.66 # remote 0 ip route 0 default 1 0 # remote 0 ip msschange 1414 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 48 NAT IP VPN

V21 1 A vpn-hon honsya IPsec/IKE 10.0.1.1-202.168.2.66 IPsec 192.168.1.0/24-any4 B vpn-hon honsya IPsec/IKE 10.0.3.1-202.168.2.66 IPsec 192.168.3.0/24-any4 vpn-shia shisyaa IPsec/IKE 202.168.2.66-10.0.1.1 IPsec any4-i192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66-10.0.3.1 IPsec any4-i192.168.3.0/24 A Main Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Main Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 49 NAT IP VPN

V21 1 DH IKE A IPsec/IKE # remote 0 ip nat static 0 202.168.1.66 500 10.0.1.1 500 17 # remote 0 ip nat static 1 202.168.1.66 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.1.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 50 NAT IP VPN

V21 1 B IPsec/IKE # remote 0 ip nat static 0 202.168.3.66 500 10.0.3.1 500 17 # remote 0 ip nat static 1 202.168.3.66 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.3.66 # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 51 NAT IP VPN

V21 1 VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 tunnel remote 10.0.1.1 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode main # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 tunnel remote 10.0.3.1 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode main # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 52 NAT IP VPN

V21 1 1.15 NAT IP VPN IP VPN A B PPPoE VPN A PPPoE IP 192.168.1.1/24 PPPoE ID userid1 PPPoE userpass1 PPPoE LAN LAN0 B PPPoE IP 192.168.3.1/24 PPPoE ID userid3 PPPoE userpass3 PPPoE LAN LAN0 IP 192.168.2.1/24 IP 202.168.2.66/24 IP 202.168.2.65 A PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.1.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid1 userpass1 B PPPoE # delete lan 0 # lan 0 mode auto # lan 1 ip address 192.168.3.1/24 3 # remote 0 name internet # remote 0 mtu 1454 # remote 0 ip route 0 default 1 0 # remote 0 ip nat mode multi any 1 5m # remote 0 ip msschange 1414 # remote 0 ap 0 name ISP-1 # remote 0 ap 0 datalink bind lan 0 # remote 0 ap 0 ppp auth send userid3 userpass3 53 NAT IP VPN

V21 1 # lan 0 ip address 202.168.2.66/24 3 # lan 0 ip route 0 default 202.168.2.65 1 0 # lan 1 ip address 192.168.2.1/24 3 A Initiator vpn-hon honsya IPsec/IKE A - 202.168.2.66 IPsec 192.168.1.0/24-any4 IKE UDP 500 192.168.1.1 ESP 192.168.1.1 B Initiator vpn-hon honsya IPsec/IKE B - 202.168.2.66 IPsec 192.168.3.0/24-any4 IKE UDP 500 192.168.3.1 54 NAT IP VPN

V21 1 ESP 192.168.3.1 vpn-shia shisyaa IPsec/IKE 202.168.2.66 - A IPsec any4-192.168.1.0/24 vpn-shib shisyab IPsec/IKE 202.168.2.66 - B IPsec any4-192.168.3.0/24 A Aggressive Mode IPsec esp IPsec des-cbc IPsec hmac-md5 IPsec DH IKE A ID ID shisyaa FQDN IKE abcdefghijklmnopqrstuvwxyz1234567890 IKE shared IKE des-cbc IKE hmac-md5 IKE DH modp768 B Aggressive Mode IPsec esp IPsec 3des-cbc IPsec hmac-sha1 IPsec DH IKE B ID ID shisyab FQDN IKE ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 IKE shared IKE 3des-cbc IKE hmac-sha1 IKE DH modp1024 55 NAT IP VPN

V21 1 DH IKE ID Aggressive Mode ID VPN IP VPN IP IP IKE NAT A Initiator IPsec/IKE # remote 0 ip nat static 0 192.168.1.1 500 any 500 17 # remote 0 ip nat static 1 192.168.1.1 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.1.0/24 any4 # remote 1 ap 0 ipsec ike encrypt des-cbc # remote 1 ap 0 ipsec ike auth hmac-md5 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisyaa # remote 1 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 1 ap 0 ike proposal encrypt des-cbc # enable 56 NAT IP VPN

V21 1 B Initiator IPsec/IKE # remote 0 ip nat static 0 192.168.3.1 500 any 500 17 # remote 0 ip nat static 1 192.168.3.1 any any any 50 VPN # remote 1 name vpn-hon # remote 1 ip route 0 192.168.2.0/24 1 0 # remote 1 ap 0 name honsya # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel remote 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range 192.168.3.0/24 any4 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name local shisyab # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 57 NAT IP VPN

V21 1 Responder VPN # remote 0 name vpn-shia # remote 0 ip route 0 192.168.1.0/24 1 0 # remote 0 ap 0 name shisyaa # remote 0 ap 0 datalink type ipsec # remote 0 ap 0 tunnel local 202.168.2.66 # remote 0 ap 0 ipsec type ike # remote 0 ap 0 ipsec ike protocol esp # remote 0 ap 0 ipsec ike range any4 192.168.1.0/24 # remote 0 ap 0 ipsec ike encrypt des-cbc # remote 0 ap 0 ipsec ike auth hmac-md5 # remote 0 ap 0 ike mode aggressive # remote 0 ap 0 ike name remote shisyaa # remote 0 ap 0 ike shared key text abcdefghijklmnopqrstuvwxyz1234567890 # remote 0 ap 0 ike proposal encrypt des-cbc # remote 1 name vpn-shib # remote 1 ip route 0 192.168.3.0/24 1 0 # remote 1 ap 0 name shisyab # remote 1 ap 0 datalink type ipsec # remote 1 ap 0 tunnel local 202.168.2.66 # remote 1 ap 0 ipsec type ike # remote 1 ap 0 ipsec ike protocol esp # remote 1 ap 0 ipsec ike range any4 192.168.3.0/24 # remote 1 ap 0 ipsec ike encrypt 3des-cbc # remote 1 ap 0 ipsec ike auth hmac-sha1 # remote 1 ap 0 ike mode aggressive # remote 1 ap 0 ike name remote shisyab # remote 1 ap 0 ike shared key text ABCDEFGHIJKLMNOPQRSTUVWXYZ0987654321 # remote 1 ap 0 ike proposal encrypt 3des-cbc # remote 1 ap 0 ike proposal hash hmac-sha1 # remote 1 ap 0 ike proposal pfs modp1024 # enable 58 NAT IP VPN

2 2 2.1 RIP IPv4.........................................................62 2.1.1...............................................64 2.1.2..................................65 2.1.3...............................................66 2.1.4..................................67 2.1.5...............................................68 2.1.6...............................................69 2.2 RIP IPv6.........................................................70 2.2.1...............................................72 2.2.2..................................73 2.2.3...............................................74 2.2.4..................................75 2.2.5...............................................76 2.2.6...............................................77 2.3 OSPFv2 IPv4.......................................78 2.3.1......................................................83 2.3.2..........................................................87 2.4 OSPF IPv4.......................................................92 2.4.1 OSPF LSA...........................92 2.4.2 AS OSPF...............................93 2.4.3 LSA..............................94 2.5 BGP IPv4........................................................95 2.5.1..............................................95 2.5.2 AS.......................................96 2.5.3 IP-VPN IP-VPN..........................97 2.5.4.................................................98 2.6 MPLS.......................................100 2.6.1 MPLS LSP.........101 2.6.2 MPLS LSP. 104 2.7 MPLS 2VPN EoMPLS....................................107 2.8 MPLS 3VPN BGP/MPLS VPN.............................111

2.8.1 MPLS LAN............................................112 2.8.2 MPLS...........................................116 2.9............................................................120 2.10..........................................................121 2.10.1 PIM-DM.........................................121 2.10.2 PIM-SM.........................................125 2.11 VLAN.................................................................131 2.12 IP........................................................133 2.12.1....................................137 2.12.2....................................141 2.12.3 SPI........................145 2.12.4 IPv6.................149 2.12.5....................................153 2.12.6................................................155 2.12.7...........................................156 2.12.8 ping.....................................157 2.13 IPsec..................................................................159 2.13.1 IPv4 over IPv4 IP VPN...........................161 2.13.2 IPv4 over IPv6 IP VPN...........................165 2.13.3 IPv4 over IPv6 IP VPN...........................168 2.13.4 IPv6 over IPv4 IP VPN...........................172 2.13.5 IPv6 over IPv4 IP VPN...........................176 2.13.6 IPv6 over IPv6 IP VPN...........................180 2.13.7 IPv6 over IPv6 IP VPN...........................184 2.13.8 IPv4 over IPv4 1 IKE IPsec VPN 188 2.13.9 IPsec...................................................192 2.14............................................................196 2.15 NAT............................................198 2.15.1 LAN.......................................199 2.15.2 PPPoE................................................200 2.15.3.........................................202 2.15.4 LAN.......204 2.15.5 NAT IPsec IPsec.205 2.16 VoIP NAT....................................................206 2.17 TOS/Traffic Class...............................................208 2.18 VLAN............................................210 2.19............................................................211 2.19.1..................................211 2.19.2...........................................212 2.20...................................................213 2.21 WFQ........................................................215 2.22 DHCP.................................................................217 2.22.1 DHCP......................................................218 2.22.2 DHCP................................................220 2.22.3 DHCP................................................222 2.22.4 DHCP...........................................223

2.22.5 IPv6 DHCP............................................226 2.23 DNS ProxyDNS..................................................228 2.23.1 DNS..................................228 2.23.2 DNS..................................230 2.23.3 DNS.......................................231 2.23.4 DNS.......................................233 2.23.5 DNS.......................................................234 2.24 URL URL..................................235 2.25 SNMP......................................................237 2.26 ECMP.................................................................239 2.27 VRRP.................................................................244 2.27.1..............................................245 2.27.2....................................................248 2.28.......................................................251 2.29.................................252 2.29.1.............................................253 2.29.2................................................253 2.30............................................................254 2.30.1.....................................................254 2.30.2.....................................................255 2.30.3.............................................256 2.31..................................................257 2.31.1.....................................................258 2.31.2.....................................................259 2.32 STP..........................................................260 2.32.1 FNA STP......................................260 2.32.2..............................................264 2.32.3 IP Ethernet over IP................268 2.33 LAN HUB.....................................272 2.34 ISDN.........................................274 2.35 PIAFS...................................................276 2.36..............................................278 2.37...............................282

V21 2 2.1 RIP IPv4 IP RIP IP 0 any 1 16 RIP IP IP IP IP 172.21.0.0/16 172.21.0.0/16 172.21.0.0/24 IP IP 172.21.0.0/16 172.21.0.0/24 172.21.10.0/24 RIPv1 lan 0 ip address 192.168.1.1/24 10.0.0.0 10.0.0.0/8 62 RIP IPv4

V21 2 2 A. B. A B RIP RIP RIP RIP 63 RIP IPv4

V21 2 2.1.1 # lan 0 ip rip filter 0 act pass out # lan 0 ip rip filter 0 route default # lan 0 ip rip filter 1 act reject out # lan 0 ip rip filter 1 route any # enable 64 RIP IPv4

V21 2 2.1.2 2 192.168.10.0/24 1 1 192.168.10.0/24 10 192.168.20.0/24 1 192.168.10.0/24 1 192.168.10.0/24 192.168.10.0/24 1 # lan 1 ip rip filter 0 act pass out # lan 1 ip rip filter 0 route 192.168.10.0/24 # lan 1 ip rip filter 0 set metric 1 # lan 1 ip rip filter 1 act pass out # lan 1 ip rip filter 1 route any # enable RIP 16 65 RIP IPv4

V21 2 2.1.3 # lan 0 ip rip filter 0 act pass in # lan 0 ip rip filter 0 route default # lan 0 ip rip filter 1 act reject in # lan 0 ip rip filter 1 route any # enable 66 RIP IPv4

V21 2 2.1.4 1 2 192.168.10.0/24 1 1 192.168.10.0/24 1 2 192.168.10.0/24 5 LAN0 192.168.10.0/24 1 # lan 0 ip rip filter 0 act pass in # lan 0 ip rip filter 0 route 192.168.10.0/24 # lan 0 ip rip filter 0 set metric 1 LAN0 # lan 0 ip rip filter 1 act pass in # lan 0 ip rip filter 1 route any lan1 192.168.10.0/24 5 # lan 1 ip rip filter 0 act pass in # lan 1 ip rip filter 0 route 192.168.10.0/24 # lan 1 ip rip filter 0 set metric 5 lan1 # lan 1 ip rip filter 1 act pass in # lan 1 ip rip filter 1 route any # enable 16 67 RIP IPv4

V21 2 2.1.5 10.20.30.0/24 10.20.30.0/24 10.20.30.0/24 # lan 0 ip rip filter 0 act reject out # lan 0 ip rip filter 0 route 10.20.30.0/24 # lan 0 ip rip filter 1 act pass out # lan 0 ip rip filter 1 route any # enable 68 RIP IPv4

V21 2 2.1.6 10.20.30.0/24 10.20.30.0/24 10.20.30.0/24 # lan 0 ip rip filter 0 act reject in # lan 0 ip rip filter 0 route 10.20.30.0/24 # lan 0 ip rip filter 1 act pass in # lan 0 ip rip filter 1 route any # enable 69 RIP IPv4

V21 2 2.2 RIP IPv6 RIP IPv6 0 any 1 16 RIP 2001:db8:1111::/32 2001:db8:1111::/32 2001:db8:1111::/64 2001:db8::/16 2001:db8::/32 2001:db8:1111::/32 70 RIP IPv6

V21 2 2 A. B. A B RIP RIP RIP RIP 71 RIP IPv6

V21 2 2.2.1 # lan 0 ip6 rip filter 0 act pass out # lan 0 ip6 rip filter 0 route default # lan 0 ip6 rip filter 1 act reject out # lan 0 ip6 rip filter 1 route any # enable 72 RIP IPv6

V21 2 2.2.2 2 2001:db8:1111::/64 1 1 2001:db8:1111::/64 10 2001:db8:2222::/64 1 2001:db8:1111::/64 1 2001:db8:1111::/64 2001:db8:1111::/64 1 # lan 1 ip6 rip filter 0 act pass out # lan 1 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 1 ip6 rip filter 0 set metric 1 # lan 1 ip6 rip filter 1 act pass out # lan 1 ip6 rip filter 1 route any # enable RIP 16 73 RIP IPv6

V21 2 2.2.3 # lan 0 ip6 rip filter 0 act pass in # lan 0 ip6 rip filter 0 route default # lan 0 ip6 rip filter 1 act reject in # lan 0 ip6 rip filter 1 route any # enable 74 RIP IPv6

V21 2 2.2.4 1 2 2001:db8:1111::/64 1 1 2001:db8:1111::/64 1 2 2001:db8:1111::/64 5 LAN0 2001:db8:1111::/64 1 # lan 0 ip6 rip filter 0 act pass in # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 set metric 1 LAN0 # lan 0 ip6 rip filter 1 act pass in # lan 0 ip6 rip filter 1 route any lan1 2001:db8:1111::/64 5 # lan 1 ip6 rip filter 0 act pass in # lan 1 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 1 ip6 rip filter 0 set metric 5 lan1 # lan 1 ip6 rip filter 1 act pass in # lan 1 ip6 rip filter 1 route any # enable 16 75 RIP IPv6

V21 2 2.2.5 2001:db8:1111::/64 2001:db8:1111::/64 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 act reject out # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 1 act pass out # lan 0 ip6 rip filter 1 route any # enable 76 RIP IPv6

V21 2 2.2.6 2001:db8:1111::/64 2001:db8:1111::/64 2001:db8:1111::/64 # lan 0 ip6 rip filter 0 act reject in # lan 0 ip6 rip filter 0 route 2001:db8:1111::/64 # lan 0 ip6 rip filter 1 act pass in # lan 0 ip6 rip filter 1 route any # enable 77 RIP IPv6

V21 2 2.3 OSPFv2 IPv4 OSPFv2 OSPF ID 0.0.0.0 ID 0.0.0.0 ID MR1000 2.5 OSPF P.33 NAT OSPF IP IP OSPF 50 2 Designated Router OSPF MTU OSPF OSPF LSA LSDB LSA LSA enable/reset 60 OSPF enable LSA MaxAge OSPF OSPF 30000 LSA 15Kbps 5 6 remote 78 OSPFv2 IPv4

V21 2 1 6 IP 1 6 NAT DHCP 5 6 ISDN 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 LAN1 0 0.0.0.1 10.20.0.0/16 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN0 1 LAN1 passive-interface 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN0 255 LAN1 passive-interface 4 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 LAN1 passive-interface LAN0 1 5 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.0 remote0 OSPF ID 0.0.0.2 0.0.0.2 10.30.0.0/16 6 LAN0 OSPF 79 OSPFv2 IPv4

V21 2 remote0 OSPF LAN0 OSPF ID 0.0.0.2 remote0 OSPF ID 0.0.0.2 LAN0 passive-interface 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 # lan 1 ip ospf priority 0 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 range 0 10.20.0.0/16 # reset 2 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 1 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 80 OSPFv2 IPv4

V21 2 3 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 255 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 4 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf priority 1 # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on OSPF # ospf ip area 0 id 0.0.0.1 # reset 5 LAN # lan 0 ip ospf use on 0 # remote 0 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 range 0 10.30.0.0/16 # reset 81 OSPFv2 IPv4

V21 2 6 LAN # lan 0 ip ospf use on 0 # lan 0 ip ospf passive on # remote 0 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.2 # reset WAN WAN IP OSPF OSPF 82 OSPFv2 IPv4

V21 2 2.3.1 OSPF ID OSPF ID 4 5 remote 1 5 IP 1 5 NAT DHCP 4 5 ISDN 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 83 OSPFv2 IPv4

V21 2 LAN1 OSPF ID 0.0.0.1 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.2 OSPF ID 10.30.10.1 OSPF ID 10.40.10.1 4 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.2 remote0 OSPF ID 0.0.0.3 OSPF ID 10.40.10.1 OSPF ID 10.30.10.1 5 LAN0 OSPF remote0 OSPF LAN0 OSPF ID 0.0.0.3 remote0 OSPF ID 0.0.0.3 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # reset 84 OSPFv2 IPv4

V21 2 2 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.1 # reset 3 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip id 10.30.10.1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 vlink 0 id 10.40.10.1 # reset 4 LAN # lan 0 ip ospf use on 0 5 # remote 0 ip ospf use on 1 OSPF # ospf ip id 10.40.10.1 # ospf ip area 0 id 0.0.0.2 # ospf ip area 0 vlink 0 id 10.30.10.1 # ospf ip area 1 id 0.0.0.3 # reset 85 OSPFv2 IPv4

V21 2 5 LAN # lan 0 ip ospf use on 0 4 # remote 0 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.3 # reset 86 OSPFv2 IPv4

V21 2 2.3.2 OSPF OSPF RIP BGP OSPF OSPF RIP BGP OSPF OSPF OSPF NSSA OSPF OSPF OSPF 5 6 remote IP-VPN 1 6 IP 1 6 NAT DHCP 5 6 ISDN 87 OSPFv2 IPv4

V21 2 1 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.1 ID 0.0.0.1 stub 2 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.1 LAN1 OSPF ID 0.0.0.1 ID 0.0.0.1 stub 3 LAN0 OSPF LAN1 OSPF LAN0 OSPF ID 0.0.0.0 LAN1 OSPF ID 0.0.0.2 ID 0.0.0.2 nssa 4 LAN0 OSPF LAN1 RIP V2,OSPF LAN0 OSPF ID 0.0.0.2 LAN1 passive-interface ID0.0.0.2 nssa OSPF RIP RIP OSPF 5 LAN0 OSPF remote0 BGP LAN0 OSPF ID 0.0.0.0 BGP OSPF BGP AS 65000 BGP IGP BGP 10.10.10.0/24 BGP 10.0.0.0/8 AS 20.10.0.0/16 6 BGP AS 65001 BGP IGP 88 OSPFv2 IPv4

V21 2 BGP 20.10.10.0/24 20.10.20.0/24 1 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 type stub # reset 2 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 0 OSPF # ospf ip area 0 id 0.0.0.1 # ospf ip area 0 type stub # reset 89 OSPFv2 IPv4

V21 2 3 LAN # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 # ospf ip area 1 type nssa # reset 4 LAN # lan 0 ip ospf use on 0 # lan 1 ip rip use v2m v2 0 off # lan 1 ip ospf use on 0 # lan 1 ip ospf passive on # routemanage ip redist ospf rip on # routemanage ip redist rip ospf on OSPF # ospf ip area 0 id 0.0.0.2 # ospf ip area 0 type nssa # reset 90 OSPFv2 IPv4

V21 2 5 LAN # lan 0 ip ospf use on 0 # routemanage ip redist ospf bgp on BGP # bgp as 65000 # bgp neighbor 0 address 172.16.1.2 # bgp neighbor 0 as 1 # bgp network igp on # bgp network route 0 10.10.10.0/24 # bgp aggregate 0 10.0.0.0/8 summary-only OSPF # ospf ip area 0 id 0.0.0.0 # ospf ip summary 0 20.10.0.0/16 # reset 6 BGP # bgp as 65001 # bgp neighbor 0 address 172.16.2.2 # bgp neighbor 0 as 1 # bgp network igp on # bgp network route 0 20.10.10.0/24 # bgp network route 1 20.10.20.0/24 # reset 91 OSPFv2 IPv4

V21 2 2.4 OSPF IPv4 LSA 2.4.1 OSPF LSA LSA LSA LAN0 OSPF LAN1 OSPF LAN0 ID 0.0.0.0 LAN1 ID 0.0.0.1 10.20.0.0/16 OSPF # lan 0 ip ospf use on 0 # lan 1 ip ospf use on 1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.1 # ospf ip area 1 range 0 10.20.0.0/16 # enable 92 OSPF IPv4

V21 2 2.4.2 AS OSPF AS OSPF AS AS AS OSPF AS LAN0 OSPF remote0 BGP LAN0 ID 0.0.0.0 20.10.0.0/16 OSPF # lan 0 ip ospf use on 0 # ospf ip area 0 id 0.0.0.0 OSPF AS # routemanage ip redist ospf bgp on # ospf ip summary 0 20.10.0.0/16 AS # ospf ip redist 0 pass 20.10.0.0/16 inexact # ospf ip redist 1 reject any # enable 93 OSPF IPv4

V21 2 2.4.3 LSA TYPE3 LSA 1 10.0.0.0/8 2 10.0.0.0/8 LAN0 OSPF remote0 OSPF LAN0 ID 0.0.0.0 remote0 ID 0.0.0.2 10.0.0.0/8 LSA OSPF # lan 0 ip ospf use on 0 # remote 0 ip ospf use on 1 # ospf ip area 0 id 0.0.0.0 # ospf ip area 1 id 0.0.0.2 2 # ospf ip area 1 type3-lsa 0 reject 10.0.0.0/8 in exact # ospf ip area 1 type3-lsa 1 pass any in # enable 94 OSPF IPv4

V21 2 2.5 BGP IPv4 MR1000 2.4 BGP4 P.30 2.5.1 10.0.0.0/8 11.0.0.0/8 # bgp neighbor 0 filter 0 act pass in # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 1 act pass in # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 2 act reject in # bgp neighbor 0 filter 2 route any # enable 95 BGP IPv4

V21 2 2.5.2 AS AS4 # bgp neighbor 0 filter 0 act reject in # bgp neighbor 0 filter 0 as 4 # bgp neighbor 0 filter 1 act pass in # bgp neighbor 0 filter 1 route any # enable 96 BGP IPv4

V21 2 2.5.3 IP-VPN IP-VPN IP-VPN IP-VPN 1 IP-VPN 2 IP-VPN 2 IP-VPN 1 AS2 AS3 AS3 AS2 IP-VPN 1 # bgp neighbor 0 filter 0 act reject out # bgp neighbor 0 filter 0 as 3 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route any IP-VPN 2 # bgp neighbor 1 filter 0 act reject out # bgp neighbor 1 filter 0 as 2 # bgp neighbor 1 filter 1 act pass out # bgp neighbor 1 filter 1 route any # enable 97 BGP IPv4

V21 2 2.5.4 IP-VPN 2 OSPF AS1 IP-VPN AS2 10/8 1 11/8 2 MED AS1 OSPF BGP AS2 1 MED # bgp neighbor 0 filter 0 act pass out # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 0 set medmetric 0 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 1 set medmetric 10 # bgp neighbor 0 filter 2 act pass out # bgp neighbor 0 filter 2 route any BGP OSPF # routemanage ip redist bgp ospf on # enable 98 BGP IPv4

V21 2 2 MED # bgp neighbor 0 filter 0 act pass out # bgp neighbor 0 filter 0 route 10.0.0.0/8 # bgp neighbor 0 filter 0 set medmetric 10 # bgp neighbor 0 filter 1 act pass out # bgp neighbor 0 filter 1 route 11.0.0.0/8 # bgp neighbor 0 filter 1 set medmetric 0 # bgp neighbor 0 filter 2 act pass out # bgp neighbor 0 filter 2 route any BGP OSPF # routemanage ip redist bgp ospf on # enable BGP/MPLS VPN BGP MED AS MED AS BGP enable 99 BGP IPv4

V21 2 2.6 MPLS MPLS LSP label Switching Path LSP MPLS LSP MPLS MPLS MPLS LSP LSR MPLS LSP MPLS LSP MPLS LSP IPv4 IPv6 MPLS LSP BGP/MPLS VPN LDP over LDP MPLS LSP MPLS MPLS LSP IPv6 2 IPv6 Explicit NULL MPLS TTL TTL MPLS LSP LSP LSP IP TOS NAT RIP OSPF MPLS LSP MPLS LSP MPLS LSP MPLS EXP MPLS LSP 100 MPLS

V21 2 2.6.1 MPLS LSP 1 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 1 2 EBGP 2 LAN0 MPLS LAN1 LAN MPLS LSR MPLS 2 1 EBGP 1 LAN0 MPLS IP 10.1.101.2 MPLS LSR IP 10.1.101.1 LAN1 IP 192.168.101.1 IP 10.0.0.101 1 AS 101 2 AS 201 2 LAN0 MPLS IP 10.1.201.2 MPLS LSR IP 10.1.201.1 LAN1 IP 192.168.201.1 IP 10.0.0.201 2 AS 201 1 AS 101 101 MPLS