CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編

CS-SEIL-510/C Firmware version 1.75

............................................ 1 1 5 1.1 CS-SEIL-510/C.................................. 6 1.2............................. 7 1.3............................... 8 1.4 CS-SEIL-510/C............................ 10 2 13 2.1................................ 13 3 21 3.1...................................... 21 3.2..................................... 22 3.3................................... 25 4 27 4.1................................ 27 4.2 CS-SEIL-510/C LAN............................ 28 4.3........................................ 29 5 31 5.1........................ 32 5.2 telnet.................................. 33 5.3 Web.................................. 34 5.4................................... 36 6 37 6.1...................................... 37 6.2.................................. 42 1

6.2.1....................................... 45 6.2.2 ARP...................................... 46 6.2.3..................................... 46 6.2.4..................................... 49 6.2.5 VPN......................................... 50 6.2.6..................................... 52 6.2.7 NAT/NAPT...................................... 52 6.2.8....................................... 53 6.2.9 DHCP........................................ 54 6.2.10 DNS......................................... 55 6.2.11...................................... 55 6.2.12................................... 56 6.2.13..................................... 56 6.2.14....................................... 57 6.2.15....................................... 57 6.3.................................. 60 6.3.1............................ 62 6.3.2..................................... 63 6.3.3................................ 63 6.3.4................................. 64 6.3.5....................................... 64 6.3.6................................. 65 6.3.7................................. 66 6.3.8...................................... 66 6.3.9 /....................................... 66 6.3.10........................................ 67 6.4.................................. 69 6.4.1................................... 70 6.4.2................................... 72 6.4.3...................................... 73 6.4.4................................. 74 6.4.5................................. 74 6.4.6................................... 74 6.4.7.................................. 75 6.4.8................................ 75 2

6.4.9................................ 75 6.4.10.................................. 75 6.5................................ 76 6.6 INIT.............................. 79 7 81 7.1 LAN............................ 83 7.1.1 PPPoE.......................... 83 7.1.2 unnumbered PPPoE................... 89 7.1.3 DHCP........................... 96 7.1.4 LAN................... 99 7.2 IPv4 IPv6.............. 103 7.2.1 IPv6 over IPv4 tunnel.................... 103 7.3 LAN...................... 110 7.3.1.............. 110 7.3.2............ 113 7.3.3 LAN............... 116 7.4.............................. 120 7.4.1 LAN........ 120 7.4.2............... 128 7.4.3 IP (urpf)........... 134 7.5 MAC....................... 137 7.5.1 MAC.............................. 137 7.5.2........................... 142 7.6................ 146 7.6.1 RIP....... 146 7.6.2 OSPF....... 151 7.6.3....... 155 7.6.4 PIM-SM IPv4/IPv6........... 157 7.7............................... 161 7.7.1................................ 161 7.7.2....................... 165 7.8 VPN IPsec............................ 169 7.8.1 IPsec........................... 169 7.8.2 IPsec........................ 178 3

7.8.3 IP........................ 198 7.8.4 IP................... 207 7.9 L2VPN L2TPv3......................... 216 7.9.1 L2TPv3 L2....................... 216 7.10 CS-SEIL-510/C VRRP.................... 224 7.10.1.............. 224 7.10.2........... 228 7.11................................. 233 7.11.1 CBQ..................................... 233 8 243 8.1........................................ 243 8.1.1....................................... 243 8.1.2.......................... 246 8.1.3.................................. 248 8.1.4 /............................ 249 8.1.5................................... 250 8.2.................................... 251 9 263 9.1.................................. 263 9.1.1................................. 265 9.2...................................... 268 4

1 1 CS-SEIL-510/C CS-SEIL-510/C WAN IP-VPN LAN ADSL FTTH CATV CS-SEIL-510/C IPv6 IPv4/IPv6 CS-SEIL-510/C 5

1 1.1. CS-SEIL-510/C 1.1 CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C CS-SEIL-510/C IPsec IPv6 IPv4/IPv6 IPv6 / IPv6 PPPoE, DHCP PPPoE ADSL DHCP CATV IPsec/IKE VPN Secure Shell / Source/Destination TCP Established/SYN IPsec IPv4/IPv6 PIM-SM UPnP VoIP Windows Messenger NAT 6

1 1.2. NTP NTP SNMP SNMP up/down SNMP DHCP IP SMF CS-SEIL-510/C SMF SMF CS-SMARTConfigurator SMF WEB 1.2 CS-SEIL-510/C 2 SEIL Web Web Web 7

1 1.3. 1.3 1 SEIL 2 SEIL 3 SEIL 4 SEIL HUB 5 SEIL SEIL 6 SEIL 7 LAN 8 SEIL 9 SEIL SEIL 8

1 1.3. Internet Explorer 6.0 Web 9

1 1.4. CS-SEIL-510/C 1.4 CS-SEIL-510/C SEIL SEIL 10

1 1. 2. 3. 4. 3 5. 11

2 2.1. 2 CS-SEIL-510/C 2.1 AC 13

2 2.1. AC (DC5V) SEIL AC100V 10 (50/60Hz) AC AC 14

2 2.1. SEIL 90 SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL 15

2 2.1. AC SEIL AC SEIL AC SEIL AC SEIL AC 16

2 2.1. AC AC SEIL 40 SEIL SEIL SEIL SEIL 17

2 SEIL SEIL AC AC SEIL AC SEIL AC SEIL SEIL SEIL SEIL 18

2 SEIL AC 19

3 3.1. 3 CS-SEIL-510/C 3.1 RJ-45 Dsub9 AC UTP 21

3 3.2. 3.2 1 2 1. 7 LED SEIL 2. SERIAL0 7 LED b c h a g d f e h d LAN0 g LAN1 b SMF b c SEIL 22

3 3.2. 8.1 P.243 1 2 3 4 5 6 7 1. AC 2. LAN0 Ethernet LAN 3. LAN1 Ethernet ADSL 4. SERIAL1 5. LINK/ACT LED Ethernet LAN 6. 100M LED Ethernet 100Base-TX 10Base-TX 7. INIT SMF 23

3 3.2. INIT 6.6 INIT P.79 24

3 3.3. 3.3 SEIL SMF-PPPoE PPPoE SMF SMF-DHCP DHCP SMF SMF-LAN SMF-LAN SMF SMF WEB SEIL INIT 2 LED 8 2 7 LED LED a 0 1 SMF-PPPoE 25

3 2 SMF-DHCP 3 SMF-LAN SEIL INIT 2 LED 8 2 3 LED 0 1 2 3 26

4 4.1. 4 CS-SEIL-510/C HUB 4.1 CS-SEIL-510/C ADSL /ONU SEIL LAN1 ADSL ONU Ethernet LAN Ethernet ) ADSL LAN1 Ethernet 10BASE-T/100BASE-TX 27

4 4.2. CS-SEIL-510/C LAN 4.2 CS-SEIL-510/C LAN SEIL LAN0 HUB HUB Ethernet LAN ) HUB Ethernet 5 LAN / Ethernet 10BASE-T/100BASE-TX 28

4 4.3. 4.3 SEIL DC in 5V AC SEIL AC SEIL ON 7 LED 9.2 P.268 OFF AC AC 29

4 AC DC 5V SEIL 100V 10% 50/60Hz AC AC 30

5 5 CS-SEIL-510/C CS-SEIL-510/C SEIL SEIL SEIL 4 P.27 SEIL 1 SEIL SEIL SEIL SEIL SEIL SEIL SEIL SEIL AC SEIL SEIL POWER 9.2 P.268 31

5 5.1. 5.1 DHCP SEIL DHCP DHCP DHCP 1 コンピュータ起動 2 ネットワーク設定情報要求 3 ネットワーク設定情報供給 SEIL 4 ネットワーク設定完了! コンピュータ DHCP DHCP SEIL IP 192.168.0.1 /24 手動で設定 IP アドレス 192.168.0.2/24 S E IL IP アドレス 192.168.0.1/24 コンピュータ 32

5 5.2. telnet 5.2 telnet SEIL LAN telnet SEIL telnet SEIL telnet Secure Shell Secure Shell Secure Shell SEIL 6.2.13 P.56 1. login:user admin login: admin user admin admin user / administrator 6.3.7 P.66 2. Password: Login incorrect Password: 3. admin # user > 4. 5. exit 33

5 5.3. Web 5.3 Web SEIL Web SEIL Web www サーバ www ブラウザ SEIL コンピュータ 4 P.27 5.1 P.32 Web Internet Explorer 6.0 Netscape Navigator 7.0 SEIL 1. Web Web Proxy Web 2. URL http://192.168.0.1/ URL http://192.168.0.1/ interface lan0 address IP 192.168.0.1 3. user admin SEIL 34

5 5.3. Web (U)admin (P) (U)user (P) * 35

5 5.4 SEIL 2 SEIL 1. telnet SEIL admin 2. password admin # password admin New password: New password: 3. Retype new password: 4. password user # password user New password: Retype new password: 5. SEIL 6.3.1 P.62 # save-to flashrom 36

6 6.1. 6 CS-SEIL-510/C SEIL IPv4 IPv6 IPv4 IPv6 IPv6 administrator 6.3.7 P.66 6.1 SEIL tcsh bash UNIX ASCII 37

6 6.1. ABC Zabc z012 9 10 012 9 16 012 9abc f 0x 16 10 38

6 6.1. Space BackSpace Ctrl-H DEL Ctrl-D Tab Enter Ctrl-M Ctrl-J Ctrl-C Ctrl-F Ctrl-B Ctrl-A Ctrl-E Ctrl-T Ctrl-P Ctrl-N Ctrl-Space Ctrl-W Ctrl-K Ctrl-Y Ctrl-U Ctrl-L \ Y BackSpace BackSpace 1 help Enter Enter Ctrl-F Ctrl-B Ctrl-P Ctrl-N 1 39

6 6.1. SEIL Tab 1? interface p interface p Tab Ctrl+I interface p <Tab> interface pppoe interface pppoe interface pppoe interface pppoe? Ctrl+D interface pppoe? pppoe0 pppo1 pppoe2 pppoe3 interface pppoe ˆ pppoe0 pppoe1 pppoe2 pppoe3 40

6 6.1. SEIL Ctrl + P show date show config show status show system show date show log show users Ctrl + N Ctrl-P 1 1 Enter Ctrl-P Ctrl-N 1 1 Enter < > < 0> < 0> < 1> < 1> 41

6 6.2. add delete modify < > < 0> add/delete/modify < 0> < 1> add delete modify add delete modify 6.2 IPv4 IPv6 IPv4 IPv6 IPv6 administrator 6.3.7 P.66 42

6 6.2. 6.2.1 interface ppp bridge 6.2.2 ARP arp 6.2.3 route route6 vrrp 6.2.4 filter filter6 macfilter 6.2.5 VPN ipsec ike l2tp 6.2.6 trace 6.2.7 NAT/NAPT nat 6.2.8 cbq 6.2.9 DHCP dhcp dhcp6 6.2.10 DNS dns resolver 6.2.11 rtadvd 6.2.12 translator 6.2.13 httpd telnetd sshd 6.2.14 ntp timezone 6.2.15 snmp syslog hostname password environment option 43

6 6.2. IPv4/IPv6 IPv4/IPv6 IPv4 IPv6 6.2.1 interface ppp bridge 6.2.2 ARP arp 6.2.3 route route6 vrrp 6.2.4 filter filter6 macfilter 6.2.5 VPN ipsec ike l2tp 6.2.6 trace 6.2.7 NAT/NAPT nat 6.2.8 cbq 6.2.9 DHCP dhcp dhcp6 6.2.10 DNS dns resolver 6.2.11 rtadvd 6.2.12 translator 6.2.13 httpd telnetd sshd 6.2.14 ntp timezone 6.2.15 snmp syslog hostname password environment option IPv4/IPv6 44

6 6.2. 6.2.1 interface interface IP VLAN add address delete description l2tp media mdi mtu over ppp-configuration queue tag tcp-mss tunnel unnumbered IP IP IP L2TP LAN LAN MDI/MDI-X MTU PPPoE LAN PPP VLAN TCP MSS unnumbered ppp ppp PPP add modify delete PPP PPP PPP bridge bridge 45

6 6.2. disable enable group add group delete group modify interface ip-bridging ipv6-bridging vman-tpid IPv4 IPv6 VMAN TPID 6.2.2 ARP arp arp ARP NAT ProxyARP add delete modify reply-nat ARP ARP ARP NAT ProxyARP 6.2.3 route route RIP/OSPF 46

6 6.2. add modify delete dynamic auth-key add dynamic auth-key delete dynamic rip enable dynamic rip disable dynamic rip interface dynamic rip interface version dynamic rip interface authentication dynamic rip interface route-filter dynamic rip default-route-originate dynamic rip update-timer dynamic ospf enable dynamic ospf disable dynamic ospf router-id dynamic ospf area add dynamic ospf area delete dynamic ospf link add dynamic ospf link delete dynamic ospf link modify dynamic ospf administrative-distance dynamic ospf default-route-originate enable dynamic ospf default-route-originate disable dynamic pim-sparse enable dynamic pim-sparse disable dynamic pim-sparse interface enable dynamic pim-sparse interface disable dynamic pim-sparse static-rp add dynamic pim-sparse static-rp delete dynamic route-filter add dynamic route-filter delete dynamic redistribute RIP RIP RIP / RIP RIPv2 / RIP / RIP RIP OSPF OSPF OSPF ID distance OSPF OSPF PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM 47

6 6.2. route6 route6 IPv6 RIPng add modify delete dynamic route-filter add dynamic route-filter delete dynamic ripng enable dynamic ripng disable dynamic ripng interface dynamic ripng interface route-filter dynamic ripng default-route-originate enable dynamic ripng default-route-originate disable dynamic ripng interface aggregate add dynamic ripng interface aggregate delete dynamic redistribute dynamic pim-sparse enable dynamic pim-sparse disable dynamic pim-sparse interface enable dynamic pim-sparse interface disable dynamic pim-sparse static-rp add dynamic pim-sparse static-rp delete IPv6 IPv6 IPv6 RIPng RIPng RIPng RIPng RIPng RIPng RIPng RIPng PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM PIM-SM vrrp vrrp VRRP add vrid delete vrid watch-group add watch-group delete VRID VRID 48

6 6.2. 6.2.4 filter filter / add modify delete enable disable move filter6 filter6 IPv6 IPv6 / add modify delete enable disable move IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 macfilter macfilter LAN0 MAC add delete modify MAC MAC MAC 49

6 6.2. 6.2.5 VPN ipsec ipsec / security-association proposal add security-association proposal modify security-association proposal delete security-association add security-association modify security-association add ike security-association modify ike security-association add pass security-association delete security-policy add security-policy modify security-policy delete security-policy enable security-policy disable security-policy move IKE IKE ike ike IKE Peer IKE IKE 50

6 6.2. retry interval phase1-timeout phase2-timeout per-send auto-initiation enable auto-initiation disable randomize-padding-value randomize-padding-length maximum-padding-length strict-padding-byte-check exclusive-tail peer add peer modify peer delete proposal add proposal modify proposal delete preshared-key add preshared-key modify preshared-key delete IKE IKE 1 2 IKE IKE IKE Peer IKE Peer IKE Peer IKE IKE IKE IKE IKE IKE l2tp l2tp L2TPv3 add delete modify hostname router-id l2tp l2tp l2tp local hostname local router-id 51

6 6.2. 6.2.6 trace trace lan1 enable disable 6.2.7 NAT/NAPT nat nat NAT NAPT 52

6 6.2. static add static delete dynamic add private dynamic delete private dynamic add global dynamic delete global dynamic delete all napt add private napt delete private napt add global napt delete global napt delete all snapt add snapt delete snapt enable snapt disable proxy sip add proxy sip delete timeout timeout dynamic timeout protocol logging reflect add interface reflect delete interface upnp on upnp off upnp interface NAT NAT NAT IP NAT IP NAT IP NAT IP NAT NAPT NAPT NAPT IP NAPT IP NAPT NAPT NAPT NAPT NAPT SIP SIP NAT NAT NAT NAT / Reflection NAT Reflection NAT UPnP UPnP UPnP 6.2.8 cbq cbq CBQ 53

6 6.2. class add class modify class delete filter add filter modify filter delete filter enable filter disable filter move link-bandwidth CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ CBQ 6.2.9 DHCP dhcp dhcp DHCP /DHCP IP DNS NTP enable disable mode interface DHCP DHCP DHCP DHCP / dhcp6 dhcp6 DHCPv6 /Rapid Commit Reconfigure Accept Prefix Delegation client enable client disable client interface client rapid-commit client reconf-accept client prefix-delegation DHCPv6 DHCPv6 DHCPv6 Rapid Commit Reconfigure Accept SLA ID 54

6 6.2. 6.2.10 DNS dns dns DNS /DNS forwarder enable forwarder disable forwarder add forwarder delete forwarder query-translation enable forwarder query-translation disable forwarder query-translation prefix DNS DNS DNS DNS IPv4-IPv6 IPv4-IPv6 IPv4 resolver resolver DNS / DNS DNS enable disable address add address delete domain DNS DNS DNS DNS 6.2.11 rtadvd rtadvd / enable disable interface 55

6 6.2. 6.2.12 translator translator IPv6 IPv4 add delete add prefix delete prefix add port delete port delete all timeout 6.2.13 httpd httpd Web / enable disable Web Web telnetd telnetd telnet / enable disable telnet telnet 56

6 6.2. sshd sshd Secure Shell /Secure Shell enable disable hostkey authorized-key Secure Shell Secure Shell Secure Shell Secure Shell 6.2.14 ntp ntp NTP /NTP enable disable server add server delete peer add peer delete NTP NTP NTP NTP NTP peer NTP peer timezone timezone timezone 6.2.15 snmp snmp SNMP /SNMP / 57

6 6.2. enable disable community sysname location contact user trap enable trap disable trap add trap delete trap src trap watch add trap watch delete SNMP SNMP SNMP community SNMP sysname SNMP location SNMP contact SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP syslog syslog / alternate-timestamp clear-password command-log debug-level sequence-number remote add delete facility / / hostname hostname hostname 58

6 6.2. password password SEIL password encrypted-password environment environment login-timer pager terminal 59

6 6.3. option option ip mask-reply ip monitor-linkstate ip redirects ip update-connected-route ipv6 monitor-linkstate ipv6 redirects ipv6 update-connected-route ip unicast-rpf ipv6 unicast-rpf ICMP Up/down ICMP echo LinkDown IPv4 connected route Up/down ICMP echo LinkDown IPv6 connected route IPv4 urpf IPv6 urpf 6.3 SEIL IPv4 IPv6 IPv4 IPv6 IPv6 administrator 6.3.7 P.66 60

6 6.3. 6.3.1 save-to load-from 6.3.2 factory-config 6.3.3 update 6.3.4 clear 6.3.5 ping ping6 traceroute traceroute6 6.3.6 date 6.3.7 administrator 6.3.8 bye exit logout quit 6.2.1 connect disconnect reconnect 6.3.10 reboot help telnet 61

6 6.3. IPv4/IPv6 IPv4/IPv6 IPv4 IPv6 6.3.1 save-to load-from 6.3.2 factory-config 6.3.3 update 6.3.4 clear 6.3.5 ping ping6 traceroute traceroute6 6.3.6 date 6.3.7 administrator 6.3.8 bye exit logout quit 6.2.1 / connect disconnect reconnect 6.3.10 reboot help telnet IPv4/IPv6 6.3.1 save-to save-to SEIL 62

6 6.3. flashrom remote stdout load-from load-from SEIL flashrom remote stdin 6.3.2 factory-config factory-config SEIL factory-config 6.3.3 update update 6.5 P.76 63

6 6.3. firmware ipl IPL 6.3.4 clear clear SEIL arp-cache ndp-cache nat-session log trace route all route6 all ike ipsec security-association ipsec security-policy counter l2tp ARP NDP NAT IP IPv4 IPv6 IKE 1 IKE IKE IPsec IKE IPsec L2TP / 6.3.5 ping ping SEIL 64

6 6.3. ping SEIL IPv4 ping6 ping6 SEIL ping6 SEIL IPv6 traceroute traceroute SEIL traceroute SEIL IPv4 traceroute6 traceroute6 SEIL traceroute6 SEIL IPv6 6.3.6 date date SEIL ccyymmddhhmm.ss ntp server NTP 6.2.14 P.57 date 65

6 6.3. 6.3.7 administrator administrator exit administrator 6.3.8 bye, exit, logout, quit bye exit logout quit SEIL administrator bye exit logout quit 6.3.9 / connect connect PPPoE connect 66

6 6.3. disconnect disconnect PPPoE connect reconnect disconnect reconnect reconnect PPPoE reconnect 6.3.10 reboot reboot reboot help help SEIL help 67

6 6.3. remote-console remote-console SEIL remote-console SEIL telnet telnet SEIL TELNET telnet SEIL telnet 68

6 6.4. 6.4 SEIL IPv4 IPv6 6.4.1 show config 6.4.2 show status 6.4.3 show log 6.4.4 show trace 6.4.5 show system 6.4.6 show date 6.4.7 show users 6.4.8 show license 6.4.9 show tech-support 6.4.10 report-to 69

6 6.4. IPv4/IPv6 IPv4/IPv6 IPv4 IPv6 6.4.1 show config 6.4.2 show status 6.4.3 show log 6.4.4 show trace 6.4.5 show system 6.4.6 show date 6.4.7 show users 6.4.8 show license 6.4.9 show tech-support 6.4.10 report-to IPv4/IPv6 6.4.1 show config SEIL 70

6 6.4. current environment flashrom arp ARP bridge cbq dhcp DHCP dhcp6 DHCPv6 dns DNS filter IPv4 filter6 IPv6 hostname httpd Web ike IKE interface ipsec ipsec l2tp l2tp macfilter MAC nat NAT ntp NTP option ppp PPP remote-console resolver DNS route IPv4 route6 IPv6 rtadvd snmp SNMP sshd SSH syslog syslog telnetd telnet timezone translator vrrp VRRP 71

6 6.4. administrator 6.3.7 P.66 ike ipsec route sshd password ike ipsec route sshd encrypted-password admin <password> encrypted-password user <password> ike preshared-key add <psk name> <key> ipsec security-association add <SA name> tunnel <start IPaddress> <end IPaddress> to-encap esp-auth <spi> <esp algorithm> <esp key> <auth algorithm> <auth key> from-encap esp-auth <spi> <esp algorithm> <esp key> <auth algorithm> <auth key> to-auth ah <spi> <ah auth algorithm> <auth key> from-auth ah <spi> <ah auth algorithm> <auth key> route dynamic auth-key add <key-name> type md5 keyid <keyid> password <password> route dynamic auth-key add <key-name> type plain-text password <password> sshd hostkey <algorithm> <hostkey> < > ipsec 6.4.2 show status SEIL 72

6 6.4. arp bridge cbq dhcp dhcp6 dns filter filter6 function httpd ike interface ipsec ipsec security-association ipsec security-policy l2tp macfilter nat ndp ntp option ppp resolver route route6 rtadvd snmp sshd telnetd translator vrrp ARP DHCP DHCPv6 dns forwarder IP IPv6 Web IKE IPsec IPsec IPsec L2TP MAC NDP NTP PPP DNS IPv4 IPv6 SNMP SSH TELNET VRRP 6.4.3 show log SEIL 73

6 6.4. show log show log function show log level 6.4.4 show trace SEIL WAN show trace 6.4.5 show system SEIL arch cpustat hostname date uptime load memory version users CPU IPL 6.4.6 show date show date 74

6 6.4. 6.4.7 show users show users 6.4.8 show license show license 6.4.9 show tech-support show tech-support 6.4.10 report-to report-to 75

6 6.5. 6.5 6.3.1 P.62 ftp,http,tftp Web Web Web 1. FTP HTTP FTP anonymous 192.168.0.2 2. CS-SEIL-510/C http://www.centurysys.co.jp/support/csseil510c.html 3. 2. 1. URL 1023 4. SEIL update firmware 2 A.update firmware <FTP IP > B.update firmware <URL> SEIL SEIL 76

6 6.5. A.update firmware <FTP IP > FTP IP FTP # update firmware 192.168.0.2 filename [seilfirm.img]:seilfirm.img username [anonymous]:seiluser Password: total 3590366 bytes received write to flash ROM?[y/N] y erasing 3590221/3590221 done. writing 3590221/3590221 done. 1. FTP IP SEIL 2. y Y n N SEIL 7 LED 77

6 6.5. B.update firmware <URL> URL HTTP FTP TFTP HTTP # update firmware http://192.168.0.2/seilfirm.img total 3590366 bytes received write to flash ROM?[y/N] y erasing 3590221/3590221 done. writing 3590221/3590221 done. FTP # update firmware ftp://192.168.0.2/seilfirm.img Password: total 3590366 bytes received write to flash ROM?[y/N] y erasing 3590221/3590221 done. writing 3590221/3590221 done. TFTP # update firmware tftp://192.168.0.2/seilfirm.img Password: total 3590366 bytes received write to flash ROM?[y/N] y erasing 3590221/3590221 done. writing 3590221/3590221 done. 1. URL 78

6 SEIL 2. y Y n N SEIL 7 LED 6.6 INIT SEIL factory-config 6.3.2 P.63 INIT INIT 1. SEIL INIT 3.2 P.22 2. SEIL 7 LED SEIL 8.1 P.243 79

7 7 LAN 7 7.1 LAN............................ 83 7.1.1 PPPoE........................... 83 7.1.2 unnumbered PPPoE.................... 89 7.1.3 DHCP........................... 96 7.1.4 LAN................... 99 7.2 IPv4 IPv6.............. 103 7.2.1 IPv6 over IPv4 tunnel.................... 103 7.3 LAN...................... 110 7.3.1............. 110 7.3.2............ 113 7.3.3 LAN............... 116 7.4.............................. 120 7.4.1 LAN....... 120 7.4.2............... 128 7.4.3 IP (urpf)........... 134 7.5 MAC....................... 137 7.5.1 MAC.............................. 137 7.5.2........................... 142 7.6................. 146 7.6.1 RIP....... 146 7.6.2 OSPF....... 151 7.6.3....... 155 7.6.4 PIM-SM IPv4/IPv6........... 157 7.7............................... 161 7.7.1................................ 161 7.7.2....................... 165 7.8 VPN IPsec............................ 169 7.8.1 IPsec........................... 169 81

7 7.8.2 IPsec......................... 178 7.8.3 IP........................ 198 7.8.4 IP................... 207 7.9 L2VPN L2TPv3......................... 216 7.9.1 L2TPv3 L2....................... 216 7.10 CS-SEIL-510/C VRRP.................... 224 7.10.1............. 224 7.10.2........... 228 7.11.................................. 233 7.11.1 CBQ..................................... 233 82

7 7.1. LAN 7.1 LAN SEIL LAN 7.4 P.120 7.1.1 PPPoE PPPoE PPPoE IPv4 IPv6 IPv4 インターネット WAN 側グローバルアドレス PPPoE で取得割当ネットワークアドレス 192.168.0.0/24 LAN 側プライベートアドレス 192.168.0.1 プライベートアドレス 192.168.0.2 プライベートアドレス 192.168.0.3 プライベートアドレス 192.168.0.4 プライベートアドレス 192.168.0.5 83

7 7.1. LAN 1 LAN1 LAN1 2 PPPoE PPPoE ID 3 PPPoE PPPoE 4 PPPoE PPPoE LAN1 5 LAN0 LAN0 6 NAPT 7 PPPoE PPPoE 8 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 84

7 7.1. LAN media auto auto 2 PPPoE PPPoE ID IPCP / IPCP IPCP DNS IPv6CP / ID TCP MSS Century enable on on disable PAP xxxxxx yyyyyy auto # ppp add Century ipcp enable ipcp-address on ipcp-dns on ipv6cp disable authenticat ion-method pap identifier xxxxxx passphrase yyyyyy tcp-mss auto ppp add Century Century ipcp enable IPCP ipcp-address on IPCP ipcp-dns on IPCP DNS ipv6cp disable IPv6CP authentication-method pap pap 85

7 7.1. LAN identifier xxxxxx ID xxxxxx passphrase yyyyyy yyyyyy tcp-mss auto TCP MSS auto 3 PPPoE PPPoE pppoe0 Century # interface pppoe0 ppp-configuration Century interface pppoe0 pppoe0 ppp-configuration Century Century 4 PPPoE PPPoE LAN1 pppoe0 lan1 86

7 7.1. LAN # interface pppoe0 over lan1 interface pppoe0 pppoe0 over lan1 lan1 5 LAN0 LAN0 IPv4 192.168.0.1 LAN0 6 NAPT NAPT IPv4 IPv6 LAN IPv4 IP 192.168.0.0 192.168.255.255 pppoe0 # nat napt add private 192.168.0.0-192.168.255.255 interface pppoe0 nat napt add private 192.168.0.0-192.168.255.255 NAPT IP 192.168.0.0-192.168.255.255 interface pppoe0 NAPT pppoe0 7 PPPoE 87

7 7.1. LAN PPPoE pppoe0 # connect pppoe0 connect pppoe0 PPPoE pppoe0 8 save-to 6.3.1 P.62 PPPoE 88

7 7.1. LAN 7.1.2 unnumbered PPPoE unnumbered PPPoE PPPoE IPv4 IPv6 IPv4 インターネット WAN 側 unnumbered PPPoE 割当ネットワークアドレス 172.16.0.0/24 LAN 側グローバルアドレス 172.16.0.1 グローバルアドレス 172.16.0.2 グローバルアドレス 172.16.0.3 グローバルアドレス 172.16.0.4 グローバルアドレス 172.16.0.5 172.16.0.0 172.16.255.255 unnumbered PPPoE IP IP 172.16.0.0/24 89

7 7.1. LAN 1 LAN1 LAN1 2 PPPoE PPPoE ID 3 PPPoE PPPoE 4 PPPoE PPPoE LAN1 5 LAN0 LAN0 6 LAN0 IP LAN0 7 PPPoE PPPoE 8 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 90

7 7.1. LAN media auto auto 2 PPPoE PPPoE ID unnumbered numbered PPPoE IPCP on unnumbered off IPCP / IPCP IPCP DNS IPv6CP / ID TCP MSS Century enable off on disable PAP xxxxxx yyyyyy auto # ppp add Century ipcp enable ipcp-address off ipcp-dns on ipv6cp disable authentication-method pap identifier xxxxxx passphrase yyyyyy tcp-mss auto ppp add Century Century ipcp enable IPCP ipcp-address off IPCP ipcp-dns on IPCP DNS ipv6cp disable IPv6CP 91

7 7.1. LAN authentication-method pap pap identifier xxxxxx ID xxxxxx passphrase yyyyyy yyyyyy tcp-mss auto TCP MSS auto 3 PPPoE PPPoE pppoe0 Century # interface pppoe0 ppp-configuration Century interface pppoe0 pppoe0 ppp-configuration Century Century unnumbered unnumbered pppoe0 92

7 7.1. LAN # interface pppoe0 unnumbered interface pppoe0 unnumbered pppoe0 unnumbered 4 PPPoE PPPoE LAN1 pppoe0 lan1 # interface pppoe0 over lan1 interface pppoe0 pppoe0 over lan1 lan1 5 LAN0 LAN0 IPv4 lan0 / add IPv4 172.16.0.1/24 93

7 7.1. LAN # interface lan0 add 172.16.0.1/24 interface lan0 lan0 add 172.16.0.1/24 add IPv4 172.16.0.1/24 6 LAN0 IP IP 5. IPv4 SEIL IP IP SEIL lan0 / delete IPv4 192.168.0.1/24 # interface lan0 delete 192.168.0.1/24 interface lan0 lan0 add 172.16.0.1/24 delete IPv4 192.168.0.1/24 7 PPPoE PPPoE 94

7 7.1. LAN pppoe0 # connect pppoe0 connect pppoe0 PPPoE pppoe0 8 save-to 6.3.1 P.62 PPPoE 95

7 7.1. LAN 7.1.3 DHCP DHCP インターネット WAN 側グローバルアドレス DHCP で取得割当ネットワークアドレス 192.168.0.0/24 LAN 側プライベートアドレス 192.168.0.1 プライベートアドレス 192.168.0.2 プライベートアドレス 192.168.0.3 プライベートアドレス 192.168.0.4 プライベートアドレス 192.168.0.5 1 LAN1 LAN1 2 LAN0 LAN0 3 NAPT 96

7 7.1. LAN 4 DHCP DHCP 5 1 LAN1 SEIL LAN1 auto lan1 auto # interface lan1 media auto interface lan1 lan1 media auto auto 2 LAN0 LAN0 IPv4 192.168.0.1 LAN0 3 NAPT NAPT IPv4 IPv6 LAN IPv4 IP 192.168.0.0 192.168.255.255 lan1 97

7 7.1. LAN # nat napt add private 192.168.0.0-192.168.255.255 interface lan1 nat napt add private 192.168.0.0-192.168.255.255 NAPT IP 192.168.0.0-192.168.255.255 interface lan1 NAPT lan1 4 DHCP DHCP lan1 # interface lan1 add dhcp interface lan1 lan1 add dhcp DHCP 5 save-to 6.3.1 P.62 DHCP 98

7 7.1. LAN 7.1.4 LAN LAN IPv4 IPv6 IPv4 インターネット WAN 側ネットワークアドレス 10.0.0.0/24 WAN 側グローバルアドレス 10.0.0.1 LAN 側ネットワークアドレス 172.16.0.0/24 LAN 側グローバルアドレス 172.16.0.1 グローバルアドレス 172.16.0.2 グローバルアドレス 172.16.0.3 グローバルアドレス 172.16.0.4 グローバルアドレス 172.16.0.5 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 99

7 7.1. LAN 1 LAN1 LAN1 2 LAN1 IPv4 LAN1 3 LAN0 LAN0 4 LAN0 LAN0 5 1 LAN1 LAN1 auto SEIL lan1 auto # interface lan1 media auto interface lan1 lan1 media auto auto 2 LAN1 IPv4 LAN1 IPv4 100

7 7.1. LAN lan1 / add IPv4 10.0.0.1/24 # interface lan1 add 10.0.0.1/24 interface lan1 lan1 add 10.0.0.1/24 add IPv4 10.0.0.1/24 3 LAN0 LAN0 IPv4 lan0 / add IPv4 172.16.0.1/24 # interface lan0 add 172.16.0.1/24 interface lan0 lan0 add 172.16.0.1/24 add IPv4 172.16.0.1/24 4 LAN0 IP 101

7 7.1. LAN IP 3. IPv4 SEIL IP IP SEIL lan0 / delete IPv4 192.168.0.1/24 # interface lan0 delete 192.168.0.1/24 interface lan0 lan0 delete 192.168.0.1/24 delete IPv4 192.168.0.1/24 5 save-to 6.3.1 P.62 LAN 102

7 7.2. IPv4 IPv6 7.2 IPv4 IPv6 IPv6 IPv4 SEIL IPv4 IPv6 7.2.1 IPv6 over IPv4 tunnel x:x:x::/48 y:y:y::/48 2 IPv6 IPv4 IPv6 IPv4 SEIL A B IPv6 over IPv4 SEIL A IPv4 10.0.1.1 z:z:z::1 SEIL B IPv4 10.0.2.2 z:z:z::2 103

7 7.2. IPv4 IPv6 ネットワーク A IPv6 ネットワーク x:x:x::/48 S E IL A トンネルアドレス z:z:z::1 IPv4 アドレス 10.0.1.1 IPv 6 トンネル IPv 4 インターネット IPv4 アドレス 10.0.2.2 トンネルアドレス z:z:z::2 S E IL B ネットワーク B IPv6 ネットワーク y:y:y::/48 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 x:x:x::/48 y:y:y::/48 z:z:z::1 z:z:z::2 IPv4 6.3.5 P.64 SEIL A 10.0.1.1 SEIL B 10.0.2.2 1 SEIL A IPv4 IPv6 104

7 7.2. IPv4 IPv6 2 SEIL A IPv6 3 SEIL A 4 SEIL B IPv4 IPv6 5 SEIL B IPv6 6 SEIL B 1 SEIL A SEIL A SEIL IPv4 tunnel0 IP 10.0.1.1 IP 10.0.2.2 # interface tunnel0 tunnel 10.0.1.1 10.0.2.2 interface tunnel0 tunnel0 tunnel 10.0.1.1 10.0.2.2 IP 10.0.1.1 IP 10.0.2.2 IPv6 105

7 7.2. IPv4 IPv6 IP IP tunnel0 z:z:z::1 z:z:z::2 # interface tunnel0 add z:z:z::1 remote z:z:z::2 interface tunnel0 tunnel0 add z:z:z::1 remote z:z:z::2 IP z:z:z::1 IP z:z:z::2 z:z:z::1 z:z:z::2 IPv6 2 SEIL A IPv6 IPv6 IP IP y:y:y::/48 z:z:z::2 106

7 7.2. IPv4 IPv6 # route6 add y:y:y::/48 z:z:z::2 route6 add y:y:y::/48 z:z:z::2 IP y:y:y::/48 IP z:z:z::2 y:y:y::/48 z:z:z::2 IPv6 IP tunnel0 IPv6 3 SEIL A save-to 6.3.1 P.62 SEIL A 4 SEIL B SEIL B SEIL IPv4 tunnel0 IP 10.0.2.2 IP 10.0.1.1 # interface tunnel0 tunnel 10.0.2.2 10.0.1.1 interface tunnel0 tunnel0 107

7 7.2. IPv4 IPv6 tunnel 10.0.2.2 10.0.1.1 IP 10.0.2.2 IP 10.0.1.1 IPv6 IP IP tunnel0 z:z:z::2 z:z:z::1 # interface tunnel0 add z:z:z::2 remote z:z:z::1 interface tunnel0 tunnel0 add z:z:z::2 remote z:z:z::1 IP z:z:z::2 IP z:z:z::1 z:z:z::1 z:z:z::2 IPv6 5 SEIL B IPv6 IPv6 IP IP x:x:x::/48 z:z:z::1 108

7 7.2. IPv4 IPv6 # route6 add x:x:x::/48 z:z:z::1 route6 add x:x:x::/48 z:z:z::1 IP x:x:x::/48 IP z:z:z::1 x:x:x::/48 z:z:z::1 IPv6 IP tunnel0 IPv6 6 SEIL B save-to 6.3.1 P.62 SEIL B 109

7 7.3. LAN 7.3 LAN LAN LAN SEIL 1 1 NAT SEIL NAPT LAN LAN Reflection NAT NAT LAN SEIL NAT NAPT Reflection NAT 7.3.1 NAT 7.1.1 PPPoE P.83 LAN SEIL 1 1 NAT SEIL NAT pppoe0 110

7 7.3. LAN グローバルアドレスゾーンインターネット静的 NAT 172.16.0.2:192.168.0.2 グローバルアドレス 10.0.0.1 LAN0 側割り当てネットワーク ( グローバルアドレス ) 172.16.0.0/29 LAN 側プライベートアドレス 192.168.0.1 www サーバグローバルアドレス 172.16.0.2 アドレス対応プライベートアドレス 192.168.0.2 プライベートアドレス 192.168.0.3 プライベートアドレス 192.168.0.4 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 1 NAT NAT 2 1 NAT 111

7 7.3. LAN SEIL IP 192.168.0.2 IP 172.16.0.2 pppoe0 # nat static add 192.168.0.2 172.16.0.2 interface pppoe0 nat static add 192.168.0.2 172.16.0.2 NAT IP 192.168.0.2 IP IP 172.16.0.2 interface pppoe0 NAT pppoe0 2 save-to 6.3.1 P.62 NAT 192.168.0.2 Web 172.16.0.2 112

7 7.3. LAN 7.3.2 NAPT 7.3.1 P.110 SEIL SEIL NAPT SEIL SEIL NAPT pppoe0 113

7 7.3. LAN グローバルアドレスゾーンインターネットグローバルアドレス 10.0.0.1 宛ポート番号 80 宛のデータグローバルアドレス 10.0.0.1 LAN0 側割り当てネットワーク ( プライベートアドレス ) 192.168.0.0/24 プライベートアドレス 192.168.0.2 プライベートアドレス 192.168.0.3 プライベートアドレス 192.168.0.4 10.0.0.0 10.255.255.255 1 NAPT NAPT 2 1 NAPT 114

7 7.3. LAN SEIL NAPT tcp Listen 80 pppoe0 IP 192.168.0.2 80 / enable # nat snapt add protocol tcp listen 80 interface pppoe0 forward 192.168.0.2 80 enable nat snapt add protocol tcp tcp listen 80 Listen HTTP 80 interface pppoe0 pppoe0 forward 192.168.0.2 80 IP Web IP 192.168.0.2 80 enable enable 2 save-to 6.3.1 P.62 NAPT 192.168.0.2 Web 10.0.0.1 115

7 7.3. LAN 7.3.3 LAN NAT LAN LAN Reflection NAT LAN SEIL Reflection NAT 7.3.1 P.110 NAT LAN NAT LAN LAN SEIL SEIL Reflection NAT SEIL NAT SEIL 116

7 7.3. LAN 1 NAT SEIL IP 192.168.0.2 IP 172.16.0.2 pppoe0 # nat static add 192.168.0.2 172.16.0.2 interface pppoe0 nat static add 192.168.0.2 172.16.0.2 NAT IP 192.168.0.2 IP IP 172.16.0.2 interface pppoe0 NAT pppoe0 2 NAPT 192.168.0.3 NAPT IP 192.168.0.0 192.168.255.255 pppoe0 # nat napt add private 192.168.0.0-192.168.255.255 interface pppoe0 nat napt add private 192.168.0.0-192.168.255.255 NAPT IP 192.168.0.0-192.168.255.255 118

7 7.3. LAN interface pppoe0 NAPT pppoe0 3 Reflection NAT NAT/NAPT lan0 reflection lan0 # nat reflect add interface lan0 nat reflect add interface lan0 Reflection NAT lan0 4 save-to 6.3.1 P.62 Reflection NAT NAT LAN 192.168.0.2 Web 10.0.0.1 119

7 7.4. 7.4 LAN 7.4.1 LAN LAN Web HTTP SEIL IPv4 IPv6 IPv4 インターネットグローバルアドレス 10.0.0.1 割当ネットワークアドレス 172.16.0.1/24 グローバルアドレス 172.16.0.1 WWW サーバグローバルアドレス 172.16.0.2 グローバルアドレス 172.16.0.3 グローバルアドレス 172.16.0.4 120

7 7.4. pppoe0 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 SEIL 1 2 3 121

7 7.4. 1 A. Web B. TCP C. SEIL ICMP D. A a. Web (172.16.0.2) TCP 80 b. LAN (172.16.0.0/24) TCP (TCP Established) c. SEIL(10.0.0.1) ICMP d. TCP b. b. d. d. d. 1 NAT/NAPT NAT/NAPT NAT/NAPT 2 a d ab SEIL a. 122

7 7.4. httppass pass pppoe0 in tcp IP 172.16.0.2/32 80 off top / enable # filter add httppass action pass interface pppoe0 direction in protocol tcp dst 172.16.0.2/32 dstport 80 logging off top enable filter add httppass httppass action pass pass interface pppoe0 pppoe0 direction in in protocol tcp HTTP tcp dst 172.16.0.2/32 dstport 80 IP Web 172.16.0.2/32 Web 32 IP 80 123

7 7.4. logging off off top 1 top enable enable b estabpass pass pppoe0 in tcp-established IP 172.16.0.0/24 off below httppass (a )) / enable # filter add estabpass action pass interface pppoe0 direction in protocol tcp-established dst 172.16.0.0/24 logging off below httppass enable filter add estabpass estabpass action pass pass interface pppoe0 pppoe0 direction in in 124

7 7.4. protocol tcp-established TCP tcp-established dst 172.16.0.0/24 IP LAN 172.16.0.0/24 LAN 24 logging off off below httppass a. below httppass enable enable c. icmppass pass pppoe0 in icmp IP 10.0.0.1/32 off below estabpass (b )) / enable # filter add icmppass action pass interface pppoe0 direction in protocol icmp dst 10.0.0.1/32 logging off below estabpass enable filter add icmppass icmppass 125

7 7.4. action pass pass interface pppoe0 pppoe0 direction in in protocol icmp ICMP icmp dst 10.0.0.1/32 IP SEIL 10.0.0.1/32 SEIL 32 logging off off below estabpass. below estabpass enable enable d. / allblock block pppoe0 in any off bottom enable 126

7 7.4. # filter add allblock action block interface pppoe0 direction in protocol any logging off bottom enable filter add allblock allblock action block block interface pppoe0 pppoe0 direction in in protocol any a. c. any logging off off bottom a c bottom enable enable 3 save-to 6.3.1 P.62 127

7 7.4. 7.4.2 LAN FTP LAN SEIL IPv4 IPv6 IPv4 pppoe0 インターネットグローバルアドレス 10.0.0.1 割当ネットワークアドレス 172.16.0.1/24 グローバルアドレス 172.16.0.1 グローバルアドレス 172.16.0.3 グローバルアドレス 172.16.0.4 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 SEIL 128

7 7.4. 1 2 3 1 A. FTP B. SEIL ICMP C. A a. LAN (172.16.0.0/24) FTP b. SEIL(10.0.0.1) ICMP c. FTP 21 - a c. c. 1 NAT/NAPT NAT/NAPT NAT/NAPT 2 a c 129

7 7.4. ab SEIL a. ftppass pass pppoe0 out tcp IP 172.16.0.0/24 21 enable off top / enable # filter add ftppass action pass interface pppoe0 direction out protocol tcp src 172.16.0.0/24 dstport 21 state enable logging off top enable filter add ftppass ftppass action pass pass interface pppoe0 pppoe0 direction out out protocol tcp FTP tcp 130

7 7.4. src 172.16.0.0/24 dstport 21 IP LAN 172.16.0.0/24 LAN 24 21 state enable state enable logging off off top top enable enable b. icmppass pass pppoe0 in icmp IP 10.0.0.1/32 off below ftppass (a ) / enable # filter add icmppass action pass interface pppoe0 direction in protocol icmp dst 10.0.0.1/32 logging off below ftppass enable filter add icmppass icmppass action pass pass 131

7 7.4. interface pppoe0 pppoe0 direction in in protocol icmp ICMP icmp dst 10.0.0.1/32 IP SEIL 10.0.0.1/32 SEIL 32 logging off off below ftppass a below ftppass enable enable c. / allblock block pppoe0 in any off bottom enable 132

7 7.4. 7.4.3 IP (urpf) urpf(unicast Reverse Path Forwarding) IP LAN IPv4 IPv6 IPv6 インターネットグローバルアドレス 10.0.0.1 割当ネットワークアドレス 172.16.0.1/24 グローバルアドレス 172.16.0.1 コンピュータ A 1 2 urpf urpf 134

7 7.4. 3 1 urpf urpf SEIL 2 urpf urpf IP urpf IP IPv4 urpf strict IP ip strict on # option ip unicast-rpf strict logging on option ip IP IPv4 ip unicast-rpf strict urpf strict logging on on 135

7 7.4. 3 save-to 6.3.1 P.62 urpf 136

7 7.5. MAC 7.5 MAC LAN LAN SEIL MAC SEIL MAC 1 MAC 7.5.1 MAC MAC MAC SEIL インターネットコンピュータ A 00:11:22:33:44:55 コンピュータ B 00:aa:bb:cc:de:f0 137

7 7.5. MAC 1 MAC 2 MAC MAC 3 4 1 MAC A. A(00:11:22:33:44:55) B. B(00:aa:bb:cc:dd:ee) C. A B MAC C. A. B. MAC lan0 lan0 lan1 MAC Ethernet MAC MAC Ethernet 2 MAC MAC MAC MAC A. C. SEIL A. 138

7 7.5. MAC pcapass pass MAC 00:11:22:33:44:55 off macfilter add pcapass action pass src 00:11:22:33:44:55 logging off macfilter add pcapass pcapass action pass pass src 00:11:22:33:44:55 MAC 00:11:22:33:44:55 logging off off B. MAC pcbpass pass 00:aa:bb:cc:dd:ee off macfilter add pcbpass action pass src 00:aa:bb:cc:dd:ee logging off macfilter add pcbpass pcbpass 139

7 7.5. MAC action pass pass src 00:aa:bb:cc:dd:ee MAC 00:aa:bb:cc:dd:ee logging off off C. MAC allblock block any off macfilter add allblock action block src any logging off macfilter add allblock allblock action block block src any MAC any logging off off 3 show status macfilter MAC 140

7 7.5. MAC show status macfilter 4 save-to 6.3.1 P.62 MAC 141

7 7.5. MAC 7.5.2 Web MAC インターネット maclist.txt 00:11:22:33:44:55 00:aa:bb:cc:de:f0 00:ff:ee:00:01:22 Web サーバ http://10.0.0.1/maclist.txt コンピュータ A 00:11:22:33:44:55 コンピュータ B 00:aa:bb:cc:de:f0 コンピュータ Z 00:ff:ee:00:01:22 1 MAC Web MAC Web 2 MAC Web MAC MAC 3 142

7 7.5. MAC 4 1 MAC Web SEIL Web MAC 00:11:22:33:44:55 00:aa:bb:cc:de:f0... 00:ff:ee:00:01:22 http://10.0.0.1/maclist.txt URL HTTP HTTPS FTP MAC BASIC http://user:password@10.0.0.1/maclist.txt URL 2 MAC MAC MAC SEIL MAC MAC listpass pass http://10.0.0.1/maclist.txt 1 off macfilter add listpass action pass src http://10.0.0.1/maclist.txt interval 1h logging off macfilter add listpass listpass 143

7 7.5. MAC action pass pass src http://10.0.0.1/maclist.txt MAC URL http://10.0.0.1/maclist.txt interval 1h MAC 1h(1 ) logging off off MAC MAC allblock block any off macfilter add allblock action block src any logging off macfilter add allblock allblock action block block src any MAC any logging off off 3 144

7 7.5. MAC show status macfilter MAC show status macfilter 4 save-to 6.3.1 P.62 MAC 145

7 7.6. 7.6 SEIL Unicast RIP OSPF 2 Multicast PIM-SM(IPv4/IPv6) 7.6.1 RIP RIP グローバルアドレス 172.16.2.1/24 経路情報交換 S E IL B グローバルアドレス 10.0.2.2 グローバルアドレス 10.0.1.1 S E IL A グローバルアドレス 172.16.1.1/24 経路情報交換 146

7 7.6. SEIL A SEIL B SEIL A 10.0.1.1 SEIL B 10.0.2.2 RIP SEIL A SEIL B SEIL A 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 1 SEIL A RIP LAN0 LAN1 RIP 2 SEIL A RIP RIP 3 SEIL A 4 SEIL A 1 SEIL A RIP SEIL A SEIL LAN RIP lan0 enable # route dynamic rip interface lan0 enable route dynamic rip interface lan0 RIP lan0 147

7 7.6. enable RIP enable RIP RIP lan0 RIPv2 # route dynamic rip interface lan0 version ripv2 route dynamic rip interface lan0 RIP lan0 version ripv2 RIP ripv2 RIPv2 RIPv2 lan0 disable # route dynamic rip interface lan0 authentication disable route dynamic rip interface lan0 RIP lan0 authentication disable RIPv2 disable LAN1 LAN1 RIP lan1 enable 148

7 7.6. # route dynamic rip interface lan1 enable route dynamic rip interface lan1 RIP lan1 enable RIP enable RIP RIP lan1 RIPv2 # route dynamic rip interface lan1 version ripv2 route dynamic rip interface lan1 RIP lan1 version ripv2 RIP ripv2 RIPv2 RIPv2 lan1 disable # route dynamic rip interface lan1 authentication disable route dynamic rip interface lan1 RIP lan1 149

7 7.6. authentication disable RIPv2 disable 2 SEIL A RIP / enable # route dynamic rip enable route dynamic rip enable RIP enable 3 SEIL A show status # show status route 4 save-to 6.3.1 P.62 SEIL A RIP 150

7 7.6. 7.6.2 OSPF OSPF OSPF RIP グローバルアドレス 172.16.2.1/24 経路情報交換 S E IL B グローバルアドレス 10.0.2.2 グローバルアドレス 10.0.1.1 S E IL A グローバルアドレス 172.16.1.1/24 経路情報交換 SEIL A SEIL B SEIL A 10.0.1.1 SEIL B 10.0.2.2 OSPF SEIL A SEIL B SEIL A SEIL A SEIL A 151

7 7.6. 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 1 stub area no summary stub area 2 OSPF lan1 OSPF / OSPF lan0 lan1 3 SEIL A SEIL B ID OSPF SEIL ID ID 1 SEIL A stub area / 2 SEIL A OSPF ID 3 SEIL A OSPF ID OSPF ID 4 SEIL A OSPF OSPF 5 SEIL A 6 SEIL A 1 SEIL A SEIL A SEIL 152

7 7.6. ID 0.0.0.0 disable # route dynamic ospf area add 0.0.0.0 stub disable route dynamic ospf area add 0.0.0.0 ID 0.0.0.0 stub disable disable 2 SEIL A unnumbered lan0 ID 0.0.0.0 # route dynamic ospf link add lan0 area 0.0.0.0 route dynamic ospf link add lan0 OSPF lan0 area 0.0.0.0 ID 0.0.0.0 LAN1 3 SEIL A OSPF ID 153

7 7.6. OSPF ID 10.0.1.1 # route dynamic ospf router-id 10.0.1.1 route dynamic ospf router-id 10.0.1.1 OSPF ID 10.0.1.1 SEIL B OSPF ID 10.0.2.2 4 SEIL A OSPF / enable # route dynamic ospf enable route dynamic ospf enable OSPF enable 5 SEIL A show status # show status route 6 154

7 7.6. save-to 6.3.1 P.62 SEIL A OSPF 7.6.3 SEIL 2 SEIL A LAN OSPF SEIL A B SEIL B LAN RIP SEIL A RIP OSPF ネットワーク B 192.168.2.0/24 SEIL B lan0 192.168.2.1 S E IL B SEIL B lan1 192. 168.0.2 SEILA lan1 192.168.0.1 S E IL A SEIL A lan0 192.168.1.1 経路情報再配布 OSPF RIP ネットワーク A 192.168.1.0/24 155

7 7.6. 1 SEIL A (OSPF RIP) OSPF RIP 2 SEIL A (RIP OSPF) RIP OSPF 3 SEIL A 4 SEIL A 1 SEIL A (OSPF RIP) SEIL A SEIL OSPF RIP / ospf-to-rip enable # route dynamic redistribute ospf-to-rip enable route dynamic redistribute ospf-to-rip OSPF RIP ospf-to-rip enable enable 2 SEIL A (RIP OSPF) RIP OSPF / rip-to-ospf enable 156

7 7.6. # route dynamic redistribute rip-to-ospf enable route dynamic redistribute rip-to-ospf RIP OSPF rip-to-ospf enable enable 3 SEIL A show status # show status route 4 save-to 6.3.1 P.62 SEIL A 7.6.4 PIM-SM IPv4/IPv6 PIM-SM for IPv4/IPv6 SEIL A SEIL A lan0/lan1 IPv6 PIM-SM RP(Rendezvous Point), BSR(Boot Strap Router) Multicast RP, BSR 157

7 7.6. RP & BSR Router IPv6 Global Address IPv6 Sender Global Address インターネット IPv6 M ulticast Routing Global Address Reciever SEIL IPv6 Global Address 1 SEIL PIM-SM lan0/lan1 PIM-SM 2 SEIL PIM-SM PIM-SM 3 SEIL 4 SEIL 158

7 7.6. 1 SEIL PIM-SM SEIL LAN PIM-SM lan0 enable # route6 dynamic pim-sparse interface lan0 enable route6 dynamic pim-sparse interface lan0 PIM-SM lan0 enable PIM-SM enable LAN1 lan1 enable # route6 dynamic pim-sparse interface lan1 enable route6 dynamic pim-sparse interface lan1 PIM-SM lan1 159

7 7.6. enable PIM-SM enable 2 SEIL PIM-SM / enable # route6 dynamic pim-sparse enable route6 dynamic pim-sparse enable PIM-SM enable 3 SEIL show status Multicast # show status route6 dynamic pim-sparse 4 save-to 6.3.1 P.62 SEIL PIM-SM 160

7 7.7. 7.7 SEIL 7.7.1 SEIL ping SEIL インターネットルータ A グローバルアドレス 10.0.0.2/24 ルータ B グローバルアドレス 10.0.0.254/24 WAN 側グローバルアドレス 10.0.0.1/24 LAN 側ネットワークアドレス 172.16.0.0/24 1 161

7 7.7. 2 SEIL 3 SEIL 4 SEIL 5 SEIL 1 A. SEIL B. (172.16.0.2) C. D. distance 2 SEIL SEIL default 172.16.0.2 on 10 5 # route add default 172.16.0.2 kepalive on send-interval 10 down-count 5 route add default 172.16.0.2 172.16.0.2 162

7 7.7. keepalive on keepalive on send-interval 10 ping 10 down-count 5 ping 5 10 5 ping target target ping 3 SEIL default 172.16.0.254 distance 100 # route add default 172.16.0.254 distance 100 route add default 172.16.0.254 172.16.0.254 distance 100 distance 100 4 SEIL ping show log 2 Jan 2 04:11:29 notice system lanbackupd: target 172.16.0.2 down. 163

7 7.7. show status route 2 Jan 2 04:11:29 notice system lanbackupd: target 172.16.0.2 up. show status route 5 SEIL save-to 6.3.1 P.62 164

7 7.7. 7.7.2 SEIL インターネットルータ A グローバルアドレス 10.0.0.2/24 ルータ B グローバルアドレス 10.0.0.254/24 WAN 側グローバルアドレス 10.0.0.1/24 LAN 側ネットワークアドレス 172.16.0.0/24 1 2 172.16.0.0/24 3 165

7 7.7. 4 SEIL 5 SEIL 1 A. SEIL LAN0 172.16.0.0/24 A B. SEIL LAN0 172.16.0.0/24 B 2 172.16.0.0/24 SEIL routefwd forward lan0 10.0.0.2( A) in IP 172.16.0.0/24 # filter add routefwd action forward 10.0.0.2 src 172.16.0.0/24 direction in interface lan0 filter add routefwd routefwd action forward 10.0.0.2 10.0.0.2 166

7 7.7. src 172.16.0.0/24 IP 172.16.0.0/24 direction in in interface lan0 lan0 3 default 10.0.0.254 # route add default 10.0.0.254 route add default 10.0.0.254 10.0.0.254 4 SEIL IP 172.16.0.0/24 192.168.0.2 show status filter count page 1 id policy forward 10.0.0.2 in log on lan0 proto any from 172.16.0.0/24 to any count 6 logging on show log 167

7 7.7. info filter lan0 @1:0[policy] f 172.16.0.1 -> 10.0.0.2 PR icmp type 8 code 0 len 20 84 IN 5 SEIL save-to 6.3.1 P.62 168

7 7.8. VPN IPsec 7.8 VPN IPsec LAN SEIL IPsec VPN Virtual Private Network LAN 7.8.1 IPsec IKE VPN IPv4 IPv6 IPv4 IPv4 IPv6 SEIL A SEIL B SEIL A SEIL A SEIL A 169

7 7.8. VPN IPsec ネットワーク A 192.168.1.0/24 プライベートアドレス 192.168.1.1/ 24 S E IL A グローバルアドレス 10.0.1.1 IPsec トンネルインターネットグローバルアドレス 10.0.2.2 S E IL B プライベートアドレス 192.168.2.1/24 ネットワーク B 192.168.2.0/24 10.0.0.0 10.255.255.255 172.16.0.0 172.16.255.255 1 IKE IKE DH Diffie-Hellman Group MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp1536 170

7 7.8. VPN IPsec 2 DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp1536 3 IKE IPsec IPsec tunnel ESP 4 192.168.1.0/24 192.168.2.0/24 1 SEIL A IKE IKE 2 SEIL A 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 1 SEIL A IKE 171

7 7.8. VPN IPsec IKE SEIL A 10.0.2.2 opensesame # ike preshared-key add 10.0.2.2 opensesame ike preshared-key add 10.0.2.2 opensesame 10.0.2.2 opensesame SEIL A SEIL B SEIL B 10.0.1.1 opensesame IKE IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp1536 3600 172

7 7.8. VPN IPsec # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp1536 lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer seilb main ikeprop01 IP 10.0.2.2 address address # ike peer add seilb exchange-mode main proposal ikeprop01 address 10.0.2.2 my-identifier address peers-identifier address ike peer add seilb IKE Peer seilb exchange-mode main 1 main 173

7 7.8. VPN IPsec proposal ikeprop01 ikeprop01 address 10.0.2.2 IKE IP 10.0.2.2 my-identifier address peers-identifier address address SEIL B IKE Peer seila main ikeprop01 IP 10.0.1.1 address address 2 SEIL A IKE saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 174

7 7.8. VPN IPsec authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 3 SEIL A sa03 IPsec tunnel IP 10.0.1.1 IP 10.0.2.2 saprop01 AH disable ESP enable # ipsec security-association add sa03 tunnel 10.0.1.1 10.0.2.2 ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel 10.0.1.1 10.0.2.2 IPsec tunnel IPsec IP 10.0.1.1 IP 10.0.2.2 175

7 7.8. VPN IPsec ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL B sa03 IPsec tunnel IP 10.0.2.2 IP 10.0.1.1 saprop01 AH disable ESP enable 4 SEIL A sp03 sa03 IP / 192.168.1.0/24 IP / 192.168.2.0/24 any / enable # ipsec security-policy add sp03 security-association sa03 src 192.168.1.0/24 dst 192.168.2.0/24 protocol any enable ipsec security-policy add sp03 sp03 176

7 7.8. VPN IPsec security-association sa03 sa03 src 192.168.1.0/24 dst 192.168.2.0/24 IP src IP dst IP IP / 192.168.1.0/24 IP / 192.168.2.0/24 protocol any any enable enable SEIL B sp03 sa03 IP / 192.168.2.0/24 IP / 192.168.1.0/24 any / enable 5 SEIL A show status IPsec IKE # show status ipsec # show status ike 6 save-to 6.3.1 P.62 SEIL A IKE 177

7 7.8. VPN IPsec 7.8.2 IPsec IKE VPN IPv4 IPv6 IPv4 IPv4 IPv6 IPsec lan0 lan1 IPsec 7.8.1 IPsec P.169 IPsec VPN 6.2.3 P.46 178

7 7.8. VPN IPsec ネットワーク A 192.168.1.0/24 プライベートアドレス 192.168.1.1/24 S E IL A グローバルアドレス 10.0.1.1 IPsec トンネルインターネットグローバルアドレス 10.0.2.2 グローバルアドレス 10.0.3.1 S E IL B S E IL C プライベートアドレス 192.168.3.1 プライベートアドレス 192.168.2.1 ネットワーク B 192.168.2.0/24 ネットワーク C 192.168.3.0/24 IPsec IPsec SEIL A SEIL B,SEIL C SEIL A SEIL A SEIL A 10.0.0.0 10.255.255.255 179

7 7.8. VPN IPsec 1 IPsec IPsec IPsec IPsec ipsec0 ipsec63 64 IPsec IPsec IPsec IPsec SEIL A SEIL B SEIL A SEIL C SEIL B SEIL C IPsec SEIL A SEIL B SEIL C IPsec SEIL A IPsec IPsec SEIL B ipsec0 SEIL C ipsec1 SEIL B IPsec IPsec SEIL A ipsec0 SEIL C ipsec1 SEIL C IPsec IPsec SEIL A ipsec0 SEIL B ipsec1 IPsec IPsec SEIL A IPsec IPsec ipsec0 10.0.1.1 10.0.2.2 ipsec1 10.0.1.1 10.0.3.3 SEIL B IPsec IPsec ipsec0 10.0.2.2 10.0.1.1 ipsec1 10.0.2.2 10.0.3.3 180

7 7.8. VPN IPsec SEIL C IPsec IPsec ipsec0 10.0.3.3 10.0.1.1 ipsec1 10.0.3.3 10.0.2.2 IPsec SEIL A IPsec IPsec ipsec0 192.168.10.1 192.168.10.2 ipsec1 192.168.20.1 192.168.20.3 SEIL B IPsec IPsec ipsec0 192.168.10.2 192.168.10.1 ipsec1 192.168.30.2 192.168.30.3 SEIL C IPsec IPsec ipsec0 192.168.20.3 192.168.20.1 ipsec1 192.168.30.3 192.168.30.2 2 IKE IKE IPsec Diffie-Hellman (DH) DH Group MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp1536 3 DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp1536 181

7 7.8. VPN IPsec 4 IPsec IPsec IPsec ipsec0 ipsec1 ESP 5 SEIL A SEIL B SEIL A SEIL C SEIL B SEIL C IPsec RIP IPsec RIP 6.2.3 P.46 1 SEIL A IPsec IPsec 2 SEIL A IKE IKE 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 7 SEIL A 182

7 7.8. VPN IPsec 1 SEIL A IPsec SEIL A SEIL B IPsec IPsec ipsec0 10.0.1.1 10.0.2.2 # interface ipsec0 tunnel 10.0.1.1 10.0.2.2 interface ipsec0 tunnel 10.0.1.1 10.0.2.2 ipsec0 10.0.1.1 10.0.2.2 IPsec SEIL C IPsec IPsec ipsec1 10.0.1.1 10.0.3.3 # interface ipsec1 tunnel 10.0.1.1 10.0.3.3 interface ipsec1 tunnel 10.0.1.1 10.0.3.3 ipsec1 10.0.1.1 10.0.3.3 IPsec ipsec0 183

7 7.8. VPN IPsec IPsec ipsec0 192.168.10.1/30 192.168.10.2 # interface ipsec0 address 192.168.10.1/30 remote 192.168.10.2 interface ipsec0 address 192.168.10.1/30 ipsec0 SEIL A 192.168.10.1 30 remote 192.168.10.2 ipsec0 SEIL B 192.168.10.2 ipsec1 IPsec ipsec1 192.168.20.1/30 192.168.20.3 # interface ipsec1 address 192.168.20.1/30 remote 192.168.20.3 interface ipsec1 address 192.168.20.1/30 ipsec1 SEIL A 192.168.20.1 30 184

7 7.8. VPN IPsec remote 192.168.20.3 ipsec1 SEIL C 192.168.20.3 SEIL B IPsec ipsec0 10.0.2.2 10.0.1.1 IPsec ipsec1 10.0.2.2 10.0.3.3 IPsec ipsec0 192.168.10.2/30 192.168.10.1 IPsec ipsec1 192.168.30.2/30 192.168.30.3 SEIL C IPsec ipsec0 10.0.3.3 10.0.1.1 IPsec ipsec1 10.0.3.3 10.0.2.2 185

7 7.8. VPN IPsec IPsec ipsec0 192.168.20.3/30 192.168.20.1 IPsec ipsec1 192.168.30.3/30 192.168.30.2 2 SEIL A IKE IKE IKE SEIL B SEIL C SEIL B 10.0.2.2 opensesame-b # ike preshared-key add 10.0.2.2 opensesame-b ike preshared-key add 10.0.2.2 opensesame-b 10.0.2.2 opensesame-b SEIL C 10.0.3.3 opensesame-c 186

7 7.8. VPN IPsec # ike preshared-key add 10.0.3.3 opensesame-c ike preshared-key add 10.0.3.3 opensesame-c 10.0.3.3 opensesame-c SEIL A SEIL B SEIL B SEIL C SEIL B 10.0.1.1 opensesame-b 10.0.3.3 opensesame-c SEIL C 10.0.1.1 opensesame-c 10.0.2.2 opensesame-b IKE SEIL B SEIL C IKE IKE 187

7 7.8. VPN IPsec IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp1536 3600 # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp1536 lifetime-of-time 3600 IKE 3600 IKE Peer SEIL B, SEIL C SEIL B IKE Peer IKE Peer seilb main ikeprop01 IP 10.0.2.2 address address IPsec 188

7 7.8. VPN IPsec # ike peer add seilb exchange-mode main proposal ikeprop01 address 10.0.2.2 my-identifier address peers-identifier address tunnel-interface enable ike peer add seilb IKE Peer seilb exchange-mode main 1 main proposal ikeprop01 ikeprop01 address 10.0.2.2 IKE IP 10.0.2.2 my-identifier address peers-identifier address address tunnel-interface enable IPsec SEIL C IKE Peer IKE Peer seilc main ikeprop01 IP 10.0.3.3 address address IPsec 189

7 7.8. VPN IPsec # ike peer add seilc exchange-mode main proposal ikeprop01 address 10.0.3.3 my-identifier address peers-identifier address tunnel-interface enable ike peer add seilc IKE Peer seilc exchange-mode main 1 main proposal ikeprop01 ikeprop01 address 10.0.3.3 IKE IP 10.0.3.3 my-identifier address peers-identifier address address tunnel-interface enable IPsec SEIL B IKE Peer seila main ikeprop01 IP 10.0.1.1 address address IPsec 190

7 7.8. VPN IPsec IKE Peer seilc main ikeprop01 IP 10.0.3.3 address address IPsec SEIL C IKE Peer seila main ikeprop01 IP 10.0.1.1 address address IPsec IKE Peer seilb main ikeprop01 IP 10.0.2.2 address address IPsec 3 SEIL A IKE SEIL B SEIL C 191

7 7.8. VPN IPsec saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 4 SEIL A SEIL B SEIL C SEIL B 192

7 7.8. VPN IPsec IPsec IPsec AH ESP sa03 tunnel-interface ipsec0 saprop01 disable enable # ipsec security-association add sa03 tunnel-interface ipsec0 ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel-interface ipsec0 IPsec tunnel-interface IPsec IPsec IPsec ipsec0 ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL C IPsec IPsec AH ESP sa04 tunnel-interface ipsec1 saprop01 disable enable 193

7 7.8. VPN IPsec # ipsec security-association add sa04 tunnel-interface ipsec1 ike saprop01 ah disable esp enable ipsec security-association add sa04 sa04 tunnel-interface ipsec1 IPsec tunnel-interface IPsec IPsec IPsec ipsec1 ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable SEIL B IPsec IPsec AH ESP sa03 tunnel-interface ipsec0 saprop01 disable enable IPsec IPsec AH ESP sa05 tunnel-interface ipsec1 saprop01 disable enable 194

7 7.8. VPN IPsec SEIL C IPsec IPsec AH ESP sa04 tunnel-interface ipsec0 saprop01 disable enable IPsec IPsec AH ESP sa05 tunnel-interface ipsec1 saprop01 disable enable 5 SEIL A RIP RIP / rip enable # route dynamic rip enable route dynamic rip enable RIP RIP ipsec0 195

7 7.8. VPN IPsec / rip ipsec0 enable # route dynamic rip interface ipsec0 enable route dynamic rip RIP interface ipsec0 enable ipsec0 RIP ipsec1 / rip ipsec1 enable # route dynamic rip interface ipsec1 enable route dynamic rip RIP interface ipsec1 enable ipsec1 6 SEIL A show status IPsec IKE # show status ipsec 196

7 7.8. VPN IPsec # show status ike 7 save-to 6.3.1 P.62 SEIL A IKE 197

7 7.8. VPN IPsec 7.8.3 IP IP VPN IPsec IP IPsec IPv4 IPv6 IPv4 IPv4 IPv6 SEIL A SEIL B 7.8.4 IP P.207 ネットワーク A 192.168.1.0/24 プライベートアドレス 192.168.1.1/ 24 S E IL A グローバルアドレス PPPoE で動的動的に割当 IPsec トンネルインターネットグローバルアドレス 10.0.2.2 S E IL B プライベートアドレス 192.168.2.1 ネットワーク B 192.168.2.0/24 198

7 7.8. VPN IPsec 1 IKE IKE DH Group IP aggressive main IP IP FQDN USER-FQDN MD5 SHA1 DES 3DES BLOWFISH CAST128 AES DH Group Group1 modp768 Group2 modp1024 Group5 modp1536 2 DH PFS GROUP PFS GROUP Group1 modp768 Group2 modp1024 Group5 modp1536 3 IP IPsec IPsec IKE pppoe0 IPsec tunnel ESP 4 192.168.1.0/24 192.168.2.0/24 199

7 7.8. VPN IPsec 1 SEIL A IKE IKE 2 SEIL A 3 SEIL A 4 SEIL A 5 SEIL A 6 SEIL A 1 SEIL A IKE IKE SEIL A seila.seil.jp opensesame 200

7 7.8. VPN IPsec # ike preshared-key add seila.seil.jp opensesame ike preshared-key add seila.seil.jp opensesame seila.seil.jp opensesame SEIL A SEIL B IKE IKE ikeprop01 preshared-key 3des sha1 Diffie-Hellman modp1536 3600 # ike proposal add ikeprop01 authentication preshared-key encryption 3des hash sha1 dh-group modp1536 lifetime-of-time 3600 ike proposal add ikeprop01 IKE ikeprop01 authentication preshared-key preshared-key encryption 3des hash sha1 dh-group modp1536 IKE 3des sha1 Diffie-Hellman modp1536 201

7 7.8. VPN IPsec lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer seilb aggressive ikeprop01 IP 10.0.2.2 fqdn seila.seil.jp # ike peer add seilb exchange-mode aggressive proposal ikeprop01 address 10.0.2.2 my-identifier fqdn seila.seil.jp ike peer add seilb IKE Peer seilb exchange-mode aggressive 1 aggressive proposal ikeprop01 ikeprop01 address 10.0.2.2 IKE IP 10.0.2.2 my-identifier fqdn seila.seil.jp fqdn seila.seil.jp aggressive IP IPsec aggressive IP main 2 SEIL A IKE 202

7 7.8. VPN IPsec # ipsec security-association add sa03 tunnel pppoe0 10.0.2.2 ike saprop01 ah disable esp enable ipsec security-association add sa03 sa03 tunnel pppoe0 10.0.2.2 IPsec tunnel IPsec IP pppoe0 IP 10.0.2.2 ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable 4 SEIL A sp03 sa03 IP / 192.168.1.0/24 IP / 192.168.2.0/24 any / enable 204

7 7.8. VPN IPsec # ipsec security-policy add sp03 security-association sa03 src 192.168.1.0/24 dst 192.168.2.0/24 protocol any enable ipsec security-policy add sp03 sp03 security-association sa03 sa03 src 192.168.1.0/24 dst 192.168.2.0/24 IP src IP dst IP IP / 192.168.1.0/24 IP / 192.168.2.0/24 protocol any any enable enable pppoe0 IPsec 5 SEIL A show status IPsec IKE pppoe0 IPsec pppoe0 # show status ipsec # show status ike 6 save-to 6.3.1 P.62 205

7 7.8. VPN IPsec SEIL A IKE 206

7 7.8. VPN IPsec 7.8.4 IP IP VPN IP IPsec IPv4 IPv6 IPv4 IPv4 IPv6 SEIL B SEIL A 7.8.3 IP P.198 ネットワーク A 192.168.1.0/24 プライベートアドレス 192.168.1.1/ 24 S E IL A グローバルアドレス PPPoE で動的動的に割当 IPsec トンネルインターネットグローバルアドレス 10.0.2.2 S E IL B プライベートアドレス 192.168.2.1 ネットワーク B 192.168.2.0/24 207

7 7.8. VPN IPsec 1 SEIL B IKE IKE 2 SEIL B 3 SEIL B 4 SEIL B 5 SEIL B 6 SEIL B 1 SEIL A IKE IKE SEIL A seila.seil.jp opensesame 209

7 7.8. VPN IPsec lifetime-of-time 3600 IKE 3600 IKE Peer IKE Peer IP seila aggressive ikeprop01 dynamic fqdn seila.seil.jp # ike peer add seila exchange-mode aggressive proposal ikeprop01 address dynamic peer-identifier fqdn seila.seil.jp ike peer add seila IKE Peer seila exchange-mode aggressive 1 aggressive proposal ikeprop01 ikeprop01 address dynamic IKE IP IP dynamic peer-identifier fqdn seila.seil.jp fqdn seila.seil.jp aggressive IP IPsec aggressive IP main 2 SEIL B 211

7 7.8. VPN IPsec IKE saprop01 hmac-sha1 hmac-md5 3des des 3600 PFS modp768 # ipsec security-association proposal add saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des lifetime-of-time 3600 pfs-group modp768 ipsec security-association proposal add saprop01 saprop01 authentication-algorithm hmac-sha1,hmac-md5 encryption-algorithm 3des,des AH hmac-sha1 hmac-md5 ESP 3des des lifetime-of-time 3600 IKE IPsec 3600 pfs-group modp768 PFS modp768 3 SEIL B 212

7 7.8. VPN IPsec IPsec / AH ESP sa03 tunnel dynamic saprop01 disable enable # ipsec security-association add sa03 tunnel dynamic ike saprop01 ah disableesp enable ipsec security-association add sa03 sa03 tunnel dynamic IPsec tunnel IPsec dynamic ike saprop01 saprop01 ah disable esp enable AH / disable ESP / enable tunnel dynamic IPsec IP 1 IKE Phase1 IP 2 SEIL B IP 4 SEIL B 213

7 7.8. VPN IPsec sp03 sa03 IP / 192.168.1.0/24 IP / 192.168.2.0/24 any / enable # ipsec security-policy add sp03 security-association sa03 src 192.168.1.0/24 dst 192.168.2.0/24 protocol any enable ipsec security-policy add sp03 sp03 security-association sa03 sa03 src 192.168.1.0/24 dst 192.168.2.0/24 IP src IP dst IP IP / 192.168.1.0/24 IP / 192.168.2.0/24 protocol any any enable enable SEIL B IPsec SEIL A IPsec 5 SEIL B show status IPsec IKE 6 214

7 7.8. VPN IPsec save-to 6.3.1 P.62 SEIL B IKE 215

7 7.9. L2VPN L2TPv3 7.9 L2VPN L2TPv3 IPsec 3(IP) 2(Ethernet) SEIL L2TPv3 L2VPN(Layer 2 Virtual Private Network) 7.9.1 L2TPv3 L2 L2TPv3 VPN L2TPv3 IPv4 SEIL A SEIL B SEIL A SEIL A SEIL A S E IL A 同一セグメント IPsec トンネルインターネットグローバルアドレス 10.0.1.1 グローバルアドレス 10.0.2.2 S E IL B 10.0.0.0 10.255.255.255 216

7 7.9. L2VPN L2TPv3 1 L2TP L2TPv3 L2TP L2TP L2TP hostname L2TP local hostname remote hostname local hostname remote hostname router-id IP ID local router-id remote route-id local router-id remote router-id L2TP L2TPv3 password IPsec cookie Cookie L2TP Hello Hello 2 L2TP L2TP L2TP SEIL A SEIL B l2tp0 3 L2TP L2TP L2TP 217

7 7.9. L2VPN L2TPv3 L2TP L2TP L2TP remote-end-id L2TP L2TP 4 L2TP l2tp0 lan0 lan0 1 SEIL A L2TP L2TP 2 SEIL A L2TP L2TP 3 SEIL A 4 SEIL A 1 SEIL A L2TP L2TP SEIL A local hostname local hostname seil-a 218

7 7.9. L2VPN L2TPv3 # l2tp hostname seil-a l2tp hostname seil-a local hostname seil-a local router-id local router-id 10.0.1.1 # l2tp router-id 10.0.1.1 l2tp router-id 10.0.1.1 local router-id 10.0.1.1 L2TP L2TP SEIL-B remote hostname seil-b remote router-id 10.0.2.2 opensesame cookie off 10 Hello 30 # l2tp add SEIL-B hostname seil-b router-id 10.0.2.2 password opensesame cookie off retry 10 hello-interval 30 l2tp add SEIL-B L2TP SEIL-B 219

7 7.9. L2VPN L2TPv3 hostname seil-b remote hostname seil-b router-id 10.0.2.2 remote router-id 10.0.2.2 password opensesame opensesame cookie off Cookie retry 10 10 hello-interval 30 Hello 30 SEIL B local hostname seil-b local router-id 10.0.2.2 L2TP SEIL-A remote hostname seil-a opensesame cookie off 10 Hello 30 2 SEIL A L2TP L2TP 10.0.1.1 10.0.2.2 220

7 7.9. L2VPN L2TPv3 # interface l2tp0 tunnel 10.0.1.1 10.0.2.2 interface l2tp0 tunnel 10.0.1.1 10.0.2.2 l2tp0 10.0.1.1 10.0.2.2 L2TP L2TP L2TP remote-end-id SEIL-B L2TP0 # interface l2tp0 tunnel SEIL-B remote-end-id L2TP0 interface l2tp0 tunnel SEIL-B l2tp L2TP SEIL-B remote-end-id L2TP0 remote-end-id L2TP0 SEIL B 10.0.2.2 10.0.1.1 L2TP remote-end-id SEIL-A L2TP0 3 SEIL A 221

7 7.9. L2VPN L2TPv3 STP / BDG1 off # bridge group add BDG1 stp off bridge group add BDG1 BDG1 stp off STP STP / l2tp0, lan0 off # bridge interface l2tp0 group BDG1 stp off # bridge interface lan0 group BDG1 stp off bridge interface l2tp0 group BDG1 stp off l2tp0 BDG1 STP bridge interface lan0 group BDG1 stp off lan0 BDG1 STP SEIL B STP / BDG1 off 222

7 7.9. L2VPN L2TPv3 STP / l2tp0, lan0 off 4 SEIL A show status L2TP # show status l2tp # show status interface l2tp # show status bridge 5 SEIL A save-to 6.3.1 P.62 L2TP 223

7 7.10. CS-SEIL-510/C VRRP 7.10 CS-SEIL-510/C VRRP VRRP SEIL SEIL 7.10.1 VRRP SEIL-A SEIL-B 2 SEIL SEIL-A 192.168.0.2 SEIL-B 192.168.0.3 VRRP 192.168.0.1 PC VRRP 192.168.0.1 インターネットルータ A グローバルアドレス 10.0.0.2/24 ルータ B グローバルアドレス 10.0.0.254/24 WAN 側グローバルアドレス 10.0.0.1/24 LAN 側ネットワークアドレス 172.16.0.0/24 224

7 7.10. CS-SEIL-510/C VRRP 1 VRRP 2 3 VRRP 4 1 VRRP SEIL-A VRRP ID ID 1 192.168.0.1/24 200 lan0 # vrrp lan0 vrid 1 address 192.168.0.1/24 priority 200 vrrp lan VRRP lan0 vrid 1 ID(Virtual Router ID) 1 address 192.168.0.1/24 IP 192.168.0.1 lan0 24 225

7 7.10. CS-SEIL-510/C VRRP priority 200 (priority) 200 2 save-to 6.3.1 P.62 3 VRRP SEIL-B VRRP ID ID 1 192.168.0.1/24 100 lan0 # vrrp lan0 vrid 1 address 192.168.0.1/24 priority 100 vrrp lan VRRP lan0 vrid 1 ID(Virtual Router ID) 1 ID address 192.168.0.1/24 IP 192.168.0.1 lan0 24 IP priority 100 (priority) 100 4 226

7 7.10. CS-SEIL-510/C VRRP save-to 6.3.1 P.62 VRRP 227

7 7.10. CS-SEIL-510/C VRRP 7.10.2 VRRP SEIL-A SEIL-B 2 SEIL SEIL-A SEIL-C IPsec SEIL-B SEIL-D IPsec SEIL-A SEIL-C Ping (ICMP Echo) SEIL-B (1)SEIL-A SEIL-A SEIL-B (2)SEIL-A SEIL-B SEIL-A 228

7 7.10. CS-SEIL-510/C VRRP SEIL C グローバルアドレス 10.0.3.3 SEIL D グローバルアドレス 10.0.4.4 インターネット SEIL A( メイン ) グローバルアドレス 10.0.1.1 SEIL B( バックアップ ) グローバルアドレス 10.0.2.2 SEIL A( メイン ) プライベートアドレス 192.168.0.2 SEIL B( バックアップ ) プライベートアドレス 192.168.0.3 VRRP 仮想 IP アドレス 192.168.0.1 コンピュータ A コンピュータ B 1 VRRP 2 VRRP 3 4 VRRP 5 229

7 7.10. CS-SEIL-510/C VRRP 1 VRRP SEIL-A VRRP SEIL-C IP 10.0.3.3 # vrrp watch-group add SEIL-C keepalive 10.0.3.3 vrrp watch-group add SEIL-C SEIL-C keepalive 10.0.3.3 Ping (ICMP Echo) IP 10.0.3.3 2 VRRP SEIL-A VRRP ID, ID 1 192.168.0.1/24 200 lan0 SEIL-C # vrrp lan0 vrid 1 address 192.168.0.1/24 priority 200 watch SEIL-C vrrp lan0 VRRP lan0 230

7 7.10. CS-SEIL-510/C VRRP vrid 1 ID(Virtual Router ID) 1 address 192.168.0.1/24 IP 192.168.0.1 lan0 24 priority 200 (priority) 200 watch SEIL-C SEIL-C 3 save-to 6.3.1 P.62 4 VRRP SEIL-B VRRP ID, ID 1 192.168.0.1/24 100 lan0 # vrrp lan0 vrid 1 address 192.168.0.1/24 priority 100 vrrp lan0 VRRP lan0 vrid 1 ID(Virtual Router ID) 1 ID 231

7 7.10. CS-SEIL-510/C VRRP address 192.168.0.1/24 IP 192.168.0.1 lan0 24 IP / priority 100 (priority) 100 5 save-to 6.3.1 P.62 VRRP 232

7 7.11. 7.11 Web FTP Web Web SEIL CBQ(Class-Based Queueing) SEIL 7.11.1 CBQ ADSL Web (http) TCP ACK(ack) (other) 3 IPv4 IPv6 IPv4 SEIL LAN1 (PPPoE LAN1 1 LAN1 (ADSL ) 10Mbps (ADSL ) 1Mbps ADSL 2 Web TCP ACKhttp ack other 3 (%) SEIL 10Mbps 100Mbps 2 ( 10Mbps ) LAN1 ADSL 10% http 3% ack 3% other 4% 233

7 7.11. 1 2 3 4 1 ADSL http ack other SEIL ADSL default 10 borrow off # cbq class add ADSL parent default pbandwidth 10 borrow off cbq class add ADSL parent default ADSLdefault pbandwidth 10 adsl 10% 10 234

7 7.11. borrow off borrow off default 100 http http ADSL 3 borrow on # cbq class add http parent ADSL pbandwidth 3 borrow on cbq class add http parent ADSL httpadsl pbandwidth 3 http 3% 3 borrow on borrow on ack http ack http 3% 3 other http other 4% 4 ack ack ADSL 3 borrow on 235

7 7.11. other other ADSL 4 borrow on 2 http http filter http ip tcp 80 / enable # cbq filter add http filter class http category ip protocol tcp srcport 80 enable cba filter add http filter HTTP http filter class http http category ip ip IPv6 ipv6 protocol tcp srcport 80 HTTP tcp 80 236

7 7.11. enable enable ack / ack filter ack ip tcp-ack enable # cbq filter add ack filter class ack category ip protocol tcp-ack enable cbq filter add ack filter ACK ack filter catgory ip ack category ip ip IPv6 ipv6 protocol tcp-ack ACK TCP tcp-ack 237

7 7.11. enable enable other http ack other 3 IPv4 IPv6 other IPv4/IPv6 Ether MAC other IPv4 IPv6 Ether other IPv4 / other filter01 other ip any enable # cbq filter add other filter01 class ack category ip protocol any enable cbq filter add other filter01 HTTP ACK other filter01 class other other category ip ip 238

7 7.11. protocol any http filter ack filter any enable enable IPv6 / other filter02 other ipv6 any enable # cbq filter add other filter02 class ack category ipv6 protocol any enable cbq filter add other filter02 HTTP ACK other filter02 class other other category ip ipv6 protocol any http filter ack filter any enable enable 239

7 7.11. / other filter03 other ether any enable # cbq filter add other filter02 class ack category ether protocol any enable cbq filter add other filter03 HTTP ACK other filter03 class other other category ether ether protocol any http filter ack filter any enable enable default other default 3 lan1 cbq 240

7 # interface lan1 queue cbq interface lan1 CBQ lan1 queue cbq cbq 4 save-to 6.3.1 P.62 241

8 8.1. 8 CS-SEIL-510/C 8.2 P.251 8.1 8.1.1 CPU IXP422 266MHz RAM 64MB, Flash ROM 16MB LAN 10BASE-T/100BASE-TX, Auto Negotiation, Auto MDI/MDI-X,, IEEE802.3 <RJ-45> VLAN 8, IEEE802.1Q WAN 10BASE-T/100BASE-TX, Auto Negotiation, Auto MDI/MDI-X,, IEEE802.3 <RJ-45> Ethernet-WAN, CATV, ADSL/SDSL, FTTH, <RJ-45> IPv4, IPv6, PPPoE 4,Numbered/Unnumbered Bridge Pure Bridge IEEE802.1Q Brouter IPv4,IPv6 on/off MAC Address static( 32) 1 Static ARP Proxy ARP 243

8 8.1. Routing static IPv4, IPv6 512, RIP/RIP2, RIPng, OSPF MultiPath static, OSPF Equal-Cost MultiPath Policy Routing (IPv4) IPv4 Multicast PIM-SM IPv6 Multicast PIM-SM 98 Mbps 2 IPv4, IPv6 4096 IP Unnumbered OSPF Unnumbered discard static 3 VRRP VPN IPsec with IKE 64, / DES 4,3DES 4, Blowfish, CAST-128, AES Rijndael 4 HMAC-MD5 4,HMAC-SHA1 4, KEYED-MD5, KEYED-SHA1 IPsec IPsec VPN 43Mbps 2 L2TPv3 ( 64 ) IP Tunnel IP IPv4-IPv4,IPv4-IPv6,IPv6-IPv4,IPv6-IPv6 64 IP Tunnel Unnumbered IPv4,IPv6 IPv4-IPv6 TRT IPv6-to-IPv4 transport relay translator Firewall IP IPv4, IPv6 512,,, /, / urpf Winny NAT NAT/NAPT Static NAT 256, Static NAPT 256, Reflection NAT NAT Proxy ARP NAT 4096 Static NAT/Static NAPT UPnP SIP (SIP transparent proxy) IPsec 1 PPTP 244

8 8.1. QoS CBQ /,,,,MAC,,VLAN ID,VLAN Priority,ToS DHCP DHCP 1021 (WINS ) DHCP DHCP DHCPv6 Prefix Delegation DNS NTP NTP /NTP IPv4,IPv6,on/off ICMP IPv4,IPv6 // 5 / / telnet telnet /telnet Secure Shell Secure Shell Protocol Ver.1 Secure Shell Protocol Ver2.(RSA/DSA) Web, 6 SNMP SNMPv1,SNMPv2c,SNMPv3,MIB II,IPv6 MIB syslog,terminal Server,, 7 / VCCI Class A 81mm(W) x 117mm(D) x 32mm(H) 300g AC AC 100 V, 50/60 Hz 15VA 7W 0 40, 10% 85% 1 MAC MAC Pass Block 20,000 MAC 2 VPN ESP-Auth(3DES+HMAC-SHA1) 1408 3 (gateway) ICMP Echo Request 4 IC 5 SMF 6 CPU 7 LAN ICMP Echo Request syslog snmp trap 245

8 8.1. 8.1.2 LAN0 IP / 192.168.0.1/24 pppoe0 IPv4 NAT NAPT 192.168.0.0 192.168.255.255 pppoe0 NAT 900 UPnP OFF DHCP ON DHCP LAN0 192.168.0.2 253 DNS 192.168.0.1 24 DNS forwarder IPCP DNS resolver NTP OFF IPsec IKE <IKE> DEBUG OFF LAN1 OFF syslog debug-level OFF remote OFF facility local1 SNMP Web/telnet admin,user IPv4 IPv6 Bridge OFF IPsec VLAN PPPoE pppoe0 LAN1 PPPoE <PPPoE> httpd enable telnetd enable sshd disable 246

8 8.1. IKE phase 1 1 3DES SHA1 Preshared key DH group MODP1536 life time 24 2 DES MD5 Preshared key DH group MODP768 life time 8 IKE phase 2 1 PFS group MODP1536 3DES,DES HMAC-SHA1,HMAC-MD5 life time 3 2 PFS group MODP768 DES,3DES HMAC-MD5,HMAC-SHA1 life time 30 phase 1, phase 2 2 PPPoE IPCP / IPCP IPCP DNS IPv6CP / TCP MSS ID pppoe-sample 30 auto CHAP 247

8 8.1. 8.1.3 7 LED SEIL 7 LED b c h a g d f e a b c d e f g h - - - - - - - firmware - FLASH ROM - 3 - - - - - SDRAM - 4 - - - - - IPL (exception) - 5 - - - - - - 6 - - - - - - - - - - - - SMF - - - - - - isup - - - - - - usup - - - - - usup (usup ) - - - - - - - LAN1 - - - - - - - LAN0 8.1: LAN LED 248

8 8.1. 8.1.4 / IP SEIL SEIL /32 255.255.255.255 /16 255.255.0.0 /31 255.255.255.254 /15 255.254.0.0 /30 255.255.255.252 /14 255.252.0.0 /29 255.255.255.248 /13 255.248.0.0 /28 255.255.255.240 /12 255.240.0.0 /27 255.255.255.224 /11 255.224.0.0 /26 255.255.255.192 /10 255.192.0.0 /25 255.255.255.128 /9 255.128.0.0 /24 255.255.255.0 /8 255.0.0.0 /23 255.255.254.0 /7 254.0.0.0 /22 255.255.252.0 /6 252.0.0.0 /21 255.255.248.0 /5 248.0.0.0 /20 255.255.240.0 /4 240.0.0.0 /19 255.255.224.0 /3 224.0.0.0 /18 255.255.192.0 /2 192.0.0.0 /17 255.255.128.0 /1 128.0.0.0 249

8 8.1. 8.1.5 20 tcp ftpdata ftp 21 tcp ftp FTP 22 tcp ssh SecuerShell 23 tcp telnet Telnet 25 tcp smtp 53 tcp udp domain 80 tcp http HTTP 110 tcp pop3 119 tcp nntp News 137 udp netbios Windows OS 138 udp 139 tcp 445 tcp udp Direct hosted SMB Windows OS 143 tcp imap4 IMAP4 443 tcp https http 67 udp dhcps 68 udp dhcpc 123 udp ntp 161 udp snmp 162 udp snmp-trap 500 udp ike IKE 520 udp rip RIP 521 udp ripng RIPng 514 udp syslog SYSLOG 250

8 8.2. 8.2 10BASE-T/ 100BASE-TX 3DES ACK ADSL AH BLOWFISH CAST128 CATV CBQ LAN 10/100Mbps 10BASE-T/100BASE-TX LAN / Triple Data Encryption Standard ACKnowledgement ACK Asymmetric Digital Subscriber Line DSL DSL Digital Subscriber Line DSL xdsl Authentication Header IP IP IP Carlisle Adams DES CATV Cable Television Class-Based Queueing CBQ 251

8 8.2. CSMA/CD CSU DES DH DHCP DNS DSU ESP Ethernet FTP Carrier Sense Multiple Access with Collision Detection LAN 3 Channel Service Unit TA Terminal Adapter Deta Encryption Standard 1 Diffie-Hellman Key Agreement Diffie Hellman Dynamic Host Configuration Protocol / DHCP DHCP IP DNS DHCP Domain Name System IP DNS DNS IP Digital Service Unit( Encapsulating Security Payload IP ESP LAN Ethernet IEEE802 CSMA/CD File Transfer Protocol FTP FTP FTP FTP 252

8 8.2. FTTH HTML HTTP HTTPS HUB ICMP IEEE IKE IMAP4 Fiber To The Home 2001 HyperText Markup Language < > WWW HTML WWW WWW Hyper Text Transfer Protocol WWW WWW HTML Hyper Text Transfer Protocol Security HTML HTTP SSL 10BASE-T/100BASE-TX 4 8 Internet Control Message Protocol 1 IP ICMP The Institute of Electrical and Electronics Engineers LAN IEEE802 Internet Key Exchange IPsec IKE IPsec Internet Message Access Protocol version4 1 253

8 8.2. IP IPsec IPv4 IPv6 ITU-T MD-5 LAN NAPT Internet Protocol IP IP IP IPsec AH ESP 2 IKE AH ESP IP IPv4 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 IPv6 4 : 16 International Telecommunication Union Telecommunication Standardization Sector ITU Message Digest Algorithm-5 1 Local Area Network Network Address Port Translation 1 1 IP Masquerading NAT 1 1 NAPT 1 254

8 8.2. NAT NetBEUI NetBIOS NNTP NTP NTP ONU OSPF Ping POP3 PPPoE RIP RIPng Network Address Translation NAT NAT NetBIOS Extended User Interface NETBIOS Network Basic Input/Output System IBM LAN Network News Transfer Protocol TCP Network Time Protocol NTP NTP NTP NTP Optical Network Unit Open Shortest Path First LAN TCP/IP ICMP IP Post Office Protocol version3 PPP over Ethernet Ethernet PPP Routing Information Protocol LAN IPv4 RIP IPv6 IPv6 255

8 8.2. Secure Shell SHA-1 SMTP SNMP SNMP SNMP SPI SYSLOG TCP TCP/IP Secure Hash Algorithm-1 1 Simple Mail Transfer Protocol SMTP TCP SMTP SMTP Simple Network Management Protocol SNMP SNMP SNMP Security Parameters Index SPI AH ESP SPI IPsec SPI UNIX Transmission Control Protocol WWW FTP IP TCP Transmission Control Protocol UDP User Datagram Protocol Web TCP/IP 256

8 8.2. Telnet Traceroute transport tunnel UDP URL VLAN VPN WAN Web/ WWW Telecommunication Network TCP CUI Telnet TCP/IP IP IPsec 2 IP IP IPsec 2 IP User Datagram Protocol TCP UDP DHCP SNMP RIP Uniform Resource Locator <scheme>:<scheme-specific-part> scheme scheme-specific-part Virtual LAN LAN LAN Virtual Private Network Wide Area Network LAN World Wide Web WWW HTTP WWW WWW 257

8 8.2. Web/ WWW / WWW Netscape Navigator Internet Explorer Web HTML WWW ID / DES 3DES RC4 preshared key / / InterNIC JPNIC IP / 2 RSA 258

8 8.2. 1 CBQ 100% VPN IP IP IPv6 IPv4 259

8 8.2. IPv4 192.168.0.0 255.255.255.248 192.168.0.0 192.168.0.7 192.168.0.1/24 IP 192.168.0.0 / IP IP IP UNIX OS / MS-DOS Windows Y IP IP NAT/NAPT LAN 260

8 8.2. IPv6 2001:240:fffe:: /48 2001:240:fffe:: 2001:240:fffe:ffff:ffff:ffff:ffff:ffff IP WWW WWW Internet Service Provider ISP TCP UDP IPsec SA 261

8 3 IP IPv4 127.0.0.1 262

9 9.1. 9 CS-SEIL-510/C CS-SEIL-510/C 9.1 SEIL SEIL 9.2 P.268 AC DC5V SEIL AC100V 10 50/60Hz SEIL SEIL SEIL 263

9 9.1. AC AC 264

9 9.1. 9.1.1 7 LED 265

9 9.1. SEIL SEIL とコンピュータは正しく接続されていますか? 特にケーブルはカチッと音がするまで確実に差し込みましたか? はい HUB を経由して複数のコンピュータと接続する場合その HUB の電源は ON になっていますか? はいコンピュータから WWW ブラウザでアクセスしたとき SEIL 前面の LAN0 ポート LINK/ACT LED( 緑 ) は点滅していますか? はいコンピュータの TCP/IP 設定は正しく行われていますか? はい WWW ブラウザの Proxy 設定は使用しないに設定されていますか? はいいいえいいえいいえいいえいいえ SEIL とコンピュータを正しく接続してください HUB の電源を ON にしてくださいケーブルの異常が考えられますケーブルを交換しもう一度試してくださいコンピュータの TCP/IP 設定を正しく行ってください WWW ブラウザの Proxy 設定を使用しないに設定してもう一度試してください SEIL の設定を初期化し最初からやり直してください今度は SEIL の画面が開けましたか? SEIL は初期化するとすべての設定が工場出荷状態に戻りますいいえ LED の点灯状態を確認してください LED の状態が正常でない場合はお買い上げの販売店へご連絡下さい 266

9 9.1. SEIL の画面は開けますか? いいえ前項 SEIL の画面が開けないときのチェックを行ってくださいはい SEIL 前面の LAN1 ポート LINK/ACT LED( 緑 ) の表示状態はどのようになっていますか? 消灯回線が正しく接続されていない可能性があります SEIL とメディアコンバータあるいは ADSL モデム間の配線を確認してください配線は正しく接続されていますか? 点灯もしくは点滅いいえはいネットワーク構成を確認し設定を見直してください第 4 章ケーブルのつなぎ方をご覧になり正しく配線してください回線障害の可能性がありますプロバイダなどにお問い合わせください 267

9 9.2. 9.2 SEIL SEIL 9.1 P.263 SEIL 1. SEIL 2. SEIL RAM LAN 3. LED h LED b LED c SEIL 268

CS-SEIL-510/C ユーザーズガイド コマンドラインインターフェイス編

CS-SEIL-510/C ユーザーズガイドコマンドラインインターフェイス編