[index] AT-AR1050V コマンドリファレンス 5.5.4
WAN側物理インターフェース | eth1 |
WAN側(eth1)IPv6アドレス | リンクローカルアドレス |
LAN側(vlan1)IPv6アドレス | ルーター通知(RA)で取得したIPv6プレフィックスにもとづいて設定 |
ピアIPv6アドレス(1本目) | 2001:db8:3c:10::1 |
ピアIPv6アドレス(2本目) | 2001:db8:3c:10::2 |
AmazonルータのピアIP(1本目) | 172.30.0.1/24 |
AmazonルータのピアIP(2本目) | 172.31.0.1/24 |
AWS VPC IPv4 CIDR | 192.168.100.0/24 |
Note
- 本設定例では例示用IPアドレス等を使用しており、実際に設定する値とは異なります。実際の設定時には、ユーザー毎に通知される各種情報をご使用ください。
- 事前に「クラウドゲートウェイ アプリパッケージ」をお申し込みください。
- アプリパッケージポータル『ホーム > エンドユーザ契約情報管理 > 回線制御(拠点ルータ情報管理)』にて各種情報を登録および取得してください。
NoteNDプロキシー機能は本構成に特化した機能です。本構成以外での動作はサポート対象外です。
Noteルーター本体からAWS VPC内のネットワークに対してPing等による疎通確認を実施する場合は、パケットがフィルター等によって破棄されないよう始点IPアドレスを指定してください。
たとえば、pingコマンドで始点アドレスを指定する場合は次のようにします。
awplus# ping 宛先IPv4アドレス source 始点IPv4アドレス ↓
?
」をCLIから入力するには、Ctrl/V
キーを入力してから ?
を入力してください。単に ?
を入力するとCLIヘルプが表示されてしまうためご注意ください。ddns-update-method V6UPDATE update-url https://auth-east.cloudgw.e-ntt.cast.flets-east.jp/regist.php?<PASSWORD> password passwdA update-interval 10 suppress-ipv4-updates accept-invalid-sslcert
ddns enable
interface eth1 ipv6 enable no ipv6 nd accept-ra-pinfo ipv6 nd proxy interface vlan1
interface vlan1 ipv6 ddns-update-method V6UPDATE ip address 192.168.10.1/24 ipv6 address autoconfig eth1 no ipv6 nd suppress-ra ipv6 nd dns-server vlan1
ipv6 forwarding
ip dhcp pool pool10 network 192.168.10.0 255.255.255.0 range 192.168.10.100 192.168.10.131 dns-server 192.168.10.1 default-router 192.168.10.1 lease 0 2 0
service dhcp-server
interface tunnel0 tunnel source vlan1 tunnel destination 2001:db8:3c:10::1 tunnel mode ds-lite ip address 192.0.0.2/29 ip tcp adjust-mss pmtu
interface tunnel1 tunnel source vlan1 tunnel destination 2001:db8:3c:10::2 tunnel mode ds-lite ip address 192.0.2.2/29 ip tcp adjust-mss pmtu
ip route 172.30.0.0/24 tunnel0 ip route 172.31.0.0/24 tunnel1 ip route 192.168.100.0/24 tunnel1 10
ping-poll 1 ip 172.30.0.1 source-ip 192.168.10.1 normal-interval 20 critical-interval 20 up-count 1 fail-count 3 sample-size 3
ping-poll 2 ip 172.31.0.1 source-ip 192.168.10.1 normal-interval 20 critical-interval 20 up-count 1 fail-count 3 sample-size 3 active
trigger 1 type ping-poll 1 down script 1 tunnel0_down.scp script 2 act_ping-poll_2.scp script 3 act_tri.scp trigger 2 type ping-poll 1 up script 1 tunnel0_up.scp script 2 dis_tri.scp script 3 dis_ping-poll_2.scp trigger 3 type ping-poll 2 down script 1 act_tri.scp trigger 4 type ping-poll 2 up script 1 dis_tri.scp trigger 5 type periodic 10 script 1 shut_noshut.scp trigger 6 type reboot script 1 tunnel0_down.scp script 2 act_ping-poll_2.scp script 3 act_tri.scp script 4 dis_act_ping-poll_1.scp
zone ipv4-internal network AWS ip subnet 172.30.0.0/24 ip subnet 172.31.0.0/24 ip subnet 192.168.100.0/24 network lan ip subnet 192.0.0.0/29 ip subnet 192.0.2.0/29 ip subnet 192.168.10.0/24
zone ipv6-internal network lan ipv6 subnet ::/0 interface vlan1 host vlan1 ipv6 address dynamic interface vlan1
zone ipv6-internet network wan ipv6 subnet ::/0 interface eth1 host Cloud_GW ipv6 address 2001:db8:3c:10::1 ipv6 address 2001:db8:3c:10::2 host eth1 ipv6 address dynamic interface eth1
application dhcpv6 protocol udp dport 546 to 547
application icmpv6 protocol ipv6-icmp
application ipip protocol 4
firewall rule 10 permit any from ipv4-internal to ipv4-internal rule 100 permit any from ipv6-internal to ipv6-internal rule 110 permit any from ipv6-internal to ipv6-internet rule 120 permit any from ipv6-internet.wan.eth1 to ipv6-internet rule 130 permit icmpv6 from ipv6-internet to ipv6-internal.lan.vlan1 rule 140 permit dhcpv6 from ipv6-internet to ipv6-internet.wan.eth1 rule 150 permit ipip from ipv6-internet.wan.Cloud_GW to ipv6-internal.lan.vlan1 protect
ip dns forwarding
end
copy running-config startup-config
」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility local5 ↓
awplus# show log | include Firewall ↓
! ddns-update-method V6UPDATE update-url https://auth-east.cloudgw.e-ntt.cast.flets-east.jp/regist.php?<PASSWORD> password passwdA update-interval 10 suppress-ipv4-updates accept-invalid-sslcert ! ddns enable ! interface eth1 ipv6 enable no ipv6 nd accept-ra-pinfo ipv6 nd proxy interface vlan1 ! interface vlan1 ipv6 ddns-update-method V6UPDATE ip address 192.168.10.1/24 ipv6 address autoconfig eth1 no ipv6 nd suppress-ra ipv6 nd dns-server vlan1 ! ipv6 forwarding ! ip dhcp pool pool10 network 192.168.10.0 255.255.255.0 range 192.168.10.100 192.168.10.131 dns-server 192.168.10.1 default-router 192.168.10.1 lease 0 2 0 ! service dhcp-server ! interface tunnel0 tunnel source vlan1 tunnel destination 2001:db8:3c:10::1 tunnel mode ds-lite ip address 192.0.0.2/29 ip tcp adjust-mss pmtu ! interface tunnel1 tunnel source vlan1 tunnel destination 2001:db8:3c:10::2 tunnel mode ds-lite ip address 192.0.2.2/29 ip tcp adjust-mss pmtu ! ip route 172.30.0.0/24 tunnel0 ip route 172.31.0.0/24 tunnel1 ip route 192.168.100.0/24 tunnel1 10 ! ping-poll 1 ip 172.30.0.1 source-ip 192.168.10.1 normal-interval 20 critical-interval 20 up-count 1 fail-count 3 sample-size 3 ! ping-poll 2 ip 172.31.0.1 source-ip 192.168.10.1 normal-interval 20 critical-interval 20 up-count 1 fail-count 3 sample-size 3 active ! trigger 1 type ping-poll 1 down script 1 tunnel0_down.scp script 2 act_ping-poll_2.scp script 3 act_tri.scp trigger 2 type ping-poll 1 up script 1 tunnel0_up.scp script 2 dis_tri.scp script 3 dis_ping-poll_2.scp trigger 3 type ping-poll 2 down script 1 act_tri.scp trigger 4 type ping-poll 2 up script 1 dis_tri.scp trigger 5 type periodic 10 script 1 shut_noshut.scp trigger 6 type reboot script 1 tunnel0_down.scp script 2 act_ping-poll_2.scp script 3 act_tri.scp script 4 dis_act_ping-poll_1.scp ! zone ipv4-internal network AWS ip subnet 172.30.0.0/24 ip subnet 172.31.0.0/24 ip subnet 192.168.100.0/24 network lan ip subnet 192.0.0.0/29 ip subnet 192.0.2.0/29 ip subnet 192.168.10.0/24 ! zone ipv6-internal network lan ipv6 subnet ::/0 interface vlan1 host vlan1 ipv6 address dynamic interface vlan1 ! zone ipv6-internet network wan ipv6 subnet ::/0 interface eth1 host Cloud_GW ipv6 address 2001:db8:3c:10::1 ipv6 address 2001:db8:3c:10::2 host eth1 ipv6 address dynamic interface eth1 ! application dhcpv6 protocol udp dport 546 to 547 ! application icmpv6 protocol ipv6-icmp ! application ipip protocol 4 ! firewall rule 10 permit any from ipv4-internal to ipv4-internal rule 100 permit any from ipv6-internal to ipv6-internal rule 110 permit any from ipv6-internal to ipv6-internet rule 120 permit any from ipv6-internet.wan.eth1 to ipv6-internet rule 130 permit icmpv6 from ipv6-internet to ipv6-internal.lan.vlan1 rule 140 permit dhcpv6 from ipv6-internet to ipv6-internet.wan.eth1 rule 150 permit ipip from ipv6-internet.wan.Cloud_GW to ipv6-internal.lan.vlan1 protect ! ip dns forwarding ! end
enable configure terminal no ip route 192.168.100.0/24 tunnel0
enable configure terminal ip route 192.168.100.0/24 tunnel0
enable configure terminal ping-poll 2 active
enable configure terminal ping-poll 2 no active
enable configure terminal trigger 5 active ddns-update-method V6UPDATE update-interval 10
enable configure terminal trigger 5 no active ddns-update-method V6UPDATE update-interval 60
enable configure terminal interface vlan1 shutdown no shutdown
enable configure terminal ping-poll 1 no active active
(C) 2019 - 2024 アライドテレシスホールディングス株式会社
PN: 613-002735 Rev.AD