## CentreCOM AR415S 設定例集 2.9 ## 179 本社認証サーバーを利用した、リモートオフィスでのユーザー認証(IEEE 802.1X) ## ルーターBのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER CREATE PPP=0 OVER=eth0-ANY SET PPP=0 OVER=eth0-ANY USER=userB@isp PASSWORD=isppasswdB LQR=OFF BAP=OFF ECHO=ON IPREQUEST=ON ENABLE IP ENABLE IP REMOTEASSIGN ADD IP INT=vlan1 IP=192.168.20.1 ADD IP INT=ppp0 IP=0.0.0.0 ADD IP ROUTE=0.0.0.0 MASK=0.0.0.0 INT=ppp0 NEXTHOP=0.0.0.0 ENABLE FIREWALL CREATE FIREWALL POLICY=net ENABLE FIREWALL POLICY=net ICMP_F=PING,UNREACH DISABLE FIREWALL POLICY=net IDENTPROXY ADD FIREWALL POLICY=net INT=vlan1 TYPE=PRIVATE ADD FIREWALL POLICY=net INT=ppp0 TYPE=PUBLIC ADD FIREWALL POLICY=net NAT=ENHANCED INT=vlan1 GBLINT=ppp0 ADD FIREWALL POLICY=net RULE=1 AC=NONAT INT=vlan1 PROT=ALL IP=192.168.20.1-192.168.20.254 SET FIREWALL POLICY=net RULE=1 REMOTEIP=192.168.10.1-192.168.10.254 ADD FIREWALL POLICY=net RULE=2 AC=NONAT INT=ppp0 PROT=ALL IP=192.168.20.1-192.168.20.254 ENCAP=IPSEC # CREATE ENCO KEY=1 TYPE=GENERAL VALUE=secret CREATE ISAKMP POLICY=i PEER=172.16.0.1 KEY=1 SENDN=TRUE LOCALID=CLIENT MODE=AGGRESSIVE HEARTBEATMODE=BOTH CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=DES HASHALG=SHA CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING=1 CREATE IPSEC POLICY=isa INT=ppp0 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY=vpn INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=172.16.0.1 SET IPSEC POLICY=vpn LAD=192.168.20.0 LMA=255.255.255.0 RAD=192.168.10.0 RMA=255.255.255.0 CREATE IPSEC POLICY=inet INT=ppp0 ACTION=PERMIT ENABLE IPSEC ENABLE ISAKMP ADD IP LOCAL=1 IP=192.168.20.2 ADD RADIUS SERVER=192.168.10.2 SECRET=himitsu PORT=1812 ACCPORT=1813 LOCAL=1 ENABLE PORTAUTH=8021x ENABLE PORTAUTH=8021X PORT=1-3 TYPE=AUTHENTICATOR ENABLE DHCP CREATE DHCP POLICY=BASE LEASE=7200 ADD DHCP POLICY=BASE SUBNET=255.255.255.0 ROUTER=192.168.20.1 CREATE DHCP RANGE=LOCAL POLICY=BASE IP=192.168.20.10 NUM=4 PROBE=ARP ADD DHCP RANGE=LOCAL IP=192.168.20.10 ADDRESS=00-11-22-33-44-55 # LOGIN secoff # ENABLE SYSTEM SECURITY_MODE