## CentreCOM AR550S 設定例集 2.9 ## 124 BGP-4:センターに対するマルチホーム(MED値による負荷分散) ## ルーターのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER ENABLE L2TP ENABLE L2TP SERVER=BOTH SET L2TP PASSWORD=l2tpA ADD L2TP CALL=remote1 REMOTE=remote1 IP=172.16.0.2 TYPE=VIRTUAL PRECEDENCE=OUT PASSWORD=l2tpB ADD L2TP CALL=remote2 REMOTE=remote2 IP=172.16.1.2 TYPE=VIRTUAL PRECEDENCE=OUT PASSWORD=l2tpC CREATE PPP=0 OVER=eth0-ANY SET PPP=0 OVER=eth0-ANY USER=userA@isp1 PASSWORD=isppasswdA LQR=OFF BAP=OFF ECHO=ON CREATE PPP=1 OVER=eth1-ANY SET PPP=1 OVER=eth1-ANY USER=userB@isp2 PASSWORD=isppasswdB LQR=OFF BAP=OFF ECHO=ON CREATE PPP=11 OVER=TNL-remote1 LQR=OFF BAP=OFF ECHO=ON CREATE PPP=12 OVER=TNL-remote2 LQR=OFF BAP=OFF ECHO=ON CREATE VLAN=vlan10 VID=10 CREATE VLAN=vlan20 VID=20 ADD VLAN=vlan10 PORT=1-2 ADD VLAN=vlan20 PORT=3-4 ENABLE IP ADD IP INT=vlan10 IP=192.168.10.1 ADD IP INT=vlan20 IP=192.168.20.1 ADD IP INT=ppp0 IP=172.16.0.1 MASK=255.255.255.255 ADD IP INT=ppp11 IP=192.168.100.1 MASK=255.255.255.0 ADD IP INT=ppp1 IP=172.16.1.1 MASK=255.255.255.255 ADD IP INT=ppp12 IP=192.168.110.1 MASK=255.255.255.0 ADD IP ROUTE=172.16.0.2 MASK=255.255.255.255 INT=ppp0 NEXT=0.0.0.0 ADD IP ROUTE=172.16.1.2 MASK=255.255.255.255 INT=ppp1 NEXT=0.0.0.0 SET IP AUTO=65020 ADD BGP PEER=192.168.100.2 REMOTEAS=65010 ADD BGP PEER=192.168.110.2 REMOTEAS=65010 ADD IP ROUTEMAP=prefix10 ENTRY=1 SET COMMUNITY=65020:10 ADD BGP NETWORK=192.168.10.0/24 ROUTEMAP=prefix10 ADD IP ROUTEMAP=prefix20 ENTRY=1 SET COMMUNITY=65020:20 ADD BGP NETWORK=192.168.20.0/24 ROUTEMAP=prefix20 ADD IP COMMUNITYLIST=1 INCLUDE=65020:10 ADD IP COMMUNITYLIST=2 INCLUDE=65020:20 SET BGP MED=10 ADD IP ROUTEMAP=set_med_ppp11 ENTRY=1 MATCH COMMUNITY=2 ACTION=INCLUDE ADD IP ROUTEMAP=set_med_ppp11 ENTRY=1 SET MED=300 ADD IP ROUTEMAP=set_med_ppp12 ENTRY=1 MATCH COMMUNITY=1 ACTION=INCLUDE ADD IP ROUTEMAP=set_med_ppp12 ENTRY=1 SET MED=300 SET BGP PEER=192.168.100.2 OUTROUTEMAP=set_med_ppp11 SENDCOMMUNITY=YES SET BGP PEER=192.168.110.2 OUTROUTEMAP=set_med_ppp12 SENDCOMMUNITY=YES ENABLE BGP PEER=192.168.100.2 ENABLE BGP PEER=192.168.110.2 # CREATE ENCO KEY=1 TYPE=GENERAL VALUE=secret-ab # CREATE ENCO KEY=2 TYPE=GENERAL VALUE=secret-ac CREATE ISAKMP POLICY=i_B PEER=172.16.0.2 KEY=1 SENDN=TRUE HEARTBEATMODE=BOTH CREATE ISAKMP POLICY=i_C PEER=172.16.1.2 KEY=2 SENDN=TRUE HEARTBEATMODE=BOTH CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=DES HASHALG=SHA CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING=1 CREATE IPSEC POLICY=isa_B INT=ppp0 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY=vpn_B INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=172.16.0.2 SET IPSEC POLICY=vpn_B LAD=172.16.0.1 LPORT=1701 RAD=172.16.0.2 RPORT=1701 CREATE IPSEC POLICY=isa_C INT=ppp1 ACTION=PERMIT LPORT=500 RPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY=vpn_C INT=ppp1 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=172.16.1.2 SET IPSEC POLICY=vpn_C LAD=172.16.1.1 LPORT=1701 RAD=172.16.1.2 RPORT=1701 ENABLE IPSEC ENABLE ISAKMP # LOGIN secoff # ENABLE SYSTEM SECURITY_MODE