## CentreCOM AR550S ݒW 2.9
##  179 {ДF؃T[o[𗘗pA[gItBXł̃[U[F؁iIEEE 802.1Xj
##  [^[B̃RtBO
##
## u#vŎn܂śAR\[͂ȂƈӖȂR}hłB

add user=secoff password=PasswordS privilege=securityofficer
create ppp=0 over=eth0-any
set ppp=0 over=eth0-any user=userB@isp password=isppasswdB lqr=off bap=off echo=on iprequest=on
enable ip
enable ip remoteassign
add ip int=eth1 ip=192.168.20.1
add ip int=ppp0 ip=0.0.0.0
add ip route=0.0.0.0 mask=0.0.0.0 int=ppp0 nexthop=0.0.0.0
enable firewall
create firewall policy=net
enable firewall policy=net icmp_f=ping,unreach
disable firewall policy=net identproxy
add firewall policy=net int=eth1 type=private
add firewall policy=net int=ppp0 type=public
add firewall policy=net nat=enhanced int=eth1 gblint=ppp0
add firewall policy=net rule=1 ac=nonat int=eth1 prot=all ip=192.168.20.1-192.168.20.254
set firewall policy=net rule=1 remoteip=192.168.10.1-192.168.10.254
add firewall policy=net rule=2 ac=nonat int=ppp0 prot=all ip=192.168.20.1-192.168.20.254 encap=ipsec
# create enco key=1 type=general value=secret
create isakmp policy=i peer=172.16.0.1 key=1 sendn=true localid=client mode=aggressive heartbeatmode=both
create ipsec saspec=1 keyman=isakmp protocol=esp encalg=des hashalg=sha
create ipsec bundle=1 keyman=isakmp string=1
create ipsec policy=isa int=ppp0 action=permit lport=500 rport=500 transport=UDP
create ipsec policy=vpn int=ppp0 action=ipsec keyman=isakmp bundle=1 peer=172.16.0.1
set ipsec policy=vpn lad=192.168.20.0 lma=255.255.255.0 rad=192.168.10.0 rma=255.255.255.0
create ipsec policy=inet int=ppp0 action=permit
enable ipsec
enable isakmp
add ip local=1 ip=192.168.20.2
add radius server=192.168.10.2 secret=himitsu port=1812 accport=1813 local=1
enable portauth=8021x
enable portauth=8021x port=eth1 type=authenticator mode=multi
set portauth=8021x port=eth1 supplicantmac=00-11-22-33-44-55 control=authorised
disable switch port=1-5
enable dhcp
create dhcp policy=base lease=7200
add dhcp policy=base subnet=255.255.255.0 router=192.168.20.1
create dhcp range=local policy=base ip=192.168.20.10 num=10 probe=arp
add dhcp range=local ip=192.168.20.10 address=00-11-22-33-44-55
# login secoff
# enable system security_mode
