[index] AT-AR2050V/AT-AR3050S/AT-AR4050S コマンドリファレンス 5.5.0

| CUG接続用ユーザー名 | userA@cug | userB@cug | |
| CUG接続用パスワード | cugpasswdA | cugpasswdB | |
| WAN側IPアドレス | 10.0.0.10/32 | 10.0.0.20/32 | |
| CUG接続用ユーザー名 | userA1@cug | userB1@cug | |
| CUG接続用パスワード | cugpasswdA1 | cugpasswdB1 | |
| WAN側IPアドレス | 10.0.0.11/32 | 10.0.0.21/32 | |
| CUG接続用ユーザー名 | userA2@cug | userB2@cug | |
| CUG接続用パスワード | cugpasswdA2 | cugpasswdB2 | |
| WAN側IPアドレス | 10.0.0.12/32 | 10.0.0.22/32 | |
| CUG接続用ユーザー名 | userA3@cug | userB3@cug | |
| CUG接続用パスワード | cugpasswdA3 | cugpasswdB3 | |
| WAN側IPアドレス | 10.0.0.13/32 | 10.0.0.23/32 | |
| WAN側(CUG)物理インターフェース(1) | eth1 | eth1 | |
| WAN側(ppp0)IPアドレス | 10.0.0.10/32 | 10.0.0.20/32 | |
| LAN側(vlan1)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 | |
| IPsecトンネル(tunnel0)IPアドレス | 172.16.10.1/30 | 172.16.10.2/30 | |
| WAN側(ppp1)IPアドレス | 10.0.0.11/32 | 10.0.0.21/32 | |
| LAN側(vlan10)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 | |
| IPsecトンネル(tunnel1)IPアドレス | 172.16.11.1/30 | 172.16.11.2/30 | |
| WAN側(ppp2)IPアドレス | 10.0.0.12/32 | 10.0.0.22/32 | |
| LAN側(vlan20)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 | |
| IPsecトンネル(tunnel2)IPアドレス | 172.16.12.1/30 | 172.16.12.2/30 | |
| WAN側(ppp3)IPアドレス | 10.0.0.13/32 | 10.0.0.23/32 | |
| LAN側(vlan30)IPアドレス | 192.168.10.1/24 | 192.168.20.1/24 | |
| IPsecトンネル(tunnel3)IPアドレス | 172.16.13.1/30 | 172.16.13.2/30 | |
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0 encapsulation ppp 1 encapsulation ppp 2 encapsulation ppp 3
interface ppp0 keepalive ppp username userA@cug ppp password cugpasswdA ip address 10.0.0.10/32 ip tcp adjust-mss pmtu
interface ppp1 keepalive ppp username userA1@cug ppp password cugpasswdA1 ip address 10.0.0.11/32 ip tcp adjust-mss pmtu
interface ppp2 keepalive ppp username userA2@cug ppp password cugpasswdA2 ip address 10.0.0.12/32 ip tcp adjust-mss pmtu
interface ppp3 keepalive ppp username userA3@cug ppp password cugpasswdA3 ip address 10.0.0.13/32 ip tcp adjust-mss pmtu
ip vrf VRF1 1
ip vrf VRF2 2
ip vrf VRF3 3 rd 1000:1
vlan database vlan 10,20,30 state enable
interface vlan1 ip address 192.168.10.1/24
interface vlan10 ip vrf forwarding VRF1 ip address 192.168.10.1/24
interface vlan20 ip vrf forwarding VRF2 ip address 192.168.10.1/24
interface vlan30 ip vrf forwarding VRF3 ip address 192.168.10.1/24
interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 1,10,20,30 switchport trunk native vlan none
crypto isakmp key secret0 address 10.0.0.20 crypto isakmp key secret1 address 10.0.0.21 crypto isakmp key secret2 address 10.0.0.22 crypto isakmp key secret3 address 10.0.0.23
interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 10.0.0.20 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.10.1/30 ip tcp adjust-mss 1260
interface tunnel1 mtu 1300 ip vrf forwarding VRF1 tunnel source ppp1 tunnel destination 10.0.0.21 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.11.1/30 ip tcp adjust-mss 1260
interface tunnel2 mtu 1300 ip vrf forwarding VRF2 tunnel source ppp2 tunnel destination 10.0.0.22 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.12.1/30 ip tcp adjust-mss 1260
interface tunnel3 mtu 1300 ip vrf forwarding VRF3 tunnel source ppp3 tunnel destination 10.0.0.23 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.13.1/30 ip tcp adjust-mss 1260
router rip address-family ipv4 vrf VRF1 network 172.16.11.0/30 network 192.168.10.0/24 exit-address-family
router ospf 1 VRF2 ospf router-id 0.0.0.1 network 172.16.12.0/30 area 0.0.0.0 network 192.168.10.0/24 area 0.0.0.0
router bgp 1000 ! address-family ipv4 vrf VRF3 network 172.16.13.0/30 network 192.168.10.0/24 neighbor 172.16.13.2 remote-as 2000 neighbor 172.16.13.2 activate neighbor 192.168.10.10 remote-as 1001 neighbor 192.168.10.10 activate exit-address-family
ip route 10.0.0.20/32 ppp0 ip route 10.0.0.21/32 ppp1 ip route 10.0.0.22/32 ppp2 ip route 10.0.0.23/32 ppp3 ip route 192.168.20.0/24 tunnel0 ip route 192.168.20.0/24 Null 254
end
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0 encapsulation ppp 1 encapsulation ppp 2 encapsulation ppp 3
interface ppp0 keepalive ppp username userB@cug ppp password cugpasswdB ip address 10.0.0.20/32 ip tcp adjust-mss pmtu
interface ppp1 keepalive ppp username userB1@cug ppp password cugpasswdB1 ip address 10.0.0.21/32 ip tcp adjust-mss pmtu
interface ppp2 keepalive ppp username userB2@cug ppp password cugpasswdB2 ip address 10.0.0.22/32 ip tcp adjust-mss pmtu
interface ppp3 keepalive ppp username userB3@cug ppp password cugpasswdB3 ip address 10.0.0.23/32 ip tcp adjust-mss pmtu
ip vrf VRF1 1
ip vrf VRF2 2
ip vrf VRF3 3 rd 2000:1
vlan database vlan 10,20,30 state enable
interface vlan1 ip address 192.168.20.1/24
interface vlan10 ip vrf forwarding VRF1 ip address 192.168.20.1/24
interface vlan20 ip vrf forwarding VRF2 ip address 192.168.20.1/24
interface vlan30 ip vrf forwarding VRF3 ip address 192.168.20.1/24
interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 1,10,20,30 switchport trunk native vlan none
crypto isakmp key secret0 address 10.0.0.10 crypto isakmp key secret1 address 10.0.0.11 crypto isakmp key secret2 address 10.0.0.12 crypto isakmp key secret3 address 10.0.0.13
interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 10.0.0.10 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.10.2/30 ip tcp adjust-mss 1260
interface tunnel1 mtu 1300 ip vrf forwarding VRF1 tunnel source ppp1 tunnel destination 10.0.0.11 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.11.2/30 ip tcp adjust-mss 1260
interface tunnel2 mtu 1300 ip vrf forwarding VRF2 tunnel source ppp2 tunnel destination 10.0.0.12 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.12.2/30 ip tcp adjust-mss 1260
interface tunnel3 mtu 1300 ip vrf forwarding VRF3 tunnel source ppp3 tunnel destination 10.0.0.13 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.13.2/30 ip tcp adjust-mss 1260
router rip address-family ipv4 vrf VRF1 network 172.16.11.0/30 network 192.168.20.0/24 exit-address-family
router ospf 1 VRF2 ospf router-id 0.0.0.2 network 172.16.12.0/30 area 0.0.0.0 network 192.168.20.0/24 area 0.0.0.0
router bgp 2000 address-family ipv4 vrf VRF3 network 172.16.13.0/30 network 192.168.20.0/24 neighbor 172.16.13.1 remote-as 1000 neighbor 172.16.13.1 activate neighbor 192.168.20.10 remote-as 2001 neighbor 192.168.20.10 activate exit-address-family
ip route 10.0.0.10/32 ppp0 ip route 10.0.0.11/32 ppp1 ip route 10.0.0.12/32 ppp2 ip route 10.0.0.13/32 ppp3 ip route 192.168.10.0/24 tunnel0 ip route 192.168.10.0/24 Null 254
end
copy running-config startup-config」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility kern msgtext Firewall ↓
awplus# show log | include Firewall ↓
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 encapsulation ppp 1 encapsulation ppp 2 encapsulation ppp 3 ! interface ppp0 keepalive ppp username userA@cug ppp password cugpasswdA ip address 10.0.0.10/32 ip tcp adjust-mss pmtu ! interface ppp1 keepalive ppp username userA1@cug ppp password cugpasswdA1 ip address 10.0.0.11/32 ip tcp adjust-mss pmtu ! interface ppp2 keepalive ppp username userA2@cug ppp password cugpasswdA2 ip address 10.0.0.12/32 ip tcp adjust-mss pmtu ! interface ppp3 keepalive ppp username userA3@cug ppp password cugpasswdA3 ip address 10.0.0.13/32 ip tcp adjust-mss pmtu ! ip vrf VRF1 1 ! ip vrf VRF2 2 ! ip vrf VRF3 3 rd 1000:1 ! vlan database vlan 10,20,30 state enable ! interface vlan1 ip address 192.168.10.1/24 ! interface vlan10 ip vrf forwarding VRF1 ip address 192.168.10.1/24 ! interface vlan20 ip vrf forwarding VRF2 ip address 192.168.10.1/24 ! interface vlan30 ip vrf forwarding VRF3 ip address 192.168.10.1/24 ! interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 1,10,20,30 switchport trunk native vlan none ! crypto isakmp key secret0 address 10.0.0.20 crypto isakmp key secret1 address 10.0.0.21 crypto isakmp key secret2 address 10.0.0.22 crypto isakmp key secret3 address 10.0.0.23 ! interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 10.0.0.20 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.10.1/30 ip tcp adjust-mss 1260 ! interface tunnel1 mtu 1300 ip vrf forwarding VRF1 tunnel source ppp1 tunnel destination 10.0.0.21 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.11.1/30 ip tcp adjust-mss 1260 ! interface tunnel2 mtu 1300 ip vrf forwarding VRF2 tunnel source ppp2 tunnel destination 10.0.0.22 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.12.1/30 ip tcp adjust-mss 1260 ! interface tunnel3 mtu 1300 ip vrf forwarding VRF3 tunnel source ppp3 tunnel destination 10.0.0.23 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.13.1/30 ip tcp adjust-mss 1260 ! router rip address-family ipv4 vrf VRF1 network 172.16.11.0/30 network 192.168.10.0/24 exit-address-family ! router ospf 1 VRF2 ospf router-id 0.0.0.1 network 172.16.12.0/30 area 0.0.0.0 network 192.168.10.0/24 area 0.0.0.0 ! router bgp 1000 ! address-family ipv4 vrf VRF3 network 172.16.13.0/30 network 192.168.10.0/24 neighbor 172.16.13.2 remote-as 2000 neighbor 172.16.13.2 activate neighbor 192.168.10.10 remote-as 1001 neighbor 192.168.10.10 activate exit-address-family ! ip route 10.0.0.20/32 ppp0 ip route 10.0.0.21/32 ppp1 ip route 10.0.0.22/32 ppp2 ip route 10.0.0.23/32 ppp3 ip route 192.168.20.0/24 tunnel0 ip route 192.168.20.0/24 Null 254 ! end
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 encapsulation ppp 1 encapsulation ppp 2 encapsulation ppp 3 ! interface ppp0 keepalive ppp username userB@cug ppp password cugpasswdB ip address 10.0.0.20/32 ip tcp adjust-mss pmtu ! interface ppp1 keepalive ppp username userB1@cug ppp password cugpasswdB1 ip address 10.0.0.21/32 ip tcp adjust-mss pmtu ! interface ppp2 keepalive ppp username userB2@cug ppp password cugpasswdB2 ip address 10.0.0.22/32 ip tcp adjust-mss pmtu ! interface ppp3 keepalive ppp username userB3@cug ppp password cugpasswdB3 ip address 10.0.0.23/32 ip tcp adjust-mss pmtu ! ip vrf VRF1 1 ! ip vrf VRF2 2 ! ip vrf VRF3 3 rd 2000:1 ! vlan database vlan 10,20,30 state enable ! interface vlan1 ip address 192.168.20.1/24 ! interface vlan10 ip vrf forwarding VRF1 ip address 192.168.20.1/24 ! interface vlan20 ip vrf forwarding VRF2 ip address 192.168.20.1/24 ! interface vlan30 ip vrf forwarding VRF3 ip address 192.168.20.1/24 ! interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 1,10,20,30 switchport trunk native vlan none ! crypto isakmp key secret0 address 10.0.0.10 crypto isakmp key secret1 address 10.0.0.11 crypto isakmp key secret2 address 10.0.0.12 crypto isakmp key secret3 address 10.0.0.13 ! interface tunnel0 mtu 1300 tunnel source ppp0 tunnel destination 10.0.0.10 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.10.2/30 ip tcp adjust-mss 1260 ! interface tunnel1 mtu 1300 ip vrf forwarding VRF1 tunnel source ppp1 tunnel destination 10.0.0.11 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.11.2/30 ip tcp adjust-mss 1260 ! interface tunnel2 mtu 1300 ip vrf forwarding VRF2 tunnel source ppp2 tunnel destination 10.0.0.12 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.12.2/30 ip tcp adjust-mss 1260 ! interface tunnel3 mtu 1300 ip vrf forwarding VRF3 tunnel source ppp3 tunnel destination 10.0.0.13 tunnel protection ipsec tunnel mode ipsec ipv4 ip address 172.16.13.2/30 ip tcp adjust-mss 1260 ! router rip address-family ipv4 vrf VRF1 network 172.16.11.0/30 network 192.168.20.0/24 exit-address-family ! router ospf 1 VRF2 ospf router-id 0.0.0.2 network 172.16.12.0/30 area 0.0.0.0 network 192.168.20.0/24 area 0.0.0.0 ! router bgp 2000 address-family ipv4 vrf VRF3 network 172.16.13.0/30 network 192.168.20.0/24 neighbor 172.16.13.1 remote-as 1000 neighbor 172.16.13.1 activate neighbor 192.168.20.10 remote-as 2001 neighbor 192.168.20.10 activate exit-address-family ! ip route 10.0.0.10/32 ppp0 ip route 10.0.0.11/32 ppp1 ip route 10.0.0.12/32 ppp2 ip route 10.0.0.13/32 ppp3 ip route 192.168.10.0/24 tunnel0 ip route 192.168.10.0/24 Null 254 ! end
(C) 2015 - 2021 アライドテレシスホールディングス株式会社
PN: 613-002107 Rev.AL