[index] AT-AR2050V/AT-AR3050S/AT-AR4050S コマンドリファレンス 5.5.1

| (本製品) | (AR570S) | (本製品) | |
| ISP接続用ユーザー名 | user@ispA | user@ispC | user@ispD | 
| ISP接続用パスワード | isppasswdA | isppasswdC | isppasswdD | 
| WAN側IPアドレス | 10.0.0.1/32 | 10.0.0.2/32 | 10.0.0.3/32 | 
| 接続形態 | 端末型(アドレス1個固定) | 端末型(アドレス1個固定) | 端末型(アドレス1個固定) | 
| WAN側物理インターフェース | eth1 | eth0 | eth1 | 
| WAN側(ppp0)IPアドレス | 10.0.0.1/32 | 10.0.0.2/32 | 10.0.0.3/32 | 
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ip address negotiated ppp username user@ispA ppp password isppasswdA ip tcp adjust-mss pmtu
vlan database vlan 10,20,100 state enable
interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 10,20 switchport trunk native vlan none
interface port1.0.8 switchport switchport mode access switchport access vlan 100
bridge 1 bridge 2
l2tp unmanaged port 1702
interface tunnel0 encapsulation dot1q 10 encapsulation dot1q 20 tunnel source 10.0.0.1 tunnel destination 10.0.0.3 tunnel local id 1 tunnel remote id 2 tunnel mode l2tp v3 tunnel df clear mtu 1500
interface tunnel0.20 mtu 1500 bridge-group 2
interface tunnel0.10 mtu 1500 bridge-group 1
interface vlan10 bridge-group 1
interface vlan20 bridge-group 2
interface vlan100 ip address 172.16.100.1/24
application l2tpv3 protocol udp sport 1702 dport 1702
zone private network lan ip subnet 172.16.100.0/24 ip subnet 192.168.10.0/24 ip subnet 192.168.20.0/24 host RouterB ip address 172.16.100.2
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.1
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit l2tp from public.wan.ppp0 to public.wan rule 40 permit l2tp from public.wan to public.wan.ppp0 rule 50 permit l2tpv3 from public.wan.ppp0 to public.wan rule 60 permit l2tpv3 from public.wan to public.wan.ppp0 protect
nat rule 10 masq any from private to public rule 20 portfwd l2tp from public.wan with dst private.lan.RouterB enable
ip route 0.0.0.0/0 ppp0
end
NoteAR570Sの設定に関する詳細は、AR570Sのドキュメントをご参照ください。
enable l2tp enable l2tp server=both add l2tp password=secret add l2tp call=center rem=branch1 ip=10.0.0.2 ty=virtual pass=secret prec=in
create vlan=vlan10 vid=10 add vlan=10 port=1 frame=tagged create vlan=vlan20 vid=20 add vlan=20 port=1 frame=tagged delete vlan=default port=1
create ppp=10 idle=999999999 over=TNL-center set ppp=10 lqr=off bap=off
enable ip add ip int=eth0 ip=172.16.100.2 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=172.16.100.1
enable bridge add bridge protocol=1 type=IP add bridge protocol=2 type=ARP set brid stripv=no add brid po=1 int=vlan10 add brid po=2 int=vlan20 add brid po=3 int=ppp10 set brid fil=1 po=3 set brid fil=2 po=1,2 set brid po=1 fil=1 set brid po=2 fil=1 set brid po=3 fil=2
NoteAR570Sの設定に関する詳細は、AR570Sのドキュメントをご参照ください。
enable l2tp enable l2tp server=both add l2tp password=secret add l2tp call=branch1 rem=center ip=10.0.0.1 ty=virtual pass=secret prec=out
create vlan=vlan10 vid=10 add vlan=10 port=1 frame=tagged create vlan=vlan20 vid=20 add vlan=20 port=1 frame=tagged delete vlan=default port=1
create ppp=0 over=eth0-any set ppp=0 bap=off iprequest=on username=user@ispC password=isppasswdC set ppp=0 over=eth0-any lqr=off echo=10
create ppp=10 idle=999999999 over=TNL-branch1 set ppp=10 lqr=off bap=off
enable ip enable ip remote add ip int=ppp0 ip=10.0.0.2 mask=255.255.255.255 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0
enable firewall create firewall policy=net disable firewall policy=net identproxy enable firewall policy=net icmp_f=unre,ping add firewall policy=net int=ppp0 type=public add firewall poli=net ru=1 ac=allo int=ppp0 prot=udp po=1701
enable bridge add bridge protocol=1 type=IP add bridge protocol=2 type=ARP set brid stripv=no add brid po=1 int=vlan10 add brid po=2 int=vlan20 add brid po=3 int=ppp10 set brid fil=1 po=3 set brid fil=2 po=1,2 set brid po=1 fil=1 set brid po=2 fil=1 set brid po=3 fil=2
no spanning-tree rstp enable
interface eth1 encapsulation ppp 0
interface ppp0 keepalive ip address negotiated ppp username user@ispD ppp password isppasswdD ip tcp adjust-mss pmtu
vlan database vlan 10,20 state enable
interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 10,20 switchport trunk native vlan none
bridge 1 bridge 2
l2tp unmanaged port 1702
interface tunnel0 encapsulation dot1q 10 encapsulation dot1q 20 tunnel source 10.0.0.3 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel mode l2tp v3 tunnel df clear mtu 1500
interface tunnel0.20 mtu 1500 bridge-group 2
interface tunnel0.10 mtu 1500 bridge-group 1
interface vlan10 bridge-group 1
interface vlan20 bridge-group 2
application l2tpv3 protocol udp sport 1702 dport 1702
zone private network lan ip subnet 192.168.10.0/24 ip subnet 192.168.20.0/24
zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.3
firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit l2tpv3 from public.wan.ppp0 to public.wan rule 40 permit l2tpv3 from public.wan to public.wan.ppp0 protect
nat rule 10 masq any from private to public enable
ip route 0.0.0.0/0 ppp0
end
copy running-config startup-config」の書式で実行します。awplus# copy running-config startup-config ↓ Building configuration... [OK]
awplus# write memory ↓ Building configuration... [OK]
awplus(config)# log buffered level informational facility local5 ↓
awplus# show log | include Firewall ↓
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ip address negotiated ppp username user@ispA ppp password isppasswdA ip tcp adjust-mss pmtu ! vlan database vlan 10,20,100 state enable ! interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 10,20 switchport trunk native vlan none ! interface port1.0.8 switchport switchport mode access switchport access vlan 100 ! bridge 1 bridge 2 ! l2tp unmanaged port 1702 ! interface tunnel0 encapsulation dot1q 10 encapsulation dot1q 20 tunnel source 10.0.0.1 tunnel destination 10.0.0.3 tunnel local id 1 tunnel remote id 2 tunnel mode l2tp v3 tunnel df clear mtu 1500 ! interface tunnel0.20 mtu 1500 bridge-group 2 ! interface tunnel0.10 mtu 1500 bridge-group 1 ! interface vlan10 bridge-group 1 ! interface vlan20 bridge-group 2 ! interface vlan100 ip address 172.16.100.1/24 ! application l2tpv3 protocol udp sport 1702 dport 1702 ! zone private network lan ip subnet 172.16.100.0/24 ip subnet 192.168.10.0/24 ip subnet 192.168.20.0/24 host RouterB ip address 172.16.100.2 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.1 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit l2tp from public.wan.ppp0 to public.wan rule 40 permit l2tp from public.wan to public.wan.ppp0 rule 50 permit l2tpv3 from public.wan.ppp0 to public.wan rule 60 permit l2tpv3 from public.wan to public.wan.ppp0 protect ! nat rule 10 masq any from private to public rule 20 portfwd l2tp from public.wan with dst private.lan.RouterB enable ! ip route 0.0.0.0/0 ppp0 ! end
NoteAR570Sの設定に関する詳細は、AR570Sのドキュメントをご参照ください。
enable l2tp enable l2tp server=both add l2tp password=secret add l2tp call=center rem=branch1 ip=10.0.0.2 ty=virtual pass=secret prec=in create vlan=vlan10 vid=10 add vlan=10 port=1 frame=tagged create vlan=vlan20 vid=20 add vlan=20 port=1 frame=tagged delete vlan=default port=1 create ppp=10 idle=999999999 over=TNL-center set ppp=10 lqr=off bap=off enable ip add ip int=eth0 ip=172.16.100.2 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0.0.0.0 int=eth0 next=172.16.100.1 enable bridge add bridge protocol=1 type=IP add bridge protocol=2 type=ARP set brid stripv=no add brid po=1 int=vlan10 add brid po=2 int=vlan20 add brid po=3 int=ppp10 set brid fil=1 po=3 set brid fil=2 po=1,2 set brid po=1 fil=1 set brid po=2 fil=1 set brid po=3 fil=2
NoteAR570Sの設定に関する詳細は、AR570Sのドキュメントをご参照ください。
enable l2tp enable l2tp server=both add l2tp password=secret add l2tp call=branch1 rem=center ip=10.0.0.1 ty=virtual pass=secret prec=out create vlan=vlan10 vid=10 add vlan=10 port=1 frame=tagged create vlan=vlan20 vid=20 add vlan=20 port=1 frame=tagged delete vlan=default port=1 create ppp=0 over=eth0-any set ppp=0 bap=off iprequest=on username=user@ispC password=isppasswdC set ppp=0 over=eth0-any lqr=off echo=10 create ppp=10 idle=999999999 over=TNL-branch1 set ppp=10 lqr=off bap=off enable ip enable ip remote add ip int=ppp0 ip=10.0.0.2 mask=255.255.255.255 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0 enable firewall create firewall policy=net disable firewall policy=net identproxy enable firewall policy=net icmp_f=unre,ping add firewall policy=net int=ppp0 type=public add firewall poli=net ru=1 ac=allo int=ppp0 prot=udp po=1701 enable bridge add bridge protocol=1 type=IP add bridge protocol=2 type=ARP set brid stripv=no add brid po=1 int=vlan10 add brid po=2 int=vlan20 add brid po=3 int=ppp10 set brid fil=1 po=3 set brid fil=2 po=1,2 set brid po=1 fil=1 set brid po=2 fil=1 set brid po=3 fil=2
! no spanning-tree rstp enable ! interface eth1 encapsulation ppp 0 ! interface ppp0 keepalive ip address negotiated ppp username user@ispD ppp password isppasswdD ip tcp adjust-mss pmtu ! vlan database vlan 10,20 state enable ! interface port1.0.1 switchport switchport mode trunk switchport trunk allowed vlan add 10,20 switchport trunk native vlan none ! bridge 1 bridge 2 ! l2tp unmanaged port 1702 ! interface tunnel0 encapsulation dot1q 10 encapsulation dot1q 20 tunnel source 10.0.0.3 tunnel destination 10.0.0.1 tunnel local id 2 tunnel remote id 1 tunnel mode l2tp v3 tunnel df clear mtu 1500 ! interface tunnel0.20 mtu 1500 bridge-group 2 ! interface tunnel0.10 mtu 1500 bridge-group 1 ! interface vlan10 bridge-group 1 ! interface vlan20 bridge-group 2 ! application l2tpv3 protocol udp sport 1702 dport 1702 ! zone private network lan ip subnet 192.168.10.0/24 ip subnet 192.168.20.0/24 ! zone public network wan ip subnet 0.0.0.0/0 interface ppp0 host ppp0 ip address 10.0.0.3 ! firewall rule 10 permit any from private to private rule 20 permit any from private to public rule 30 permit l2tpv3 from public.wan.ppp0 to public.wan rule 40 permit l2tpv3 from public.wan to public.wan.ppp0 protect ! nat rule 10 masq any from private to public enable ! ip route 0.0.0.0/0 ppp0 ! end
(C) 2015 - 2021 アライドテレシスホールディングス株式会社
PN: 613-002107 Rev.AQ