Last active
May 21, 2024 03:56
-
-
Save pandax381/31f52e436912229cccca678c03a91145 to your computer and use it in GitHub Desktop.
IX3315 にフレッツ光クロス2回線(OCNバーチャルコネクトおよびv6プラス固定IP)を収容するためのコンフィグ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
! NEC Portable Internetwork Core Operating System Software | |
! IX Series IX3315 (magellan-sec) Software, Version 10.7.18, RELEASE SOFTWARE | |
! Compiled Oct 25-Tue-2022 12:28:03 JST #2 | |
! Current time Apr 26-Wed-2023 16:52:00 JST | |
! | |
timezone +09 00 | |
! | |
logging buffered 819200 | |
logging subsystem flt warn | |
logging subsystem mape debug | |
logging subsystem mflt warn | |
logging timestamp datetime | |
! | |
! | |
! | |
ntp server 210.173.160.87 priority 30 | |
ntp server 210.173.160.57 priority 20 | |
ntp server 210.173.160.27 priority 10 | |
! | |
! | |
ip ufs-cache max-entries 20000 | |
ip ufs-cache enable | |
ip route default Tunnel0.0 | |
ip route default Tunnel1.0 distance 100 | |
ip dhcp enable | |
ip access-list deny-all deny ip src any dest any | |
ip access-list deny-from-wan deny ip src 0.0.0.0/8 dest any | |
ip access-list deny-from-wan deny ip src 10.0.0.0/8 dest any | |
ip access-list deny-from-wan deny ip src 172.16.0.0/12 dest any | |
ip access-list deny-from-wan deny ip src 192.168.0.0/16 dest any | |
ip access-list deny-from-wan deny ip src 127.0.0.0/8 dest any | |
ip access-list deny-from-wan deny ip src 169.254.0.0/16 dest any | |
ip access-list deny-from-wan deny ip src 192.0.2.0/24 dest any | |
ip access-list deny-from-wan deny ip src 224.0.0.0/3 dest any | |
ip access-list deny-from-wan deny ip src 198.18.0.0/15 dest any | |
ip access-list deny-to-wan deny ip src any dest 0.0.0.0/8 | |
ip access-list deny-to-wan deny ip src any dest 10.0.0.0/8 | |
ip access-list deny-to-wan deny ip src any dest 172.16.0.0/12 | |
ip access-list deny-to-wan deny ip src any dest 192.168.0.0/16 | |
ip access-list deny-to-wan deny ip src any dest 127.0.0.0/8 | |
ip access-list deny-to-wan deny ip src any dest 169.254.0.0/16 | |
ip access-list deny-to-wan deny ip src any dest 192.0.2.0/24 | |
ip access-list deny-to-wan deny ip src any dest 224.0.0.0/3 | |
ip access-list deny-to-wan deny ip src any dest 198.18.0.0/15 | |
ip access-list permit-all permit ip src any dest any | |
ip access-list permit-dhcpc permit udp src any sport eq 68 dest any dport eq 67 | |
ip access-list permit-dhcps permit udp src any sport eq 67 dest any dport eq 68 | |
ip access-list permit-estab permit tcp established src any sport any dest any dport any | |
ip access-list permit-icmp permit icmp src any dest any | |
ip access-list permit-lan1 permit ip src 192.168.0.0/24 dest any | |
ip access-list permit-lan2 permit ip src 192.168.1.0/24 dest any | |
ip access-list dynamic timer tcp-fin-timeout 30 | |
ip access-list dynamic permit-dyn-all access permit-all | |
ip access-list dynamic permit-dyn-lan1 access permit-lan1 | |
ip access-list dynamic permit-dyn-lan2 access permit-lan2 | |
ip filter forced-reassembly | |
ip local policy route-map ipv4-over-ipv6 | |
! | |
! | |
ipv6 ufs-cache max-entries 10000 | |
ipv6 ufs-cache enable | |
ipv6 route ${BRアドレス}/128 GigaEthernet2.1 dhcp | |
ipv6 route ${BRアドレス}/128 GigaEthernet2.2 dhcp | |
ipv6 dhcp enable | |
ipv6 access-list deny-all deny ip src any dest any | |
ipv6 access-list ngn1 permit ip src ${IPv6プレフィクス}::/56 dest any | |
ipv6 access-list ngn1-out permit ip src fe80::/10 dest any | |
ipv6 access-list ngn1-out permit ip src ff00::/8 dest any | |
ipv6 access-list ngn1-out permit ip src ${IPv6プレフィクス}::/56 dest any | |
ipv6 access-list ngn2 permit ip src ${IPv6プレフィクス}::/56 dest any | |
ipv6 access-list ngn2-out permit ip src fe80::/10 dest any | |
ipv6 access-list ngn2-out permit ip src ff00::/8 dest any | |
ipv6 access-list ngn2-out permit ip src ${IPv6プレフィクス}::/56 dest any | |
ipv6 access-list permit-all permit ip src any dest any | |
ipv6 access-list permit-dhcp6c permit udp src any sport eq 546 dest any dport eq 547 | |
ipv6 access-list permit-dhcp6s permit udp src any sport eq 547 dest any dport eq 546 | |
ipv6 access-list permit-estab permit tcp established src any sport any dest any dport any | |
ipv6 access-list permit-icmp6 permit icmp src any dest any | |
ipv6 access-list permit-ipip6 permit 4 src any dest any | |
ipv6 access-list dynamic cache 65535 | |
ipv6 access-list dynamic timer tcp-fin-timeout 30 | |
ipv6 access-list dynamic dyn-ngn1-out access ngn1-out | |
ipv6 access-list dynamic dyn-ngn2-out access ngn2-out | |
ipv6 access-list dynamic permit-dyn-all access permit-all | |
ipv6 local policy route-map ngn | |
! | |
! | |
! | |
! | |
! | |
! | |
! | |
! | |
! | |
proxy-dns ip enable | |
proxy-dns ip request both | |
! | |
! | |
ddns enable | |
! | |
! | |
! | |
route-map ipv4-over-ipv6 permit 10 | |
match ip address access-list permit-lan1 | |
set interface Tunnel0.0 | |
! | |
route-map ipv4-over-ipv6 permit 20 | |
match ip address access-list permit-lan2 | |
set interface Tunnel1.0 | |
! | |
route-map ngn permit 10 | |
match ipv6 address access-list ngn1 | |
set interface GigaEthernet2.1 | |
! | |
route-map ngn permit 20 | |
match ipv6 address access-list ngn2 | |
set interface GigaEthernet2.2 | |
! | |
ip dhcp profile lan1 | |
dns-server 192.168.0.1 | |
! | |
ip dhcp profile lan2 | |
dns-server 192.168.1.1 | |
! | |
ipv6 dhcp client-profile ngn2 | |
option-request dns-servers | |
ia-pd redistribute pool ngn2 0:0:0:10::/60 | |
ia-pd subscriber GigaEthernet3.2 ::/64 eui-64 | |
! | |
ipv6 dhcp client-profile ngn1 | |
option-request dns-servers | |
ia-pd redistribute pool ngn1 0:0:0:10::/60 | |
ia-pd subscriber GigaEthernet3.1 ::/64 eui-64 | |
! | |
ipv6 dhcp server-profile lan1 | |
dns-server dhcp | |
ia-pd redistribute-prefix pool ngn1 | |
! | |
ipv6 dhcp server-profile lan2 | |
dns-server dhcp | |
ia-pd redistribute-prefix pool ngn2 | |
! | |
ddns profile v6plus-update | |
url ${アップデートサーバのURL} | |
query user=${ユーザID}&pass=${パスワード} | |
transport ip | |
source-interface GigaEthernet3.2 | |
update-interval 10 | |
! | |
device GigaEthernet0 | |
! | |
device GigaEthernet1 | |
! | |
device GigaEthernet2 | |
connector-type sfp | |
! | |
device GigaEthernet3 | |
connector-type sfp | |
! | |
device GigaEthernet4 | |
! | |
device GigaEthernet5 | |
! | |
device USB0 | |
shutdown | |
! | |
interface GigaEthernet0.0 | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet1.0 | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet2.0 | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet3.0 | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet4.0 | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet5.0 | |
no ip address | |
shutdown | |
! | |
interface USB-Serial0.0 | |
encapsulation ppp | |
no auto-connect | |
no ip address | |
shutdown | |
! | |
interface GigaEthernet2.1 | |
encapsulation dot1q 101 tpid 8100 | |
auto-connect | |
no ip address | |
ipv6 enable | |
ipv6 dhcp client ngn1 | |
ipv6 filter permit-ipip6 10 in | |
ipv6 filter permit-icmp6 20 in | |
ipv6 filter permit-dhcp6s 30 in | |
ipv6 filter permit-estab 40 in | |
ipv6 filter deny-all 100 in | |
ipv6 filter dyn-ngn1-out 100 out | |
no shutdown | |
! | |
interface GigaEthernet2.2 | |
encapsulation dot1q 102 tpid 8100 | |
auto-connect | |
no ip address | |
ipv6 enable | |
ipv6 dhcp client ngn2 | |
ipv6 traffic-class tos 0 | |
ipv6 filter permit-ipip6 10 in | |
ipv6 filter permit-icmp6 20 in | |
ipv6 filter permit-dhcp6s 30 in | |
ipv6 filter permit-estab 40 in | |
ipv6 filter deny-all 100 in | |
ipv6 filter dyn-ngn2-out 100 out | |
no shutdown | |
! | |
interface GigaEthernet3.1 | |
encapsulation dot1q 103 tpid 8100 | |
auto-connect | |
ip address 192.168.0.1/24 | |
ip dhcp binding lan1 | |
ip filter permit-dhcpc 10 in | |
ip filter permit-dyn-lan1 20 in | |
ip filter deny-all 100 in suppress-logging | |
ip filter permit-dhcps 10 out | |
ip filter permit-icmp 20 out | |
ip filter permit-estab 30 out | |
ip policy route-map ipv4-over-ipv6 | |
ipv6 enable | |
ipv6 dhcp server lan1 | |
ipv6 nd ra enable | |
ipv6 nd ra other-config-flag | |
ipv6 policy route-map ngn | |
no shutdown | |
! | |
interface GigaEthernet3.2 | |
encapsulation dot1q 104 tpid 8100 | |
auto-connect | |
ip address 192.168.1.1/24 | |
ip dhcp binding lan2 | |
ip filter permit-dhcpc 10 in | |
ip filter permit-dyn-lan2 20 in | |
ip filter deny-all 100 in | |
ip filter permit-dhcps 10 out | |
ip filter permit-icmp 20 out | |
ip filter permit-estab 30 out | |
ip policy route-map ipv4-over-ipv6 | |
ipv6 enable | |
ipv6 interface-identifier ${インタフェースID} | |
ipv6 dhcp server lan2 | |
ipv6 nd ra enable | |
ipv6 nd ra other-config-flag | |
ipv6 policy route-map ngn | |
no shutdown | |
! | |
interface Loopback0.0 | |
no ip address | |
! | |
interface Null0.0 | |
no ip address | |
! | |
interface Tunnel0.0 | |
tunnel mode map-e ocn | |
ip address map-e | |
ip tcp adjust-mss auto | |
ip napt enable | |
ip filter deny-from-wan 10 in | |
ip filter permit-icmp 20 in | |
ip filter permit-estab 30 in | |
ip filter deny-to-wan 10 out suppress-logging | |
ip filter permit-dyn-all 100 out | |
no shutdown | |
! | |
interface Tunnel1.0 | |
tunnel mode 4-over-6 | |
tunnel destination ${BRアドレス} | |
tunnel source GigaEthernet3.2 | |
ip address ${IPv4固定アドレス}/32 | |
ip tcp adjust-mss auto | |
ip napt enable | |
ip filter deny-from-wan 10 in | |
ip filter permit-icmp 20 in | |
ip filter permit-estab 30 in | |
ip filter deny-to-wan 10 out suppress-logging | |
ip filter permit-dyn-all 100 out | |
no shutdown | |
! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment