ip route 0.0.0.0 0.0.0.0 pppoe 1 ip route 172.17.0.0 255.255.0.0 connected ipsecif 1 access-list 101 permit tcp any any eq telnet access-list 102 permit tcp any any eq www access-list 103 permit tcp any any eq ftp access-list 103 permit tcp any any eq ftp-data vpn enable vpnlog enable ipsec access-list 1 ipsec ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255 ipsec access-list 64 bypass ip any any ipsec transform-set t1 esp-null hostname Router_A interface ipsecif 1 qos output bandwidth 100M priq qos-que priq default-que priority 0 default qos-que priq high-que priority 7 qos-que priq low-que priority 1 qos-que priq middle-que priority 3 service-policy output policy1 crypto map map1 exit interface lan 1 ip address 172.16.0.1 255.255.0.0 exit interface pppoe 1 ip address 192.0.2.1 ip nat inside source list 1 interface pppoe server test1 pppoe account ********@***.***.ne.jp ****** pppoe type lan exit crypto isakmp policy 1 authentication prekey encryption aes 256 hash sha key ascii furukawa lifetime 86400 my-identity kyoten1 negotiation-mode aggressive peer-identity address 192.0.2.129 exit crypto map map1 1 match address 1 set peer address 192.0.2.129 set security-association lifetime seconds 28800 set transform-set t1 anti-replay disable exit class-map low-class match ip access-group 103 exit class-map high-class match ip access-group 101 exit class-map middle-class match ip access-group 102 exit action-map low-action set queuing low-que exit action-map high-action set queuing high-que exit action-map middle-action set queuing middle-que exit policy-map policy1 class high-class action high-action class middle-class action middle-action class low-class action low-action exit end
ip route 0.0.0.0 0.0.0.0 pppoe 1 ip route 172.16.0.0 255.255.0.0 connected ipsecif 1 access-list 101 permit tcp any any eq telnet access-list 102 permit tcp any any eq www access-list 103 permit tcp any any eq ftp access-list 103 permit tcp any any eq ftp-data vpn enable vpnlog enable ipsec access-list 1 ipsec ip 172.17.0.0 0.0.255.255 172.16.0.0 0.0.255.255 ipsec access-list 64 bypass ip any any ipsec transform-set t1 esp-null hostname Router_B interface pppoe 1 ip address 192.0.2.129 ip nat inside source list 1 interface pppoe server test1 pppoe account ********@***.***.ne.jp ****** pppoe type lan exit interface ipsecif 1 qos output bandwidth 100M priq qos-que priq default-que priority 0 default qos-que priq high-que priority 7 qos-que priq low-que priority 1 qos-que priq middle-que priority 3 service-policy output policy1 crypto map map1 exit interface lan 1 ip address 172.17.0.2 255.255.0.0 exit crypto isakmp policy 1 authentication prekey encryption aes 256 hash sha key ascii furukawa lifetime 86400 negotiation-mode main peer-identity host kyoten1 exit crypto map map1 1 match address 1 set peer host kyoten1 set security-association lifetime seconds 28800 set transform-set t1 anti-replay disable exit class-map low-class match ip access-group 103 exit class-map high-class match ip access-group 101 exit class-map middle-class match ip access-group 102 exit action-map low-action set queuing low-que exit action-map high-action set queuing high-que exit action-map middle-action set queuing middle-que exit policy-map policy1 class high-class action high-action class middle-class action middle-action class low-class action low-action exit end
設定内容 | 画面表示例 |
---|---|
特権ユーザモードへの移行 パスワードの入力 設定情報の初期化 設定モードの変更 設定入力 設定保存 装置再起動 |
Router>enable Enter password: Router# Router#clear working.cfg Router# Router#configure terminal Router(config)#ip route 0.0.0.0 0.0.0.0 pppoe 1 Router(config)#ip route 172.17.0.0 255.255.0.0 connected ipsecif 1 Router(config)#access-list 101 permit tcp any any eq telnet Router(config)#access-list 102 permit tcp any any eq www Router(config)#access-list 103 permit tcp any any eq ftp Router(config)#access-list 103 permit tcp any any eq ftp-data Router(config)#vpn enable Router(config)#vpnlog enable Router(config)#ipsec access-list 1 ipsec ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255 Router(config)#ipsec access-list 64 bypass ip any any Router(config)#ipsec transform-set t1 esp-null Router(config)#hostname Router_A Router_A(config)#interface ipsecif 1 Router_A(config-if ipsecif 1)# qos output bandwidth 100M priq Router_A(config-if ipsecif 1)# qos-que priq default-que priority 0 default Router_A(config-if ipsecif 1)# qos-que priq high-que priority 7 Router_A(config-if ipsecif 1)# qos-que priq low-que priority 1 Router_A(config-if ipsecif 1)# qos-que priq middle-que priority 3 Router_A(config-if ipsecif 1)# service-policy output policy1 Router_A(config-if ipsecif 1)# crypto map map1 Router_A(config-if ipsecif 1)#exit Router_A(config)#interface lan 1 Router_A(config-if lan 1)# ip address 172.16.0.1 255.255.0.0 Router_A(config-if lan 1)#exit Router_A(config)#interface pppoe 1 Router_A(config-if pppoe 1)# ip address 192.0.2.1 Router_A(config-if pppoe 1)# ip nat inside source list 1 interface Router_A(config-if pppoe 1)# pppoe server test1 Router_A(config-if pppoe 1)# pppoe account ********@***.***.ne.jp ****** Router_A(config-if pppoe 1)# pppoe type lan Router_A(config-if pppoe 1)#exit Router_A(config)#crypto isakmp policy 1 Router_A(config-isakmp)# authentication prekey Router_A(config-isakmp)# encryption aes 256 Router_A(config-isakmp)# hash sha Router_A(config-isakmp)# key ascii furukawa Router_A(config-isakmp)# lifetime 86400 Router_A(config-isakmp)# my-identity kyoten1 Router_A(config-isakmp)# negotiation-mode aggressive Router_A(config-isakmp)# peer-identity address 192.0.2.129 Router_A(config-isakmp)#exit Router_A(config)#crypto map map1 1 Router_A(config-crypto-map)# match address 1 Router_A(config-crypto-map)# set peer address 192.0.2.129 Router_A(config-crypto-map)# set security-association lifetime seconds 28800 Router_A(config-crypto-map)# set transform-set t1 Router_A(config-crypto-map)# anti-replay disable Router_A(config-crypto-map)#exit Router_A(config)#class-map low-class Router_A(config-class-map)# match ip access-group 103 Router_A(config-class-map)#exit Router_A(config)#class-map high-class Router_A(config-class-map)# match ip access-group 101 Router_A(config-class-map)#exit Router_A(config)#class-map middle-class Router_A(config-class-map)# match ip access-group 102 Router_A(config-class-map)#exit Router_A(config)#action-map low-action Router_A(config-action-map)# set queuing low-que Router_A(config-action-map)#exit Router_A(config)#action-map high-action Router_A(config-action-map)# set queuing high-que Router_A(config-action-map)#exit Router_A(config)#action-map middle-action Router_A(config-action-map)# set queuing middle-que Router_A(config-action-map)#exit Router_A(config)#policy-map policy1 Router_A(config-policy-map)# class high-class action high-action Router_A(config-policy-map)# class middle-class action middle-action Router_A(config-policy-map)# class low-class action low-action Router_A(config-policy-map)#exit Router_A(config)# Router_A(config)#end Router_A# Router_A#save SIDE-A % saving working-config % finished saving Router_A#reset Going to reset with SIDE-A.frm and SIDE-A Boot-back not scheduled for next boot. Next rebooting firmware SIDE-A.frm is fine. Are you OK to cold start?(y/n)y |
設定内容 | 画面表示例 |
---|---|
特権ユーザモードへの移行 パスワードの入力 設定情報の初期化 設定モードの変更 設定入力 設定保存 装置再起動 |
Router>enable Enter password: Router# Router#clear working.cfg Router# Router#configure terminal Router(config)#ip route 0.0.0.0 0.0.0.0 192.0.2.130 Router(config)#ip route 172.16.0.0 255.255.0.0 connected ipsecif 1 Router(config)#access-list 101 permit tcp any any eq telnet Router(config)#access-list 102 permit tcp any any eq www Router(config)#access-list 103 permit tcp any any eq ftp Router(config)#access-list 103 permit tcp any any eq ftp-data Router(config)#vpn enable Router(config)#vpnlog enable Router(config)#ipsec access-list 1 ipsec ip 172.17.0.0 0.0.255.255 172.16.0.0 0.0.255.255 Router(config)#ipsec access-list 64 bypass ip any any Router(config)#ipsec transform-set t1 esp-null Router(config)#hostname Router_B Router_B(config)#interface pppoe 1 Router_B(config-if pppoe 1)# ip address 192.0.2.129 Router_B(config-if pppoe 1)# ip nat inside source list 1 interface Router_B(config-if pppoe 1)# pppoe server test1 Router_B(config-if pppoe 1)# pppoe account ********@***.***.ne.jp ****** Router_B(config-if pppoe 1)# pppoe type lan Router_B(config-if pppoe 1)#exit Router_B(config)#interface ipsecif 1 Router_B(config-if ipsecif 1)# qos output bandwidth 100M priq Router_B(config-if ipsecif 1)# qos-que priq default-que priority 0 default Router_B(config-if ipsecif 1)# qos-que priq high-que priority 7 Router_B(config-if ipsecif 1)# qos-que priq low-que priority 1 Router_B(config-if ipsecif 1)# qos-que priq middle-que priority 3 Router_B(config-if ipsecif 1)# service-policy output policy1 Router_B(config-if ipsecif 1)# crypto map map1 Router_B(config-if ipsecif 1)#exit Router_B(config)#interface lan 1 Router_B(config-if lan 1)# ip address 172.17.0.2 255.255.0.0 Router_B(config-if lan 1)#exit Router_B(config)#crypto isakmp policy 1 Router_B(config-isakmp)# authentication prekey Router_B(config-isakmp)# encryption aes 256 Router_B(config-isakmp)# hash sha Router_B(config-isakmp)# key ascii furukawa Router_B(config-isakmp)# lifetime 86400 Router_B(config-isakmp)# negotiation-mode main Router_B(config-isakmp)# peer-identity host kyoten1 Router_B(config-isakmp)#exit Router_B(config)#crypto map map1 1 Router_B(config-crypto-map)# match address 1 Router_B(config-crypto-map)# set peer host kyoten1 Router_B(config-crypto-map)# set security-association lifetime seconds 28800 Router_B(config-crypto-map)# set transform-set t1 Router_B(config-crypto-map)# anti-replay disable Router_B(config-crypto-map)#exit Router_B(config)#class-map low-class Router_B(config-class-map)# match ip access-group 103 Router_B(config-class-map)#exit Router_B(config)#class-map high-class Router_B(config-class-map)# match ip access-group 101 Router_B(config-class-map)#exit Router_B(config)#class-map middle-class Router_B(config-class-map)# match ip access-group 102 Router_B(config-class-map)#exit Router_B(config)#action-map low-action Router_B(config-action-map)# set queuing low-que Router_B(config-action-map)#exit Router_B(config)#action-map high-action Router_B(config-action-map)# set queuing high-que Router_B(config-action-map)#exit Router_B(config)#action-map middle-action Router_B(config-action-map)# set queuing middle-que Router_B(config-action-map)#exit Router_B(config)#policy-map policy1 Router_B(config-policy-map)# class high-class action high-action Router_B(config-policy-map)# class middle-class action middle-action Router_B(config-policy-map)# class low-class action low-action Router_B(config-policy-map)#exit Router_B(config)# Router_B(config)#end Router_B# Router_B#save SIDE-A % saving working-config % finished saving Router_B#reset Going to reset with SIDE-A.frm and SIDE-A Boot-back not scheduled for next boot. Next rebooting firmware SIDE-A.frm is fine. Are you OK to cold start?(y/n)y |
アクセスリストを確認します。
確認内容 | 画面表示例 |
---|---|
アクセスリスト情報を表示 設定が正しいことを確認 設定が正しいことを確認 設定が正しいことを確認 |
Router_A#show access-lists Extended IP access list 101 permit tcp any any eq telnet Extended IP access list 102 permit tcp any any eq www Extended IP access list 103 permit tcp any any eq ftp permit tcp any any eq ftp-data |
キューイング状況を確認します。
確認内容 | 画面表示例 |
---|---|
キューの統計情報を表示 high-que のパケット数がカウントされていることを確認 |
Router_A#show qos queuing interface : ipsecif 1 queuing type : PRIQ queuing-name default-que (default que) priority : 0 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name low-que priority : 1 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name middle-que priority : 3 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name high-que priority : 7 queue length/limit : 0/50 sent/drop packets: packets : 54/0 bytes : 2287/0 period cnt : 54 |
確認内容 | 画面表示例 |
---|---|
キューの統計情報を表示 middle-que のパケット数がカウントされていることを確認 |
Router_A#show qos queuing interface : ipsecif 1 queuing type : PRIQ queuing-name default-que (default que) priority : 0 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name low-que priority : 1 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name middle-que priority : 3 queue length/limit : 0/50 sent/drop packets: packets : 42/0 bytes : 11863/0 period cnt : 34 queuing-name high-que priority : 7 queue length/limit : 0/50 sent/drop packets: packets : 54/0 bytes : 2287/0 period cnt : 54 |
確認内容 | 画面表示例 |
---|---|
キューの統計情報を表示 low-que のパケット数がカウントされていることを確認 |
Router_A#show qos queuing interface : ipsecif 1 queuing type : PRIQ queuing-name default-que (default que) priority : 0 queue length/limit : 0/50 sent/drop packets: packets : 0/0 bytes : 0/0 period cnt : 0 queuing-name low-que priority : 1 queue length/limit : 0/50 sent/drop packets: packets : 18/0 bytes : 834/0 period cnt : 18 queuing-name middle-que priority : 3 queue length/limit : 0/50 sent/drop packets: packets : 42/0 bytes : 11863/0 period cnt : 38 queuing-name high-que priority : 7 queue length/limit : 0/50 sent/drop packets: packets : 54/0 bytes : 2287/0 period cnt : 54 |