Open9
NEC UNIVERGE IX をセットアップ
RessIX2106, IX2207, IX2215, IX3110 を触る機会があったためUNIVERGE IXシリーズとしてメモ
- 初期コンフィグ
- 実機演習資料(初級編) ~UNIVERGE IX2215~
- NetMeisterダイナミックDNSサービスを利用しIPv6のNGN網を活用したVPN構築手順
参考ブログ
Ress基本設定
DHCPv6-PD/IPv6 RA 自動判別
ip ufs-cache max-entries 20000
ip ufs-cache enable
ip dhcp enable
!
ipv6 ufs-cache max-entries 10000
ipv6 ufs-cache enable
ipv6 cache-size 8192
ipv6 dhcp enable
ipv6 access-list block-list deny ip src any dest any
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547
ipv6 access-list icmpv6-list permit icmp src any dest any
ipv6 access-list other-list permit ip src any dest any
ipv6 access-list dynamic cache 65535
ipv6 access-list dynamic dflt-list access other-list
!
ipv6 name-server 2001:4860:4860::8888
ipv6 name-server 2606:4700:4700::1111
ip name-server 8.8.8.8
ip name-server 1.1.1.1
dns cache enable
dns cache max-records 256
!
proxy-dns ip enable
proxy-dns ip request both
proxy-dns interface GigaEthernet0.0 priority 200
proxy-dns ipv6 enable
proxy-dns ipv6 request both
!
ip dhcp profile dhcpv4-sv
assignable-range 192.168.10.100 192.168.10.200
subnet-mask 255.255.255.0
default-gateway 192.168.10.254
dns-server 192.168.10.254
lease-time 86400
!
ipv6 dhcp client-profile dhcpv6-cl
option-request dns-servers
ia-pd subscriber GigaEthernet2.0 ::/64 eui-64
!
ipv6 dhcp server-profile dhcpv6-sv
dns-server autoconfig
!
interface GigaEthernet0.0
description WAN
no ip address
ipv6 enable
ipv6 autoselect enable
ipv6 autoselect ra-delay 0
ipv6 dhcp client dhcpv6-cl
ipv6 traffic-class tos 0
ipv6 nd proxy GigaEthernet2.0
ipv6 filter dhcpv6-list 1 in
ipv6 filter icmpv6-list 2 in
ipv6 filter block-list 100 in
ipv6 filter dhcpv6-list 1 out
ipv6 filter icmpv6-list 2 out
ipv6 filter dflt-list 100 out
no shutdown
!
interface GigaEthernet2.0
description LAN
ip address 192.168.10.254/24
ip dhcp binding dhcpv4-sv
ipv6 enable
ipv6 dhcp server dhcpv6-sv
ipv6 nd ra enable
ipv6 nd ra other-config-flag
no shutdown
IPv4
v6 プラス (MAP-E 方式)
interface Tunnel0.0
description IPoE
tunnel mode map-e
ip address map-e
ip tcp adjust-mss auto
ip napt enable
no shutdown
OCN バーチャルコネクト (MAP-E 方式)
interface Tunnel0.0
description IPoE
tunnel mode map-e ocn
ip address map-e
ip tcp adjust-mss auto
ip napt enable
no shutdown
DS-Lite
AFTR-DOMAINNAME については下記記事参考
no dns fqdn-database roundrobin
interface Tunnel0.0
description IPoE
tunnel mode 4-over-6
tunnel destination fqdn AFTR-DOMAINNAME
tunnel source GigaEthernet2.0
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
no shutdown
PPPoE
例に使ってる PPPoE アカウント: 新型コロナ対策のためソフトイーサ社のフレッツ用 PPPoE 実験用アクセスポイントをテレワーク用に無償開放
ppp profile internet
authentication myname open@open.ad.jp
authentication password open@open.ad.jp open
interface GigaEthernet0.1
description PPPoE
encapsulation pppoe
auto-connect
ppp binding internet
ip address ipcp
ip tcp adjust-mss auto
ip napt enable
no shutdown
デフォルトでIPoE(Tunnel0.0)を使用するが問題があった場合はPPPoE(GigaEthernet0.1)を使用する
ip route default Tunnel0.0 distance 20
ip route default GigaEthernet0.1 distance 200
NTP
DHCPv6から自動取得
ntp server dhcpv6
ntp retry 10
ntp interval 3600
Web 管理画面
service ssl-protocol tls1.2-and-later
http-server protocol https
http-server authentication-method digest
http-server username [アカウント名] password [パスワード]
http-server ip enableNetMeister
nm ipv6 enable ngn-private auto mqtt force
nm account [グループID] password plain [パスワード]
nm sitename [拠点名]
nm ddns hostname [ホスト名]
nm ddns notify interface GigaEthernet0.1 protocol ip
nm ddns notify interface GigaEthernet2.0 protocol ipv6
nm logging enable
ポート解放
interface GigaEthernet0.1
ip napt static 192.168.10.1 tcp 443
ip napt static 192.168.10.1 udp 51820
ローカルIP固定
ip dhcp profile dhcpv4-sv
fixed-assignment 192.168.10.1 90:9a:4a:37:6e:8c
fixed-assignment 192.168.10.253 24:5e:be:66:90:16