先日買ったスイッチングハブの設定をしたので、メモ。といってもvlan1にip振ってtelnetでアクセス出来るようにしただけだけど。。この上にルータつないでます。
[H3C]dis current-configuration
#
sysname H3C
#
radius scheme system
#
domain system
#
local-user arkey22
password cipher xxxxxxxxx
service-type ssh telnet terminal
level 3
#
vlan 1
#
interface Vlan-interface1
ip address 10.0.0.254 255.255.255.0
#LOCCFG. MUST NOT DELETE
#
ntp-service unicast-server 10.0.0.1
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#TOPOLOGYCFG. MUST NOT DELETE
#GLBCFG. MUST NOT DELETE
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
set authentication password cipher xxxxxxx
#
月: 2014年3月
S5100-24P-EI
ギガビット対応のスイッチングハブを買いました。H3CのS5100-24P-EIです。いわゆるインテリジェントスイッチというやつで、VLANとかLACPに対応してるのです。1000円だったので、オトクでした。2006年の品物ですが業務用なので、定価は20万くらいカナァ。ファンがうるさかったので、筐体をあけて電源ケーブル引っこ抜いて止めました。夏になる前に冷却対策が必要かも。しかし、これを買ったのはいいのだけれど、PC側のNICがギガビットに対応してなかったというオチです。なので、速度を測ってもFastEtherなのです。。。
syslog用に上げてるサーバ(10.0.0.50)とメインで使ってるPC(10.0.0.8)で通信速度を測ってみました。
90Mbpsと、まぁFEですね…。NICを買わねばー。
$ iperf -c 10.0.0.50
————————————————————
Client connecting to 10.0.0.50, TCP port 5001
TCP window size: 129 KByte (default)
————————————————————
[ 4] local 10.0.0.8 port 64546 connected with 10.0.0.50 port 5001
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.2 sec 106 MBytes 87.0 Mbits/sec
$ iperf -s
————————————————————
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
————————————————————
[ 4] local 10.0.0.8 port 5001 connected with 10.0.0.50 port 49367
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 107 MBytes 89.5 Mbits/sec
Cisco 1812J config(pppoe, vpn)
保管しておいたcisco 1812Jのconfigが吹っ飛んだので、ここに記録しておくことにする。
PPPoEとVPNの設定。XXXとなってる場所は隠し。
無駄にDDNS updateしてたりするけど気にしない方向で…
#3/18 ACLの辺りを変更。VPNでちゃんと繋がるようにした。
aaa new-model
!
!
aaa authentication login userauth local
aaa authorization network groupauth local
!
!
aaa session-id common
clock timezone JST 9
!
!
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.50
ip dhcp excluded-address 10.0.0.150
!
ip dhcp pool LAN
network 10.0.0.0 255.255.255.0
dns-server 10.0.0.1
default-router 10.0.0.1
!
ip dhcp pool server
host 10.0.0.50 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
ip dhcp pool MAC
host 10.0.0.100 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
ip dhcp pool NAS
host 10.0.0.150 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xxxx
default-router 10.0.0.1
lease infinite
!
no ip bootp server
ip host Router 10.0.0.1
ip inspect alert-off
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC icmp
ip ddns update method xxxxx
HTTP
add http://mydnsxxxx:xxxxx@www.mydns.jp/login.html
interval maximum 1 0 0 0
!
!
ipv6 unicast-routing
multilink bundle-name authenticated
!
!
username xxxxxx password 0 xxxxxx
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key xxxxx
dns 10.0.0.1
pool ezvpn-pool
acl 100
save-password
crypto isakmp profile vpnclient-profile
match identity group vpnclient
client authentication list userauth
isakmp authorization list groupauth
client configuration address respond
!
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set vpnset
set isakmp-profile vpnclient-profile
reverse-route
!
!
crypto map ezvpnmap 1 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
ip ftp username xxxxxx
ip ftp password xxxxxx
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
ip ddns update hostname xxxxxx.mydns.jp
ip ddns update xxxxxx
no ip address
ip verify unicast reverse-path
duplex auto
speed auto
pppoe enable group global
ipv6 address autoconfig
ipv6 enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1414
!
interface Dialer0
mtu 1454
ip ddns update hostname xxxxxxx.mydns.jp
ip ddns update xxxxxx
ip address negotiated
ip flow ingress
ip flow egress
ip nat outside
ip inspect CBAC out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxxx@one.ocn.ne.jp
ppp chap password 0 xxxxx
ppp ipcp dns request accept
crypto map ezvpnmap
!
ip local pool ezvpn-pool 192.168.100.1 192.168.100.20
ip default-gateway 10.0.0.1
no ip forward-protocol nd
ip forward-protocol udp echo
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat translation timeout 180
ip nat inside source static tcp 10.0.0.100 5001 interface Dialer0 5001
ip nat inside source static tcp 10.0.0.50 4181 interface Dialer0 4181
ip nat inside source static tcp 10.0.0.50 1723 interface Dialer0 1723
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
deny ip 10.0.0.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended TELNET
permit ip 10.0.0.0 0.255.255.255 any
permit ip 172.16.0.0 0.0.255.255 any
permit ip 192.168.0.0 0.0.255.255 any
!
logging facility local0
logging source-interface FastEthernet0
logging xxx.xxx.xxx.xxx
logging 10.0.0.50
access-list 100 deny ip 10.0.0.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
access-class TELNET in
exec-timeout 360 0
privilege level 15
password xxxxxx
logging synchronous
transport input telnet
!
scheduler allocate 3000 1000
ntp logging
ntp clock-period 17180064
ntp update-calendar
ntp server xxx.xxx.xxx.xxx
event manager applet ddns
event timer cron name “ddns-batch” cron-entry “0 0 * * *”
action 1.0 syslog msg “# DDNS Update Begin”
action 2.0 cli command “enable”
action 3.0 cli command “copy ftp://mydnsxxxxxx:xxxxxxxxx@www.mydns.jp/login.html null:”
action 4.0 cli command “exit”
action 5.0 syslog msg “# DDNS Update End”
!
end