UNIVERGE IX2015設定ファイル - 千篇一律備忘録

ヤフオクで安く手に入る高性能な有線ルータ。
ショートパケットに強く、ゲームやP2Pに適していると思われます。何より業務用のルータですから、家庭用のルータとは安定性が違います。ザクとは違（ｒｙな気分に浸れること請け合いです。

ところがこのルータ、全然素人にやさしくありません。Webから設定なんてできません。設定ファイルを自分で書かなくてはいけませんし、はじめて設定するときは、コンソールケーブルというものが必要になります。

LANケーブルを改造して、232Cコネクタにはんだ付けすれば自作できますが、それにしてもなかなか敷居が高いルータであることに違いはありません。

そんなこんなで設定ファイル

hostname ix2015
timezone +09 00
syslog ip host 192.168.1.200
username admin password hash xxxxxxxxxxxxxxxx administrator
ntp ip enable
ntp server 210.171.226.40
ntp server 210.173.160.57
ntp server 210.173.160.87
ntp interval 3600
ip route default FastEthernet0/0.2
ip dhcp enable
ip ufs-cache max-entries 20000
ip ufs-cache enable
ip access-list all-forward permit ip src any dest any
ip access-list management permit ip src 192.168.11.0/24 dest any
ip access-list nbt-block deny tcp src any sport any dest any dport range 137 139
ip access-list nbt-block deny udp src any sport any dest any dport range 137 139
ip access-list nbt-block deny tcp src any sport any dest any dport eq 445
ip access-list nbt-block deny udp src any sport any dest any dport eq 445
ip access-list specialuse deny ip src 0.0.0.0/8 dest any
ip access-list specialuse deny ip src 10.0.0.0/8 dest any
ip access-list specialuse deny ip src 172.16.0.0/12 dest any
ip access-list specialuse deny ip src 192.168.0.0/16 dest any
ip access-list specialuse deny ip src 127.0.0.0/8 dest any
ip access-list specialuse deny ip src 169.254.0.0/16 dest any
ip access-list specialuse deny ip src 192.0.2.0/24 dest any
ip access-list specialuse deny ip src 224.0.0.0/3 dest any
ip access-list lan0 permit ip src 192.168.1.1/24 dest any
ip access-list lan1 permit ip src 192.168.11.1/24 dest any
route-map map0 permit 10
match ip address access-list lan1
set interface FastEthernet0/0.2
exit
route-map map0 permit 20
match ip address access-list lan0
set interface FastEthernet0/0.1
exit
snmp-agent ip enable
snmp-agent ip community public management
dns cache enable
proxy-dns ip enable
proxy-dns ip query-interval 1
proxy-dns interface FastEthernet0/0.2 priority 100
proxy-dns interface FastEthernet0/0.1 priority 200
telnet-server ip enable
telnet-server ip access-list management
http-server ip enable
http-server username admin
http-server ip access-list management
ppp profile isp0
authentication myname userid1@pppoe-userid.net
authentication password userid1@pppoe-userid.net passwd
ppp profile isp1
authentication myname userid2@pppoe-userid.net
authentication password userid2@pppoe-userid.net passwd
ip dhcp profile dhcp_0
assignable-range 192.168.1.51 192.168.1.98
subnet-mask 255.255.255.0
dns-server 192.168.1.1
ip dhcp profile dhcp_1
assignable-range 192.168.11.51 192.168.11.98
subnet-mask 255.255.255.0
dns-server 192.168.11.1
device FastEthernet0/0
device FastEthernet0/1
device FastEthernet1/0
device BRI1/0
interface FastEthernet0/0.0
no ip address
no shutdown
interface FastEthernet0/1.0
description LOCAL-NET0
ip address 192.168.1.1/24
ip policy route-map map0
ip dhcp binding dhcp_0
no shutdown
interface FastEthernet1/0.0
description LOCAL-NET1
ip address 192.168.11.1/24
ip policy route-map map0
ip dhcp binding dhcp_1
no shutdown
interface BRI1/0.0
no auto-connect
no ip address
shutdown
interface FastEthernet0/0.1
description PPPoE_ISP0
encapsulation pppoe
no auto-connect
ppp binding isp0
ip address ipcp
ip mtu 1454
ip tcp adjust-mss 1414
ip napt enable
ip napt translation max-entries 30000
ip filter nbt-block 10 in
ip filter specialuse 20 in
ip filter all-forward 65000 in
ip filter nbt-block 10 out
ip filter all-forward 65000 out
no shutdown
interface FastEthernet0/0.2
description PPPoE_ISP1
encapsulation pppoe
auto-connect
ppp binding isp1
ip address ipcp
ip mtu 1454
ip tcp adjust-mss 1414
ip napt enable
ip napt translation max-entries 30000
ip napt service www 192.168.11.100 none tcp 80
ip napt service ftp 192.168.11.100 none tcp 20-21
ip filter nbt-block 10 in
ip filter specialuse 20 in
ip filter all-forward 65000 in
ip filter nbt-block 10 out
ip filter all-forward 65000 out
no shutdown
interface Loopback0.0
no ip address
interface Null0.0
no ip address
exit