RTX1300でタグVLANを使いつつv6プラスと固定IPを併用する設定 (enひかりクロス)

enひかり(v6プラスと固定IP1)での設定例

初期設定

console character ja.utf8
lan flexible-port lan1=1-8,10 lan2=9
lan linkup send-wait-time lan2 5
no switch control use
ngn type lan2 ntt
schedule at 1 */* 06:00:10 * ntpdate ntp.nict.jp syslog
mail server smtp 1 smtp.gmail.com port=465 smtp-auth mail@example.com password plain smtps

タグVLAN

ip lan1 address 10.10.1.1/24

vlan lan1/1 802.1q vid=10
ip lan1/1 address 10.10.10.1/24

vlan lan1/2 802.1q vid=20
ip lan1/2 address 10.10.20.1/24

vlan lan1/3 802.1q vid=30
ip lan1/3 address 10.10.30.1/24

vlan lan1/4 802.1q vid=40
ip lan1/4 address 10.10.40.1/24

vlan lan1/5 802.1q vid=50
ip lan1/5 address 10.10.50.1/24

ルーティング

ip filter 1 pass 10.10.20.0/24 * * *
ip route default gateway tunnel 2 filter 1 gateway tunnel 1
ipv6 route default gateway dhcp lan2

IPv6

ipv6 lan2 address dhcp-prefix@lan2::1b:5344:8300:0/64
ipv6 lan2 dhcp service client
dns server dhcp lan2

ipv6 prefix 1 dhcp-prefix@lan2::1:0:0:0:1/64
ipv6 lan1/1 address dhcp-prefix@lan2::1:0:0:0:1/64
ipv6 lan1/1 rtadv send 1 o_flag=on
ipv6 lan1/1 dhcp service server

ipv6 prefix 2 dhcp-prefix@lan2::2:0:0:0:1/64
ipv6 lan1/2 address dhcp-prefix@lan2::2:0:0:0:1/64
ipv6 lan1/2 rtadv send 2 o_flag=on
ipv6 lan1/2 dhcp service server

ipv6 prefix 3 dhcp-prefix@lan2::3:0:0:0:1/64
ipv6 lan1/3 address dhcp-prefix@lan2::3:0:0:0:1/64
ipv6 lan1/3 rtadv send 3 o_flag=on
ipv6 lan1/3 dhcp service server

ipv6 prefix 4 dhcp-prefix@lan2::4:0:0:0:1/64
ipv6 lan1/4 address dhcp-prefix@lan2::4:0:0:0:1/64
ipv6 lan1/4 rtadv send 4 o_flag=on
ipv6 lan1/4 dhcp service server

ipv6 prefix 5 dhcp-prefix@lan2::5:0:0:0:1/64
ipv6 lan1/5 address dhcp-prefix@lan2::5:0:0:0:1/64
ipv6 lan1/5 rtadv send 5 o_flag=on
ipv6 lan1/5 dhcp service server

ipv6 prefix 9 dhcp-prefix@lan2::9:0:0:0:1/64
ipv6 lan1 address dhcp-prefix@lan2::9:0:0:0:1/64
ipv6 lan1 rtadv send 9 o_flag=on
ipv6 lan1 dhcp service server

DHCP

dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 10.10.10.100-10.10.10.250/24
dhcp scope 2 10.10.20.100-10.10.20.250/24
dhcp scope 3 10.10.30.100-10.10.30.250/24
dhcp scope 4 10.10.40.100-10.10.40.250/24
dhcp scope 5 10.10.50.100-10.10.50.250/24
dhcp scope 9 10.10.1.100-10.10.1.250/24
dhcp client release linkdown on

トンネルの設定

tunnel select 1
 description tunnel v6Plus
 tunnel encapsulation map-e
 ip tunnel mtu 1460
 ip tunnel secure filter in 200030 200039
 ip tunnel secure filter out 200099 dynamic 100 101 102 103 104 105 106
 ip tunnel nat descriptor 1
 ip tunnel tcp mss limit 1420
 tunnel enable 1

tunnel select 2
 description tunnel kotei
 tunnel encapsulation ipip
 tunnel endpoint address 2404:9200:225:100::65
 ip tunnel mtu 1460
 ip tunnel secure filter in 200039
 ip tunnel secure filter out 200099 dynamic 100 101 102 103 104 105 106
 ip tunnel nat descriptor 2
 ip tunnel tcp mss limit auto
 tunnel enable 2

ip stealth tunnel 1

nat descriptor type 1 masquerade
nat descriptor address outer 1 map-e

nat descriptor type 2 masquerade
nat descriptor address outer 2 192.0.2.0

IPフィルター

こちらを参考に設定: https://network.yamaha.com/setting/router_firewall/ipv6/v6plus#contract

ip filter source-route on
ip filter directed-broadcast on
ipv6 lan2 secure filter in 200030 200031 200038 200039
ipv6 lan2 secure filter out 200099 dynamic 100 101 102 103 104 105 106

ip filter 200030 pass * * icmp * *
ip filter 200039 reject * *
ip filter 200099 pass * * * * *
ipv6 filter 200030 pass * * icmp6 * *
ipv6 filter 200031 pass * * 4
ipv6 filter 200038 pass * * udp * 546
ipv6 filter 200039 reject * *
ipv6 filter 200099 pass * * * * *

ip filter dynamic 100 * * ftp
ip filter dynamic 101 * * www
ip filter dynamic 102 * * domain
ip filter dynamic 103 * * smtp
ip filter dynamic 104 * * pop3
ip filter dynamic 105 * * tcp
ip filter dynamic 106 * * udp
ipv6 filter dynamic 100 * * ftp
ipv6 filter dynamic 101 * * www
ipv6 filter dynamic 102 * * domain
ipv6 filter dynamic 103 * * smtp
ipv6 filter dynamic 104 * * pop3
ipv6 filter dynamic 105 * * tcp
ipv6 filter dynamic 106 * * udp