next up previous contents
Nächste Seite: D. Inhalt der CD-ROM Aufwärts: Part : Anhang Vorherige Seite: B. Hardware-Spezifikationen   Inhalt

Unterabschnitte

C. Konfiguration


1 Linux Kernel 

        
#
# Networking options
#
CONFIG_PACKET=m
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK_DEV=m
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_FILTER=y
# CONFIG_NET_NEIGH_DEBUG is not set
CONFIG_NET_RESTRICTED_REUSE=y
CONFIG_UNIX=m
CONFIG_INET=y
# CONFIG_IPSEC is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_INET_ECN is not set
CONFIG_SYN_COOKIES=y
CONFIG_IPV4_IPSEC_TUNNEL=y

#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
CONFIG_IPV6=m
# CONFIG_IPV6_DEBUG is not set
CONFIG_IPV6_IM=y
CONFIG_IPV6_MODULE_IP_GRE=y
# CONFIG_IPV6_ZONE is not set
CONFIG_IPV6_DROP_FAKE_V4MAPPED=y
CONFIG_IPV6_RESTRICTED_DOUBLE_BIND=y
# CONFIG_IPV6_6TO4_NEXTHOP is not set
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ANYCAST=y
CONFIG_IPV6_ANYCAST_GROUP=y
CONFIG_IPV6_ISATAP=y
# CONFIG_IPV6_PREFIXLIST is not set
# CONFIG_IPV6_SUBTREES is not set
# CONFIG_IPV6_MLD6_ALL_DONE is not set
CONFIG_IPV6_NODEINFO=y
# CONFIG_IPV6_NODEINFO_USE_UTS_DOMAIN is not set

#
#   IPv6: Netfilter Configuration
#
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IPV6_IPSEC_TUNNEL=y
# CONFIG_IPV6_IPV6_TUNNEL is not set


2 Cisco 2611XM Konfigurationen


1 Basisversuch Routing 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC0::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC0::/64
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
ip http server
ip classless
!
no cdp run
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


2 RIPng 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address FEC0::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC0::/64
 ipv6 rip ripng enable
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 ipv6 rip ripng enable
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
ip http server
ip classless
!
!
no cdp run
ipv6 router rip ripng
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


3 OSPFv3 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address FEC0::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC0::/64
 ipv6 ospf hello-interval 5
 ipv6 ospf dead-interval 60
 ipv6 ospf 1 area 0
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
ip http server
ip classless
!
no cdp run
ipv6 router ospf 1
 log-adjacency-changes
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


4 IS-IS 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address FEC0::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC0::/64
 ipv6 router isis e423
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
router isis e423
 net 04.0002.0000.0000.0003.00
!
ip http server
ip classless
!
no cdp run
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


5 Tunneling 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface Tunnel0
 no ip address
 ipv6 address FEC0::2/64
 ipv6 rip ripng enable
 tunnel source FastEthernet0/1
 tunnel destination 10.0.4.2
 tunnel mode ipv6ip
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
ip http server
ip classless
!
no cdp run
ipv6 router rip ripng
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


6 Dynamic NAT-PT 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 nat
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nat
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
ip http server
ip classless
!
!
no cdp run
ipv6 nat v4v6 source 10.0.1.30 FEC3::1
ipv6 nat v6v4 source list v6list pool v4pool
ipv6 nat v6v4 pool v4pool 10.0.99.100 10.0.99.200 prefix-length 24
ipv6 nat prefix FEC3::/96
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


7 Access Lists 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 ip access-group 100 in
 duplex auto
 speed auto
 ipv6 address FEC2::/64 eui-64
 ipv6 enable
 ipv6 traffic-filter list0 in
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC2::/64
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FEC1::/64 eui-64
 ipv6 enable
 ipv6 traffic-filter list1 out
 ipv6 nd ra-interval 10
 ipv6 nd prefix FEC1::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
ip http server
ip classless
!
no cdp run
ipv6 route FEC1::/64 FastEthernet0/1
!
!
!
ipv6 access-list list0
 permit ipv6 FEC2::/64 any log
!
ipv6 access-list list1
 deny tcp any any eq www log time-range vormittag
 deny tcp any any eq www log time-range nachmittag
 permit tcp any any eq www log
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
time-range nachmittag
 periodic weekdays 13:00 to 17:30
!
time-range vormittag
 periodic weekdays 7:00 to 12:00
!
end


8 Anbindung an den 6Bone 

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
enable secret 5 $1$3AKL$nRmZntHFQ2tB9hFsIJ3Kg0
enable password cisco
!
ip subnet-zero
!
ipv6 unicast-routing
mpls ldp logging neighbor-changes
!
no voice hpi capture buffer
no voice hpi capture destination 
!
interface FastEthernet0/0
 ip address 10.0.1.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address autoconfig
 ipv6 enable
 no cdp enable
!
interface Serial0/0
 no ip address
 shutdown
 no fair-queue
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address 3FFE:BC0:593:2::/64 eui-64
 ipv6 enable
 ipv6 nd ra-interval 10
 ipv6 nd prefix 3FFE:BC0:593:2::/64
 no cdp enable
!
interface Serial0/1
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/2
 no ip address
 shutdown
 no cdp enable
!
interface Serial0/3
 no ip address
 shutdown
 no cdp enable
!
ip http server
ip classless
!
no cdp run
!
line con 0
 password geheim
line aux 0
line vty 0 4
 password geheim
 login
!
end


Beat Graf / Daniel Werner