华为防火墙-管理配置
1.使用eNSP拓撲圖搭建以下拓撲圖,并按如下要求規劃IP地址(其中X為自己學號的后兩位)
2.通過Console口登陸
(1)通過Console口登錄USG防火墻
3.啟動SSH服務
(4)配置VTY用戶界面
(5)配置SSH登陸接口
(6)在路由器上SSH登陸防火墻測試配置是否成功,測試結果截圖
4.通過WEB方式登陸設備
Note:缺省情況下,設備的GE0/0/0的IP地址是192.168.0.1,并開啟HTTPS管理。用戶可以通過用戶名admin,密碼Admin@123登錄。
(1)配置管理PC的IP地址為192.168.0.10/24。
(2)管理PC通過瀏覽器訪問https://192.168.0.1:8443,輸入用戶名admin,密碼Admin@123,檢查是否可以登錄設備。如果成功登錄則表示配置成功,否則請檢查配置。
(3)修改缺省管理員賬號的密碼后,單擊“確定”,進入Web界面。
防火墻管理配置詳細步驟
1.使用eNSP拓撲圖搭建以下拓撲圖,并按如下要求規劃IP地址(其中X為自己學號的后兩位)
2.Console口配置
(1)通過Console口登錄USG防火墻
??
?
?
(2)配置USG的設置名稱和時間等
<USG6000V1>system
[USG6000V1]sysname yinsl_USG
[yinsl_USG]quit
<yinsl_USG>clock timezone UTC add 8
<yinsl_USG>clock datetime 17:26:00 2019-3-9
<yinsl_USG>display clock
2019-03-09 17:26:07+08:00
Saturday
Time Zone(UTC) : UTC+08:00
?
3.啟動SSH服務
a.在接口上啟用SSH服務并加入Trust安全區域
[yinsl_USG]interface GigabitEthernet 1/0/0 ????//配置SSH登陸接口
[yinsl_USG-GigabitEthernet1/0/0]ip address 10.0.0.1 24
[yinsl_USG-GigabitEthernet1/0/0]service-manage enable
[yinsl_USG-GigabitEthernet1/0/0]service-manage ssh permit
[yinsl_USG-GigabitEthernet1/0/0]quit
[yinsl_USG]firewall zone trust
[yinsl_USG-zone-trust]add interface g 1/0/0
[yinsl_USG-zone-trust]quit
b.配置驗證方式位AAA
[yinsl_USG]user-interface vty 0 4 ????[yinsl_USG-ui-vty0-4]authentication-mode aaa
[yinsl_USG-ui-vty0-4]user privilege level 15
[yinsl_USG-ui-vty0-4]protocol inbound ssh
[yinsl_USG-ui-vty0-4]quit
c.創建SSH管理員賬號
[yinsl_USG]aaa ?//創建SSH管理員賬號:yinsl + huawei@123
[yinsl_USG-aaa]manager-user yinsl ??
[yinsl_USG-aaa-manager-user-yinsl]service-type ssh
[yinsl_USG-aaa-manager-user-yinsl]password
Enter Password: ??
Confirm Password:
[yinsl_USG-aaa-manager-user-yinsl]quit
[FW-aaa] bind manager-user ysl?role system-admin
[FW-aaa] quit
d.生產本地密鑰對并啟用SSH服務
[yinsl_USG]rsa local-key-pair create ???//生成本地密鑰對
[yinsl_USG]stelnet server enable ????//啟用SSH服務
e.配置SSH用戶
[yinsl_USG]ssh user yinsl
[yinsl_USG]ssh user yinsl authentication-type password
[yinsl_USG]ssh user yinsl service-type stelnet
在路由器上SSH登陸防火墻,測試配置是否成功。測試結果截圖
[Router]interface GigabitEthernet 0/0/0
[Router-GigabitEthernet0/0/0]ip address 10.0.0.10 24
[Router-GigabitEthernet0/0/0]quit
[Router]ssh client first-time enable
[Router]stelnet 10.0.0.1
Please input the username:yinsl
Trying 10.0.0.1 ...
Press CTRL+K to abort
Connected to 10.0.0.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.0.0.1. Please wait...
Enter password:
*************************************************************************
* ????????Copyright (C) 2014-2015 Huawei Technologies Co., Ltd. ????????*
* ??????????????????????????All rights reserved. ???????????????????????*
* ??????????????Without the owner's prior written consent, ?????????????*
* ???????no decompiling or reverse-engineering shall be allowed. ???????*
*************************************************************************
Info: The max number of VTY users is 10, and the number
??????of current VTY users on line is 3.
??????The current login time is 2019-03-09 20:38:42+08:00.
<yinsl_USG>sys
Enter system view, return user view with Ctrl+Z.
總結
以上是生活随笔為你收集整理的华为防火墙-管理配置的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 俞敏洪沉默,新东方落泪
- 下一篇: CnOpenData中国各城市专利申请数