【网络--实验】华为USG6000系列防火墙配置telnet功能

一.实验拓扑图

【网络--实验】华为USG6000系列防火墙配置telnet功能_第1张图片

二. 配置步骤

1.配置管理PC

<Huawei>system-view                                       # 进入系统视图
[Huawei]sysname Manage-PC                                #配置系统名称为:Manage-PC 
[Manage-PC]interface  GigabitEthernet  0/0/1          #进入GigabitEthernet  0/0/1 端口
[Manage-PC-GigabitEthernet0/0/1]port link-type access      #配置端口链路类型为access
[Manage-PC-GigabitEthernet0/0/1]port default  vlan  1       #配置端口的默认vlan为vlan1
[Manage-PC-GigabitEthernet0/0/1]quit                          #退出GigabitEthernet0/0/1端口
[Manage-PC]interface  Vlanif  1                         #进入vlanif口1
[Manage-PC-Vlanif1]ip address  192.168.1.1 24        #配置IP地址192.168.1.1掩码长度24
[Manage-PC-Vlanif1]quit                                  #推出vlanif口1
[Manage-PC]

2.配置防火墙

!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123
!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123
!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123

<USG6000V1>system-view                                        # 进入系统视图
[USG6000V1]sysname firewall                                  #配置系统名称为:firewall
[firewall]interface  GigabitEthernet  1/0/1                #进入GigabitEthernet  1/0/1 端口
[firewall-GigabitEthernet1/0/1]ip address 192.168.1.2 24 #配置IP地址192.168.1.掩码长度24
[firewall-GigabitEthernet1/0/1]service-manage telnet permit  	#允许telnet服务通过
[firewall-GigabitEthernet1/0/1]service-manage ping   permit   #允许ping服务通过
[firewall-GigabitEthernet1/0/1]quit                        #退出GigabitEthernet  1/0/1 端口
[firewall]firewall  zone  trust                              #配置防火墙trust区域
[firewall-zone-trust]add interface GigabitEthernet 1/0/1 #添加接口GigabitEthernet 1/0/1
[firewall-zone-trust]quit                                     #退出防火墙trust区域
[firewall]security-policy  	                              #配置服务策略(即配置域间策略)
[firewall-policy-security]rule name  Trust->Local        #配置规则名称Trust->Local
[firewall-policy-security-rule-Trust->Local]source-zone  trust      #配置源区域trust
[firewall-policy-security-rule-Trust->Local]destination-zone local #配置目的区域local
[firewall-policy-security-rule-Trust->Local]action permit  #配置匹配后的动作为放行
[firewall-policy-security-rule-Trust->Local]quit         #退出配置规则名称Trust->Local
[firewall-policy-security]quit                       #退出配置服务策略(即配置域间策略)
[firewall]telnet  server enable                      #启动telnet服务
[firewall]user-interface vty  0 4                    #进入用户接口vty 0 4配置视图
[firewall-ui-vty0-4]authentication-mode aaa       #配置验证模式aaa
[firewall-ui-vty0-4]protocol  inbound  telnet      #配置允许通过的管理协议为telnet
[firewall-ui-vty0-4]quit                              #退出用户接口vty 0 4配置视图
[firewall]aaa                                           #进入aaa配置视图
[firewall-aaa]manager-user  admin                   #配置管理用户admin
[firewall-aaa-manager-user-admin]password cipher [email protected]  #设置密码为[email protected]  
[firewall-aaa-manager-user-admin]service-type  telnet   #配置使用telnet服务
[firewall-aaa-manager-user-admin]level  15         #配置用户的权限等级为15(最高)
[firewall-aaa-manager-user-admin]quit              #退出配置管理用户admin
[firewall-aaa]quit                                     #退出aaa配置视图        
[firewall]

三. 验证

1.在PC上ping测试到防火墙的连通性

<Manage-PC>ping 192.168.1.2
  PING 192.168.1.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms
    Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
    Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
    Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=50 ms

  --- 192.168.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/30/50 ms

<Manage-PC>

B.在PC上使用telnet登录防火墙

<Manage-PC>telnet  192.168.1.2
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ... Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.

Login authentication


Username:admin
Password:
*************************************************************************
*         Copyright (C) 2014-2018 Huawei Technologies Co., Ltd.         *
*                           All rights reserved.                        *
*               Without the owner's prior written consent,              *
*        no decompiling or reverse-engineering shall be allowed.        *
*************************************************************************


Info: The max number of VTY users is 10, and the number
      of current VTY users on line is 1.
      The current login time is 2020-07-09 09:00:30+00:00.
<firewall>

你可能感兴趣的:(网络)