Secpath1800F远程接入验证方式典型配置
一、 组网需求:
管理员通过远程telnet、SSH连接防火墙及通过console口管理防火墙验证方式的配置。
二、 组网图:
三、 配置步骤:
适用版本 : Secpath1800F 所有VRP 版本
sysname Secpath1800F
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
firewall mode route // 防火墙模式为透明模式
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet1/0/0
#
interface Ethernet1/0/1 // 设置相应端口地址
ip address 202.96.199.200 255.255.255.0
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
#
interface Ethernet1/0/4
#
interface Ethernet1/0/5
#
interface Ethernet1/0/6
#
interface Ethernet1/0/7
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust // 端口加入域
set priority 85
add interface Ethernet1/0/1
#
firewall zone untrust
set priority 5
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
aaa
local-user test1 password simple test1 // 创建用户名并设置密码
local-user test1 service-type terminal // 设置用户使用类别
local-user test1 level 3 // 设置用户登陆级别
local-user test2 password simple test2
local-user test2 service-type ssh
local-user test2 level 3
local-user test3 password simple test3
local-user test3 service-type telnet
local-user test3 level 3
authentication-scheme default
#
accounting-scheme default
#
domain default
#
ssh user test2 authentication-type password // 设置SSH用户名和认证方式
#
user-interface con 0 // 设置从串口登陆用户的认证方式
authentication-mode aaa
user-interface aux 0
user-interface vty 0 4 // 设置远程登陆用户的认证方式
authentication-mode aaa
#
return
四、 配置关键点:
在使用SSH连接时注意除配置上述命令项之外还要使用命令生成RSA密钥对,配置方式如下:
在系统模式下输入命令: rsa local-key-pair create
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作