Secpath1800F管理员登陆验证方式的配置

 

Secpath1800F远程接入验证方式典型配置

 

 

一、  组网需求：

管理员通过远程telnet、SSH连接防火墙及通过console口管理防火墙验证方式的配置。

 

二、  组网图：

 

   

 

三、  配置步骤：

     适用版本 ： Secpath1800F 所有VRP 版本

 

sysname Secpath1800F

#

firewall packet-filter default permit interzone local trust direction inbound

firewall packet-filter default permit interzone local trust direction outbound

firewall packet-filter default permit interzone local untrust direction inbound

firewall packet-filter default permit interzone local untrust direction outbound

firewall packet-filter default permit interzone local dmz direction inbound

firewall packet-filter default permit interzone local dmz direction outbound

firewall packet-filter default permit interzone trust untrust direction inbound

firewall packet-filter default permit interzone trust untrust direction outbound

firewall packet-filter default permit interzone trust dmz direction inbound

firewall packet-filter default permit interzone trust dmz direction outbound

firewall packet-filter default permit interzone dmz untrust direction inbound

firewall packet-filter default permit interzone dmz untrust direction outbound

#

firewall mode route                        // 防火墙模式为透明模式

#

firewall statistic system enable

#

interface Aux0

async mode flow

link-protocol ppp

#

interface Ethernet0/0/0

#

interface Ethernet0/0/1

#

interface Ethernet1/0/0

#

interface Ethernet1/0/1                    // 设置相应端口地址

ip address 202.96.199.200 255.255.255.0

#

interface Ethernet1/0/2

#

interface Ethernet1/0/3

#

interface Ethernet1/0/4

#

interface Ethernet1/0/5

#

interface Ethernet1/0/6

#

interface Ethernet1/0/7

#

interface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust                              // 端口加入域

set priority 85

add interface Ethernet1/0/1

#

firewall zone untrust

set priority 5

#

firewall zone dmz

set priority 50

#

firewall interzone local trust

#

firewall interzone local untrust

#

firewall interzone local dmz

#

firewall interzone trust untrust

#

firewall interzone trust dmz

#

firewall interzone dmz untrust

#

aaa

 local-user test1 password simple test1           // 创建用户名并设置密码

 local-user test1 service-type terminal             // 设置用户使用类别

 local-user test1 level 3                                 // 设置用户登陆级别

 local-user test2 password simple test2

 local-user test2 service-type ssh  

 local-user test2 level 3   

 local-user test3 password simple test3  

 local-user test3 service-type telnet  

 local-user test3 level 3   

 authentication-scheme default

#

accounting-scheme default

#

domain default

#

ssh user test2 authentication-type password       // 设置SSH用户名和认证方式

#

user-interface con 0                                        // 设置从串口登陆用户的认证方式

authentication-mode aaa

user-interface aux 0

user-interface vty 0 4                                      // 设置远程登陆用户的认证方式

authentication-mode aaa

#

return

 

四、  配置关键点：

     

     在使用SSH连接时注意除配置上述命令项之外还要使用命令生成RSA密钥对，配置方式如下：

 

     在系统模式下输入命令：  rsa local-key-pair create