目录
环境配置
Win+x,进入终端管理员,输入命令bcdedit /set hypervisorlaunchtype off,然后重启电脑,问题解决
禁用和启用基于虚拟化的安全性
bcdedit /set hypervisorlaunchtype off
bcdedit /set hypervisorlaunchtype auto
因为我装有子系统,FW启动报错,代码40
一.console命令行登入
启动FW1
密码:Admin@123
用CTL连接FW1和PC1
双击PC1,点击连接, PC1和FW1的命令界面是一样的
进入配置视图和更改防火墙名字
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sysname FW1
[FW1]
二.真机登录
真机1:SecureCRT
新建连接-新建会话
此电脑-右键-管理,可以找到COM几
完成之后就可以连上了
真机2:putty
也是一样
三.web页面登入
默认管理地址:192.168.0.1,可以更改
<FW1>sys
Enter system view, return user view with Ctrl+Z.
[FW1]display ip interface brief用于查看接口信息
进入端口并查看
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]display this
更改端口
[FW1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[FW1-GigabitEthernet0/0/0]display this
改回来
[FW1-GigabitEthernet0/0/0]ip address 192.168.0.1 24
[FW1-GigabitEthernet0/0/0]display this
添加环回适配器
成功添加
控制面板-网络和internet-网络共享中心-更改适配器-右建属性
Int v4
192.168.0.100
确认后重启电脑
先配置Cloud1,不然接不了线
可以先打开FW1,登录密码即可
用Copper连接FW1和Cloud1即可
用win10登录,别TM用360了
更改密码
ok,用新密码登录
刷新即可web页面登入
四.telnet远程登入
console和web页面都是本地登录,telnet和ssh都是远程登入
还是刚才web页面那个配置
<USG6000V1>sys
Enter system view, return user view with Ctrl+Z.
[USG6000V1]sysname FW1
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode password
Error: Failed to set user interface authentication mode. Please modify the proto
col first.
[FW1-ui-vty0-4]protocol inbound ?
all All protocols
ssh SSH protocol
telnet Telnet protocol[FW1-ui-vty0-4]dis th
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$^]EdM[|hQ"$A28J&G,e*4F^qtY":-I$m&V80L<y}
GO)&m9$~_+9$
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
return
[FW1-ui-vty0-4]protocol inbound telnet
[FW1-ui-vty0-4]dis th
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$^]EdM[|hQ"$A28J&G,e*4F^qtY":-I$m&V80L<y}
GO)&m9$~_+9$
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
return
[FW1-ui-vty0-4]authentication-mode password
Warning: The "password" authentication mode is not secure, and it is strongly re
commended to use "aaa" authentication mode.
[FW1-ui-vty0-4]?
user-interface view commands:
acl ACL-based connection
anti-ddos Defend against DDoS attacks
arp Specify ARP configuration information
authentication-mode Configure the authentication mode for a user terminal
interface
auto-execute Do something automatically
configuration Configuration interlock
databits Set the databits of a user terminal interface
debugging Enable system debugging functions
display Display current system information
download Load specify module
firewall Indicate firewall
flow-control Set the flow control mode of the user terminal
history-command Record history commands
idle-timeout Set the timeout period for a terminal user
parity Set the parity mode of user terminal
ping Send echo messages
protocol Set the user interface protocol
quit Exit from current command view
reset Reset operation
return Exit to user view
run Execute command of user view
screen-length Set the number of lines displayed on a screen
screen-width Set screen width
set Set the parameters for a user terminal interface
[FW1-ui-vty0-4]q
[FW1]telnet server enable
Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]dis th
#
user-interface con 0
authentication-mode password
set authentication password cipher $1a$^]EdM[|hQ"$A28J&G,e*4F^qtY":-I$m&V80L<y}
GO)&m9$~_+9$
user-interface vty 0 4
authentication-mode password
user-interface vty 16 20
#
return
[FW1-ui-vty0-4]?
user-interface view commands:
acl ACL-based connection
anti-ddos Defend against DDoS attacks
arp Specify ARP configuration information
authentication-mode Configure the authentication mode for a user terminal
interface
auto-execute Do something automatically
configuration Configuration interlock
databits Set the databits of a user terminal interface
debugging Enable system debugging functions
display Display current system information
download Load specify module
firewall Indicate firewall
flow-control Set the flow control mode of the user terminal
history-command Record history commands
idle-timeout Set the timeout period for a terminal user
parity Set the parity mode of user terminal
ping Send echo messages
protocol Set the user interface protocol
quit Exit from current command view
reset Reset operation
return Exit to user view
run Execute command of user view
screen-length Set the number of lines displayed on a screen
screen-width Set screen width
[FW1-ui-vty0-4]set authentication password cipher xwj@1****7
Warning: The "password" authentication mode is not secure, and it is strongly re
commended to use "aaa" authentication mode.
[FW1-ui-vty0-4]q
[FW1]q
<FW1>system-view
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]user privilege level 15
<FW1>sys
[FW1]telnet server enable
[FW1]user-interface vty 0 4[FW1-ui-vty0-4]protocol inbound telnet
[FW1-ui-vty0-4]authentication-mode password
[FW1-ui-vty0-4]user privilege level 15
[FW1-ui-vty0-4]set authentication password cipher xwj@1****7
Ctrl+z 或者 return,可从多层视图,一键退到用户视图
sava保存配置
缩写:
display this:dis th
system-view:sys
[FW1-ui-vty0-4]user privilege level 15
因为没有给用户设级别,管理员级别:3-15用户视图权限低,只能查看,不能做配置
[FW1]user-interface vty 0 4
虚拟线路视图,0-4表示可以同时5个用户进来
改认证模式:默认是ssh协议(3a认证),改为telnet协议(password认证)[FW1-ui-vty0-4]authentication-mode password
Warning: The "password" authentication mode is not secure, and it is strongly re
commended to use "aaa" authentication mode.
提示密码认证没有3a认证安全
用户视图
<FW1>sys
系统视图/配置视图
[FW1]
接口视图
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]q
协议视图
[FW1]ospf
[FW1-ospf-1]q
安全策略视图
[FW1]security-policy
[FW1-policy-security]q
nat策略视图(网络技术转换)
[FW1]nat-policy
[FW1-policy-nat]
C:\Users\pc>telnet 192.168.0.1 'telnet' 不是内部或外部命令,也不是可运行的程序 或批处理文件。
telnet 192.168.0.1
xwj@1****7
<FW1>sys
Enter system view, return user view with Ctrl+Z.
[FW1]int g0/0/0
[FW1-GigabitEthernet0/0/0]dis th
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
return
[FW1-GigabitEthernet0/0/0]service-manage ping deny
[FW1-GigabitEthernet0/0/0]dis th
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
return
[FW1-GigabitEthernet0/0/0]service-manage ping permit
[FW1-GigabitEthernet0/0/0]dis th
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
return
web登入页面也可以启用和禁用ping服务
新密码xws@1****7
五.ssh远程登入(也叫stelnet)
telnet是明文登录,不安全,而ssh比较安全
[FW1]stelnet server enable
Info: Succeeded in starting the Stelnet server.开启stelnet服务
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode aaa
[FW1-ui-vty0-4]protocol inbound ssh
[FW1-ui-vty0-4]dis th
[FW1-ui-vty0-4]q
[FW1]aaa
[FW1-aaa]manager-user sshuser
创建账号sshuser
[FW1-aaa-manager-user-sshuser]password cipher xwj@1****7
设置密码
[FW1-aaa-manager-user-sshuser]service-type ?
[FW1-aaa-manager-user-sshuser]service-type ssh
[FW1-aaa-manager-user-sshuser]service-type ssh web
[FW1-aaa-manager-user-sshuser]service-type ssh web terminal
[FW1-aaa-manager-user-sshuser]service-type ssh web telnet
[FW1-aaa-manager-user-sshuser]dis th
[FW1-aaa-manager-user-sshuser]service-type ssh
设置ssh服务类型
[FW1-aaa-manager-user-sshuser]dis th
[FW1-aaa-manager-user-sshuser]q
[FW1-aaa]bind manager-user sshuser role system-admin
将管理员账号sshuser绑定默认的管理员角色system-admin
[FW1-aaa]q
[FW1]ssh user sshuser
新建SSH用户sshuser
[FW1]ssh user sshuser authentication-type password
配置SSH用户sshuser的认证方式为password[FW1]ssh user sshuser service-type stelnet
服务类型为stelnet
[FW1]rsa local-key-pair create
生成本地RSA主机密钥对和服务器密钥对
<FW1>sys
Enter system view, return user view with Ctrl+Z.
[FW1]stelnet server enable
Info: Succeeded in starting the Stelnet server.
[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode aaa
Warning: The level of the user-interface(s) will be the default level of AAA use
rs, please check whether it is correct.
Info: The password was cleared.
[FW1-ui-vty0-4]protocol inbound ssh
[FW1-ui-vty0-4]q
[FW1]aaa
[FW1-aaa]manager-user sshuser
[FW1-aaa-manager-user-sshuser]password cipher xwj@1****7
Info: You are advised to config on man-machine mode.
[FW1-aaa-manager-user-sshuser]service-type ssh
[FW1-aaa-manager-user-sshuser]dis th
#
manager-user sshuser
password cipher @%@%Ia[0$KfRq5DDqq7gEEeHCF\yXetBV1e0=!Al3rG@B-<;F\|C@%@%
service-type ssh#
return
[FW1-aaa-manager-user-sshuser]q
[FW1-aaa]bind manager-user sshuser role system-admin
[FW1-aaa]q
[FW1]ssh user sshuser
Info: Succeeded in adding a new SSH user.
[FW1]ssh user sshuser authentication-type password
[FW1]ssh user sshuser service-type stelnet
[FW1]rsa local-key-pair create
The key name will be: FW1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:
Generating keys...
.+++++
........................++
....++++
...........++
失败了
六.用产品文档查看命令用法
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
