拓扑图
配置
Xshell for Xmanager Enterprise 5 (Build 0544)
Copyright (c) 2002-2015 NetSarang Computer, Inc. All rights reserved.
Type `help' to learn how to use Xshell prompt.
[c:\~]$
Connecting to 127.0.0.1:2000...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
<USG6000V1>sy
sy
Enter system view, return user view with Ctrl+Z.
[USG6000V1]
Sep 7 2018 03:26:52 USG6000V1 %%01LOCATION/4/UPDATESUCCESS(l)[0]:Succeed in initializing signature database. (SyslogId=1, Module=LOCATION-SDB, Pre-UpdateVersion=0, Update
Version=2014010414, Status=init-load, Duration(s)=193)[USG6000V1]
^
Error: Unrecognized command found at '^' position.
<USG6000V1>sy
sy
Enter system view, return user view with Ctrl+Z.
[USG6000V1]
[USG6000V1]
[USG6000V1]
[USG6000V1]stelnet server en
stelnet server en
Info: Succeeded in starting the Stelnet server.
[USG6000V1]
Sep 7 2018 03:41:15 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 1, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1]int g 0/0/0
int g 0/0/0
[USG6000V1-GigabitEthernet0/0/0]dis th
dis th
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
return
[USG6000V1-GigabitEthernet0/0/0]rsa local-key-pair create
rsa local-key-pair create
The key name will be: USG6000V1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:
//在这我默认2048
Generating keys...
...+++++
........................++
....++++
...........++
[USG6000V1]
[USG6000V1]user-interface vty 0 4
user-interface vty 0 4
[USG6000V1-ui-vty0-4]
[USG6000V1-ui-vty0-4]au aaa
au aaa
Warning: The level of the user-interface(s) will be the default level of AAA users,
please check whether it is correct.
[USG6000V1-ui-vty0-4]
[USG6000V1-ui-vty0-4]authentication-mode aaa
authentication-mode aaa
Warning: The level of the user-interface(s) will be the default level of AAA users,
please check whether it is correct.
[USG6000V1-ui-vty0-4]aaa
aaa
[USG6000V1-aaa]manager xumin
manager xumin
[USG6000V1-aaa-manager-user-xumin]
Sep 7 2018 04:36:15 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 2, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-aaa-manager-user-xumin]service-type ssh
service-type ssh
[USG6000V1-aaa-manager-user-xumin]
Sep 7 2018 04:38:25 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 3, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-aaa-manager-user-xumin]password cipher xumin@123
password cipher xumin@123
Info: You are advised to config on man-machine mode.
[USG6000V1-aaa-manager-user-xumin]
Sep 7 2018 04:39:35 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 4, the change loop count is 0, and the maximum number of records is 4095
[USG6000V1-aaa-manager-user-xumin]level 15
level 15
[USG6000V1-aaa-manager-user-xumin]
Sep 7 2018 04:40:35 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 5, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-aaa-manager-user-xumin]q
q
[USG6000V1-aaa]q
q
[USG6000V1]ssh authentication-type default password
ssh authentication-type default password
^
Error: Unrecognized command found at '^' position.
[USG6000V1]ssh au default password
ssh au default password
[USG6000V1]
Sep 7 2018 04:43:05 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 6, the change loop count is 0, and the maximum number of records is 4095.[USG6000V1]
Sep 7 2018 04:44:33 USG6000V1 %%01SSH/4/SSH_FAIL(s)[1]:Failed to login through SSH
. (IP=192.168.0.103, VpnInstanceName=default, UserName=xumin, Times=1, FailedReason=User password authentication failed)
[USG6000V1]int g 0/0/0
int g 0/0/0
[USG6000V1-GigabitEthernet0/0/0]dis th
dis th
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 192.168.0.1 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
return
[USG6000V1-GigabitEthernet0/0/0]
Sep 7 2018 04:52:14 USG6000V1 %%01SSH/4/SSH_FAIL(s)[3]:Failed to login through SSH
. (IP=192.168.0.103, VpnInstanceName=default, UserName=, Times=1, FailedReason=The user login timed out)[USG6000V1-GigabitEthernet0/0/0]
连接
确认后确定进入【输入安全外壳密码】输入用户名和密码
改此用户名新密码,必须改写
关于ensp(510版)中usg5500和6000的区别
5500:permit到区域
关于usg6000防火墙可以和连接的设备之间ping通,默认不允许,需要进入端口开启这个功能service-manage ping permit,哪个放行哪个可通
关于usg5500防火墙可以和连接的设备之间ping通,默认不允许,可在全局模式下permit区域间ping功能:部分代码firewall packet-filter default permit interzone 区域间