一.实验拓扑图
二. 配置步骤
1.配置管理PC
<Huawei>system-view # 进入系统视图
[Huawei]sysname Manage-PC #配置系统名称为:Manage-PC
[Manage-PC]interface GigabitEthernet 0/0/1 #进入GigabitEthernet 0/0/1 端口
[Manage-PC-GigabitEthernet0/0/1]port link-type access #配置端口链路类型为access
[Manage-PC-GigabitEthernet0/0/1]port default vlan 1 #配置端口的默认vlan为vlan1
[Manage-PC-GigabitEthernet0/0/1]quit #退出GigabitEthernet0/0/1端口
[Manage-PC]interface Vlanif 1 #进入vlanif口1
[Manage-PC-Vlanif1]ip address 192.168.1.1 24 #配置IP地址192.168.1.1掩码长度24
[Manage-PC-Vlanif1]quit #推出vlanif口1
[Manage-PC]
2.配置防火墙
!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123
!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123
!!!注意:防火墙console默认有密码。用户名:admin,密码:Admin@123
<USG6000V1>system-view # 进入系统视图
[USG6000V1]sysname firewall #配置系统名称为:firewall
[firewall]interface GigabitEthernet 1/0/1 #进入GigabitEthernet 1/0/1 端口
[firewall-GigabitEthernet1/0/1]ip address 192.168.1.2 24 #配置IP地址192.168.1.掩码长度24
[firewall-GigabitEthernet1/0/1]service-manage telnet permit #允许telnet服务通过
[firewall-GigabitEthernet1/0/1]service-manage ping permit #允许ping服务通过
[firewall-GigabitEthernet1/0/1]quit #退出GigabitEthernet 1/0/1 端口
[firewall]firewall zone trust #配置防火墙trust区域
[firewall-zone-trust]add interface GigabitEthernet 1/0/1 #添加接口GigabitEthernet 1/0/1
[firewall-zone-trust]quit #退出防火墙trust区域
[firewall]security-policy #配置服务策略(即配置域间策略)
[firewall-policy-security]rule name Trust->Local #配置规则名称Trust->Local
[firewall-policy-security-rule-Trust->Local]source-zone trust #配置源区域trust
[firewall-policy-security-rule-Trust->Local]destination-zone local #配置目的区域local
[firewall-policy-security-rule-Trust->Local]action permit #配置匹配后的动作为放行
[firewall-policy-security-rule-Trust->Local]quit #退出配置规则名称Trust->Local
[firewall-policy-security]quit #退出配置服务策略(即配置域间策略)
[firewall]telnet server enable #启动telnet服务
[firewall]user-interface vty 0 4 #进入用户接口vty 0 4配置视图
[firewall-ui-vty0-4]authentication-mode aaa #配置验证模式aaa
[firewall-ui-vty0-4]protocol inbound telnet #配置允许通过的管理协议为telnet
[firewall-ui-vty0-4]quit #退出用户接口vty 0 4配置视图
[firewall]aaa #进入aaa配置视图
[firewall-aaa]manager-user admin #配置管理用户admin
[firewall-aaa-manager-user-admin]password cipher Admin@huawei.com #设置密码为Admin@huawei.com
[firewall-aaa-manager-user-admin]service-type telnet #配置使用telnet服务
[firewall-aaa-manager-user-admin]level 15 #配置用户的权限等级为15(最高)
[firewall-aaa-manager-user-admin]quit #退出配置管理用户admin
[firewall-aaa]quit #退出aaa配置视图
[firewall]
三. 验证
1.在PC上ping测试到防火墙的连通性
<Manage-PC>ping 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=50 ms
--- 192.168.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/30/50 ms
<Manage-PC>
B.在PC上使用telnet登录防火墙
<Manage-PC>telnet 192.168.1.2
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ... Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.
Login authentication
Username:admin
Password:
*************************************************************************
* Copyright (C) 2014-2018 Huawei Technologies Co., Ltd. *
* All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
*************************************************************************
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2020-07-09 09:00:30+00:00.
<firewall>