The USG2000 & 5000 connect with the vsm lite network management server

0

USG2000 & 5000 and vsm lite network management server connect method are as follows:

1. Configure the interface address, route, and security zone of the USG so that the USG and the VSM can communicate with each other.
2. Configure the SNMP protocol parameters and Trap alarm function of the USG so that the alarms generated by the USG can be sent to the VSM network.
3. Configure the USG's Telnet protocol parameters to be consistent with the VSM network management so that the USG can be successfully added to the VSM network.
4. Configure the VSM SNMP protocol parameters and Telnet protocol parameters. Because the default SNMP protocol template can meet the requirements, you need to configure the Telnet protocol template in the NMS and add the USG to the VSM through the configured Telnet protocol template.
5. Add the USG to the VSM mainframe topology. Immediately after the synchronization operation, so that VSM can get the latest USG data.

Other related questions:
Connecting the USG2000&5000 series to the log server
The method of connecting the USG2000&5000&6000 to the log server is as follows: 1. Run the system-view command to access the system view. 2. Optional: Run the info-center source { module-name | default } channel { channel-number | channel-name } [ log { state { on | off } | level severity } * ] command to add log information to the information channel. By default, the information center dispatches the logs destined for a log server to information channel 2. Log output is enabled and the severity of the logs is informational. This command is used only to change the default configuration. module-name specifies the module that outputs logs, and severity specifies the log severity. 3. Bind an information channel to a log server, so that logs are output to the log server through the information channel. 4. Configure the IP address and other parameters of the log server. info-center loghost ip-address [ port ] [ module { module-name } &<1-6> ] info-center loghost ip-address [ port ] [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]* The channel-number or channel-name configured here shall be consistent with that in step 1. 5. Optional: Run the info-center loghost source ip-address command to specify the IP address that sends log information.

Enabling the access management function on the USG2000&5000
Enable the management function on the USG2000&5000 as follows: sys [USG5100]int g0/0/1 [USG5100-GigabitEthernet0/0/1]service-manage ?/ Enable access management under the physical interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-GigabitEthernet0/0/1]qu [USG5100]int vlanif 100 [USG5100-Vlanif100]service-manage ? /Enable access management under the VLANIF interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-Vlanif100]qu

Configuring a remote login mode for the USG2000&5000
Configure a remote login mode for the USG2000&5000 as follows: 1. Log in to the device through SSH. Through the configuration, users log in to the device through SSH to configure and management the device. Note: In hot standby networking, SSH configuration commands are not synchronized from the active device to the standby device. You must configure SSH on both devices. Procedure: a. Set IP addresses for interfaces. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.1.1.1 255.255.255.0 [USG-GigabitEthernet0/0/1] quit b. Create SSH user Client001. Configure the VTY user interface. [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound ssh [USG-ui-vty0-4] quit Create SSH user Client001. Create SSH user Client001 and set the authentication mode to password authentication. [USG] ssh user client001 [USG] ssh user client001 authentication-type password Set the password to Admin@123 for SSH user Client001. [USG] aaa [USG-aaa] local-user client001 password irreversible-cipher Admin@123 [USG-aaa] local-user client001 service-type ssh [USG-aaa] quit c. Set the service to STelnet for SSH users Client001 and Client002 and enable the STelnet service. [USG] ssh user client001 service-type stelnet [USG] stelnet server enable d. Run the client software that supports SSH and establish an SSH connection. 2. Log in to the device through Telnet. Through the configuration, users log in to the device through Telnet to configure and management the device. Note: Port 23 and Telnet are enabled on the USG by default. Users can run the undo telnet server enable command to disable port 23 and Telnet. Procedure: a. Access the USG user view through the console interface. b. Set IP addresses for interfaces. The local user access GigabitEthernet0/0/1 of the USG through Telnet, the interface IP address is 10.10.10.10, and subnet mask is 255.0.0.0. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.10.10.10 255.0.0.0 [USG-GigabitEthernet0/0/1] quit c. Configure user information. Configure the authentication mode to AAA for the VTY interface, and set the Telnet user name to user1, password to password@123, password storage mode to cipher, and level to level 3. system-view [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound telnet [USG-ui-vty0-4] quit [USG] aaa [USG-aaa] local-user user1 password irreversible-cipher password@123 [USG-aaa] local-user user1 service-type telnet [USG-aaa] local-user user1 level 3 d. Run the Telnet program on a PC (Windows). Choose Start > Run on the PC. In the Run window, enter telnet 10.10.10.10 (to connect interface IP address 10.10.10.10). e. Click OK to connect to the USG.

Configuration of using a non-management interface to manage the USG2000&5000 series
To use a non-management interface to manage the USG2000&5000 series, you can configure as follows: 1. Choose Network > Interface > Interface on the web page. 2. On the interface editing page, select Enable Access Management and the corresponding protocol. This configuration has a higher priority than security policies. After enabling access management on the interface, even if the security policy between the local zone and the interface locating security zone is disabled, as an administrator, you can still log in to the device through the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top