beautypg.com

Configuration procedure – H3C Technologies H3C SecBlade LB Cards User Manual

Page 41

background image

32

privilege level to 3 and specify the user role as security audit. In addition, specify the service

types that the user can use by using service-type.

{

Set the authentication mode to scheme for the user logging in to the lB, and make sure only a
local user who has passed AAA local authentication can view and perform operations on the

security log file.

2.

Log in to the LB as the security log administrator

{

Set the directory for saving the security log file to Flash0:/securitylog/seclog.log.

{

View the contents of the security log file to learn the security status of the LB.

Configuration procedure

1.

Configuration performed by the system administrator
# Enable saving security logs into the security log file and set the saving interval to one hour.

system-view

[LB] info-center security-logfile enable

[LB] info-center security-logfile frequency 3600

# Create a local user seclog, and configure the password for the user as 123123123123.

[LB] local-user seclog

New local user added.

[LB-luser-seclog] password simple 123123123123

# Authorize the user to manage the security log file.

[LB-luser-seclog] authorization-attribute level 3 user-role security-audit

# Authorize the user to use SSH, Telnet, and terminal services.

[LB-luser-seclog] service-type ssh telnet terminal

[LB-luser-seclog] quit

# According to the network plan, the user will log in to the LB through SSH or Telnet, so configure
the authentication mode of the VTY user interface as scheme.

[LB] display user-interface vty ?

INTEGER<0-4> Specify one user terminal interface

The output shows that the LB supports five VTY user interfaces, which are numbered 0 through 4.

[LB] user-interface vty 0 4

[LB-ui-vty0-4] authentication-mode scheme

[LB-ui-vty0-4] quit

2.

Configuration performed by the security log administrator
# Log in to the LB as user seclog.

C:/> telnet 1.1.1.1

******************************************************************************

* Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

Login authentication

Username:seclog

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: