F3215-HP Load Balancing Module System Maintenance Configuration Guide-6PW101
31
Figure 9 Network diagram
Configuration considerations
The configuration in this example includes two parts:
1. Log in to the LB as the system administrator
{ Enable saving of security logs into the security log file and set the saving interval to one hour.
{ Create a local user seclog with the password 12312312 3123 , and authorize this user as the
security log administrator. That is, use the authorization-attribute command to set the user
privilege level to 3 and specify the user role as security audit. In addition, specify the service
types that the user can use by using service-type.
{ Set the authentication mode to scheme for the user logging in to the lB, and make sure only a
local user who has passed AAA local authentication can view and perform operations on the
security log file.
2. Log in to the LB as the security log administrator
{ Set the directory for saving the security log file to cfa0:/securitylog/seclog.log.
{ View the contents of the security log file to learn the security status of the LB.
Configuration procedure
1. Configuration performed by the system administrator
# Enable saving security logs into the security log file and set the saving interval to one hour.
<LB> system-view
[LB] info-center security-logfile enable
[LB] info-center security-logfile frequency 3600
# Create a local user seclog, and configure the password for the user as 123123123123.
[LB] local-user seclog
New local user added.
[LB-luser-seclog] password simple 123123123123
# Authorize the user to manage the security log file.
[LB-luser-seclog] authorization-attribute level 3 user-role security-audit
# Authorize the user to use SSH, Telnet, and terminal services.
[LB-luser-seclog] service-type ssh telnet terminal
[LB-luser-seclog] quit