User's Manual
54JadeOSUserManual
Chapter9 Configuring AAA
This chapter describes AAA configuration, including user network access, bandwidth
control policy and so on.
9.1 The Attribute of Trust and Untrust
Interface means the inside interface of data packet; when the interface is the attribute
of trust, JadeOS will disable authentication function in this interface; when the inter-
face is the attribute of untrust, JadeOS will enable authentication function in this in-
terface.
To configure the attribute of trust and untrust in the interface, use the following steps:
Step 1 Enter interface config mode:
(JadeOS) (config)#interface gigabitethernet 10/1
Step 2 Configure the interface is the attribute of trust
(JadeOS) (config-if)#trusted
Step 3 Configure the interface is the attribute of untrust
(JadeOS) (config-if)#no trusted
All the layer-2 interface and layer-3 interface is with the attribute of trust and untrust;
when the data packet goes through several interfaces, JadeOS will decide whether to
authenticate according to the last interface’s attribute. For example, add the interface
gigaethernet 1/0 into vlan 10; gigaethernet 1/0 is the attribute of trust, interface vlan
10 is the attribute of untrust; data packet will authenticate according to the attribute of
the last interface vlan 10 based on the above rule.
9.2 User and User Role
9.2.1 User
In order to flexibly control the network access and traffic bandwidth in different IP
address, JadeOS will create a user table for each IP address that goes through untrust
interface. User table has its own life cycle.
Create User: when traffic of one IP address goes into system from untrust interface,
JadeOS will look up the IP address in the system; if it is not in existence, JadeOS will
trigger the authentication process and generate a user table; user table is indexed by IP
address.
Delete User: when user offline or no traffic for a long time, JadeOS will delete this