User's Manual
58JadeOSUserManual
(JadeOS) (config) #ip access-list session pre-auth-acl
(JadeOS) (config-sess-pre-auth-acl)#any any udp 53 permit
(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535 dst-nat ip 10.0.0.2 443
(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535 dst-nat ip 10.0.0.2 443
(JadeOS) (config-sess-pre-auth-acl)#exit
(JadeOS) (config) #ip access-list session post-auth-acl
(JadeOS) (config-sess-post-auth-acl)#any any any permit
(JadeOS) (config-sess-pre-auth-acl)#exit
(JadeOS) (config)#user-role preauth
(JadeOS) (config-role)#access-list session pre-auth-acl
(JadeOS) (config)#user-role postauth
(JadeOS) (config-role)#access-list session post-auth-acl
9.3 Connections among User, VLAN and User Role
Each user has its own VLAN ID in JadeOS.
Several ways to specify VLAN for each user, for example:
- If a user access from one VLAN interface, user’s VLAN is the interface’s
VLAN ID;
- Specify a VLAN for SSID; if a user access from this SSID, user’s VLAN is
the specified VLAN;
Each VLAN has an AAA policy; please refer to chapter 9.4 for more information.
Each AAA policy defines the user role before authentication and after authentication
(including network access and bandwidth control). User will switch user role after
authentication.
9.4 Configuring AAA Profile
AAA profile is a profile about authentication configuration. Profile specifies the
authentication ways (web portal, 802.1x, and MAC authentication), initial role (role
before authentication), default role (role after authentication), Radius Server and so
on.
Apply AAA profile to one VLAN, and then all the user in the VLAN can use AAA
profile. Before configuration, you need to configure ACL, Role, Radius server group,
authentication ways, and then apply them to the AAA profile.
9.4.1 Configuring ACL
ACL is used to specify user’s network access. Please refer to chapter 9.2 and 9.3 for
more information.
9.4.2 Configuring role