User's Manual Part 2



48JadeOSUserManual

Step3andStep4showhowtoapplyACLtoVLAN100,pleaserefertochapter9.4for

moreinformation.

Step3ConfigureuserroleandapplyACl

(JadeOS)(config)#user-role trole

(JadeOS)(config-trole)#access-list session tacl

Step4ConfigureAAAProfile,andspecifyuserrole

(JadeOS)(config)#aaa profile test

(JadeOS)(AAA profile “test”)#initial-role trole

Step5ApplyAAApro filetoVLAN100

(JadeOS)(config)#vlan 100 aaa profile test

7.3.2ConfiguringDNAT

Figure7‐2Destinationaddresstransfer

ToconfigureDNATaddresstransferinsessionACl,usefollowingcommand:

<src-subnet> <dest-subnet> <protocol> dst-nat ip <ip-address>

Usingfigure7‐2asanexample,JadeOSachievestomakeuserthatfailedauthentica‐

tionredirecttoportalserver(150.0.0.150)byDNATfunction.Pleaserefertochapter

9.4formoreinformation.

Step1TocreatesessionACLandspecifyDNATIPaddressandDNATdestinationIP

address,usethefollowingcommand:

(JadeOS) (config) #ip access-list session tacl

(JadeOS) (config-sess-tacl) # any host 150.0.0.1 any dst-nat ip

200.0.0.200

Step2TocreateuserroleandapplyittoACL,usethefollowingcommand:

(JadeOS) (config) #user-role trole

(JadeOS) (config-trole) #access-list session tacl

Step3TocreateAAAprofileandapplyittouserroleandauthenticationgroup,use

thefollowingcommand: