User's Manual Part 2
54JadeOSUserManual
Chapter9 Configuring AAA
ThischapterdescribesAAAconfiguration,includingusernetworkaccess,bandwidth
controlpolicyandsoon.
9.1TheAttributeofTrustandUntrust
Interfacemeanstheinsideinterfaceofdatapacket;whentheinterfaceistheattrib‐
ute of trust, JadeOS will disable authentication function in this interface; when the
interface is the attribute of untrust, JadeOS will enable authentication function in
thisinterface.
To configure the attribute of trust and untrust in the interface, use the following
steps:
Step1Enterinterfaceconfigmode:
(JadeOS) (config)#interface gigabitethernet 10/1
Step2Configuretheinterfaceistheattributeoftrust
(JadeOS) (config-if)#trusted
Step3Configuretheinterfaceistheattributeofuntrust
(JadeOS) (config-if)#no trusted
All the layer‐2 interface and layer‐3 interface is with the attribute of trust and un‐
trust; when the data packet goes through several interfaces, JadeOS will decide
whethertoauthenticateaccordingtothelastinterface’sattribute.Forexample,add
theinterfacegigaethernet1/0intovlan10;gigaethernet1/0istheattributeoftrust,
interfacevlan10istheattributeofuntrust;datapacketwillauthenticateaccording
totheattributeofthelastinterfacevlan10basedontheaboverule.
9.2UserandUserRole
9.2.1User
In order to flexibly control the network access and traffic bandwidth in different IP
address, JadeOS will create a user table for each IP address that goes through un‐
trustinterface.Usertablehasitsownlifecycle.
CreateUser:whentrafficofoneIPaddressgoesintosystemfromuntrustinterface,
JadeOSwilllookuptheIPaddressinthesystem;ifitisnotinexistence,JadeOSwill
triggertheauthenticationprocessandgenerateausertable;usertableisindexedby
IPaddress.