User's Manual Part 2



55JadeOSUserManual

Delete User: when user offline or notraffic for a long time, JadeOS will delete this

usertable.

9.2.2UserRoleandACL

Userroledefinesthenetworkaccess.JadeOSspecifiesthenetworkaccessofuserby

ACL.TocreateauserroleinJadeOS,youneedtocreateasessionACL,andthenap‐

plytheACLtotheuserrole.

Tocreateuserrole,usethefollowingsteps:

Step1ConfigureasessionACLnamedpre‐auth‐acl

(JadeOS) (config) #ip access-list session pre-auth-acl

Step2Configurenetworkaccess.

(JadeOS) (config-sess-pre-auth-acl)#any any udp 53 permit

(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535 dst-nat ip

10.0.0.2 443

(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535 dst-nat ip

10.0.0.2 443

Step3Createauserrolenamed‘pre‐auth’

(JadeOS) (config) #user-role preauth

Step4ApplyuserruletoACL

(JadeOS) (config-role) #session-acl pre-auth-acl



Attribute Description

access‐list Applyaccesslisttouserrole

bandwidth‐contract

Setthemaximumbandwidth

max‐sessions

Setthedatapathsessionlimit,64kbydefault

reauthentication‐interval Configtheinte rvalsofre‐authentication

session‐acl ApplysessionACL

vlan DistributeVLAN

Theattributelistsupportedbyuserrole

9.2.3AccessPolicyBasedonUserRole

Beforeausersuccessfullyauthenticate,JadeOSspecifiesaninitialroletouser(role

beforeauthentication);aftertheuserissuccessfullyauthenticate,JadeOSwillspecify

anewroletotheuser(roleafterauthentication).Networkadministratorscanflexibly

controlnetworkaccessthroughconfiguringACL.