User's Manual Part 2
64JadeOSUserManual
Toconfigureblack‐listinJadeOS,usethefollowingcommand:
(JadeOS) (config) #netdestination black-list name www.sina.com
(JadeOS) (config) # ip access-list session post
(JadeOS)(config-sess-post) #any alias 123 any deny send-deny-response
position 2
9.8RadiusProxy
JadeOSsupportsradius proxy.WithproxyRADIUS,oneRADIUSserverreceivesan
authentication(oraccounting)requestfromaRADIUSclient(suchasaNAS),for‐
wardstherequesttoaremoteRADIUSserver,receivesthereplyfromtheremote
server,andsendsthatreplytotheclient,possiblywithchangestoreflectlocalad‐
ministrativepolicy.AcommonuseforproxyRADIUSisroaming.Roamingpermits
twoormoreadministrativeentitiestoalloweachother'suserstodialintoeitheren‐
tity'snetworkforservice.
9.8.1ConfiguringRadiusProxy
Step1Createaaaauthenticationradius‐proxyRP
(JadeOS) (config)#aaa authentication radius-proxy RP
(JadeOS) (Radius Proxy Profile "RP")#default-role postauth
(JadeOS) (Radius Proxy Profile "RP")#server-group SG1
Step2ConfigaaaprofileAAA,andspecifytheauthenticationwa yofRadiusProxyis
RP
(JadeOS) (AAA profile "AAA")#authentication-radius-proxy RP
Step3Specifytheaaaprofileinconfigmode
(JadeOS) (AAA profile "AAA")#aaa radius-proxy aaa profile AAA
Step4EnableRadiusproxyinconfigmode
(JadeOS) (AAA profile "AAA")#aaa radius-proxy enable
9.8.2ConfiguringEAP‐SIM
EAP‐SIMisoneoftheEAPauthenticationprotocolbasedon2GSIMcardthrough
whichusersaccesstoWLANnetwork.
Differedfromotherauthenticationprotocol,EAM‐SIMtakesuseoftheuserdataand
originalauthentication messagebestoredinSIMcar dtoauthenticateuserandgen‐
eratesessionkeytoaccessWLAN.Atthesametimethedatawillbestoredinthe
ISP’sHLRtoavoidtheauthenticationmessagetransferonInternettopreventuser
datafromnetworkattack.
EAP‐SIMistheauthenticationprot ocolappliedin2GnetworksandEAP‐AKAisap‐