User's Manual
55JadeOSUserManual
user table. 
9.2.2 User Role and ACL 
User role defines the network access. JadeOS specifies the network access of user by 
ACL. To create a user role in JadeOS, you need to create a session ACL, and then ap-
ply the ACL to the user role. 
To create user role, use the following steps: 
Step 1    Configure a session ACL named pre-auth-acl 
  (JadeOS) (config) #ip access-list session pre-auth-acl 
Step 2    Configure network access. 
  (JadeOS) (config-sess-pre-auth-acl)#any any udp 53 permit 
(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535    dst-nat ip 10.0.0.2 443 
(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535    dst-nat ip 10.0.0.2 443 
Step 3    Create a user role named ‘pre-auth’ 
(JadeOS) (config) #user-role preauth 
Step 4    Apply user rule to ACL 
(JadeOS) (config-role) #session-acl pre-auth-acl 
Attribute Description 
access-list  Apply access list to user role 
bandwidth-contract 
Set the maximum bandwidth 
max-sessions 
Set the datapath session limit, 64k by default 
reauthentication-interval  Config the intervals of re-authentication 
session-acl  Apply session ACL 
vlan  Distribute VLAN 
The attribute list supported by user role 
9.2.3 Access Policy Based on User Role 
Before a user successfully authenticate, JadeOS specifies an initial role to user (role 
before authentication); after the user is successfully authenticate, JadeOS will specify 
a new role to the user (role after authentication).Network administrators can flexibly 
control network access through configuring ACL. 
For example, configure a user role named pre-auth that permit DNS traffic, but redi-
rect all other traffic to port 443 to perform authentications by DNAT; configure a user 
role named post-auth that allow all the traffic; use the following steps: 










