User's Manual
55JadeOSUserManual
user table.
9.2.2 User Role and ACL
User role defines the network access. JadeOS specifies the network access of user by
ACL. To create a user role in JadeOS, you need to create a session ACL, and then ap-
ply the ACL to the user role.
To create user role, use the following steps:
Step 1 Configure a session ACL named pre-auth-acl
(JadeOS) (config) #ip access-list session pre-auth-acl
Step 2 Configure network access.
(JadeOS) (config-sess-pre-auth-acl)#any any udp 53 permit
(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535 dst-nat ip 10.0.0.2 443
(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535 dst-nat ip 10.0.0.2 443
Step 3 Create a user role named ‘pre-auth’
(JadeOS) (config) #user-role preauth
Step 4 Apply user rule to ACL
(JadeOS) (config-role) #session-acl pre-auth-acl
Attribute Description
access-list Apply access list to user role
bandwidth-contract
Set the maximum bandwidth
max-sessions
Set the datapath session limit, 64k by default
reauthentication-interval Config the intervals of re-authentication
session-acl Apply session ACL
vlan Distribute VLAN
The attribute list supported by user role
9.2.3 Access Policy Based on User Role
Before a user successfully authenticate, JadeOS specifies an initial role to user (role
before authentication); after the user is successfully authenticate, JadeOS will specify
a new role to the user (role after authentication).Network administrators can flexibly
control network access through configuring ACL.
For example, configure a user role named pre-auth that permit DNS traffic, but redi-
rect all other traffic to port 443 to perform authentications by DNAT; configure a user
role named post-auth that allow all the traffic; use the following steps: