[cisco-bba] 3620 and radius-server domain-stripping

Arie Vayner ml at vayner.net
Wed Dec 24 10:10:14 EST 2003

Hi All,

We have a strange problem...
We are trying to implement radius-server domain-stripping on a 3620 router 
acting as LNS.
The problem is that the same RADIUS server has to authenticate the tunnel 
(on the LAC) using the domain, and then on the LNS, the same RADIUS server 
has to authenticate the actual user, without the domain (we use FUNK, and 
we are unable to strip the domain on the RADIUS itself).

The strange thing is that on 7400/7300/7200 it works just fine.

We have found this document:

It basically states that this enhancement works on 7200/7400 on the B 
train, but I figured it's only affecting the right-to-left support, and 
not the basic feature of domain-stripping...

We tested this feature on 7400/7300 using 12.3(4)T, but it is not 
available for the 3620... 
The tests we made on 3620 were made on 12.2(15)T9 and 12.3(something) but 
not T

Can anyone please advise? Maybe there is another workaround that 
would enable us to do what we want?

Arie Vayner
Network Engineering Manager
CCIE #12198

More information about the cisco-bba mailing list