[cisco-bba] 3620 and radius-server domain-stripping

Arie Vayner ml at vayner.net
Wed Dec 24 10:18:20 EST 2003


Another detail I failed to mention...
We use # as the domain delimiter and not @, i.e. a user name looks like: 
user#domain (and sometimes it may look like user#domain at otherdomain)

Arie

On Wed, 24 Dec 2003, Arie Vayner wrote:

> Hi All,
> 
> We have a strange problem...
> We are trying to implement radius-server domain-stripping on a 3620 router 
> acting as LNS.
> The problem is that the same RADIUS server has to authenticate the tunnel 
> (on the LAC) using the domain, and then on the LNS, the same RADIUS server 
> has to authenticate the actual user, without the domain (we use FUNK, and 
> we are unable to strip the domain on the RADIUS itself).
> 
> The strange thing is that on 7400/7300/7200 it works just fine.
> 
> We have found this document:
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122b/122b_15/ftdomstp.htm
> 
> It basically states that this enhancement works on 7200/7400 on the B 
> train, but I figured it's only affecting the right-to-left support, and 
> not the basic feature of domain-stripping...
> 
> We tested this feature on 7400/7300 using 12.3(4)T, but it is not 
> available for the 3620... 
> The tests we made on 3620 were made on 12.2(15)T9 and 12.3(something) but 
> not T
> 
> Can anyone please advise? Maybe there is another workaround that 
> would enable us to do what we want?
> 
> Thanks
> Arie Vayner
> Network Engineering Manager
> CCIE #12198
> NetVision 
> 
> 
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
> 



More information about the cisco-bba mailing list