[cisco-bba] 3620 and radius-server domain-stripping
Arie Vayner
ml at vayner.net
Wed Dec 24 10:18:20 EST 2003
Another detail I failed to mention...
We use # as the domain delimiter and not @, i.e. a user name looks like:
user#domain (and sometimes it may look like user#domain at otherdomain)
Arie
On Wed, 24 Dec 2003, Arie Vayner wrote:
> Hi All,
>
> We have a strange problem...
> We are trying to implement radius-server domain-stripping on a 3620 router
> acting as LNS.
> The problem is that the same RADIUS server has to authenticate the tunnel
> (on the LAC) using the domain, and then on the LNS, the same RADIUS server
> has to authenticate the actual user, without the domain (we use FUNK, and
> we are unable to strip the domain on the RADIUS itself).
>
> The strange thing is that on 7400/7300/7200 it works just fine.
>
> We have found this document:
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122b/122b_15/ftdomstp.htm
>
> It basically states that this enhancement works on 7200/7400 on the B
> train, but I figured it's only affecting the right-to-left support, and
> not the basic feature of domain-stripping...
>
> We tested this feature on 7400/7300 using 12.3(4)T, but it is not
> available for the 3620...
> The tests we made on 3620 were made on 12.2(15)T9 and 12.3(something) but
> not T
>
> Can anyone please advise? Maybe there is another workaround that
> would enable us to do what we want?
>
> Thanks
> Arie Vayner
> Network Engineering Manager
> CCIE #12198
> NetVision
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
More information about the cisco-bba
mailing list