Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Domain Mapping Overview

 

Domain mapping enables you to configure a map that specifies access options and session-specific parameters. The map is based on the domain name of subscriber sessions — the router applies the mapped options and parameters to sessions for subscribers that have the specified domains. For example, you might configure a domain map that is based on the domain name example.com. The options and parameters in that domain map are then applied when subscribers with the specified domain name (for example, bob@example.com, raj@example.com, and juan@example.com) request a AAA service.

Note

A subscriber’s username is typically made up of two parts — the user’s name followed by the user’s domain name, which are separated by a delimiter character. The domain name is always to the right of the domain delimiter. For example, in the username, juan@example.com, the user’s name, juan is followed by the domain name example.com, and the two are separated by the @ delimiter character.

However, some systems use a username format in which the domain name precedes the user’s name. To avoid confusion with the typical domain name usage, this type of preceding domain name is referred to as a realm name, and the realm name is to the left of the realm delimiter. For example, in the username, top321-example.com/mary, the top321-example.com part is the realm name, mary is the user’s name, and the / character is the delimiter character.

The domain map provides efficiency, and enables you to make changes for a large number of subscribers in one operation. For example, if an address assignment pool becomes exhausted due to the number of subscribers obtaining addresses from the pool, you can create a domain map that specifies that subscribers in a particular domain obtain addresses from a different pool. In another use of the domain map, you might create a new dynamic profile and then configure the domain map to specify which subscribers (by their domain) use that dynamic profile.

Note

Subscriber management is supported in the default logical system only. The documentation for the subscriber management domain mapping feature describes using the aaa-logical-system and target-logical-system statements to configure mapping to a non-default logical system. These statements are for future extensions of subscriber management.

Table 1 describes the access options and parameters you can configure in the domain map.

Table 1: Domain Map Options and Parameters

Option

Description

AAA logical system/routing instance

Logical system/routing instance in which AAA sends authentication and accounting requests for the subscriber sessions.

Subscriber management is supported in the default logical system only.

Access profile

Access profile applied to subscriber sessions.

Address pool

Address pool used to allocate addresses to subscribers.

Domain and realm name rules

Rules for domain and realm name usage, including domain name stripping, supported delimiters, and parse direction (delimiters and the parse direction are configured globally).

Dynamic profile

Dynamic profile applied to subscriber sessions.

PADN parameters

PPPoE route information for subscriber sessions.

Target logical system/routing instance

Logical system/routing instance to which the subscriber interface is attached.

Subscriber management is supported in the default logical system only.

Tunnel profile

Tunnel profile applied to subscriber sessions.

Types of Domain Maps and Their Order of Precedence

Starting in Junos OS Release 16.1, subscriber management uses a specific order when searching for a domain map that matches the subscriber domain name. The following list shows that order:

  • Exact match domain map—The subscriber domain name is an exact match to a configured domain map.

  • Wildcard domain map—The subscriber domain name is a partial match to a wildcard domain map.

  • default domain map—The subscriber domain name is neither an exact match nor a partial wildcard match to a domain map.

Note

If the subscriber username does not have a domain name, then no search is performed and the subscriber is associated with the none domain map, if configured.

Wildcard Domain Map

Starting in Junos OS Release 16.1, the wildcard domain map feature enables you to specify a domain name that is used by subscribers when there is no exact match to the subscriber’s domain name. For example, if you create a wildcard domain map with the name xyz*.example.com, subscribers with the domain names xyz.example.com, xyz-1234.example.com, xyz-eastern.example.com, and xyz-northern.example.com are all mapped to that wildcard domain if there was no exact match for the subscribers’ domain names. You can insert the asterisk wildcard character anywhere within the domain map to create the desired matching specification. Wildcard domain mapping is also used in cases where subscriber names are derived from the DHCPv4 Agent Remote ID (option 82 suboption 2) or the DHCPv6 Remote-ID (option 37).

Default Domain Map

You can configure a default domain map that the router uses for subscribers whose domain or realm name does not explicitly match any existing domain map, and also is not a partial match to a wildcard domain map. Specify the name default as the domain map domain-map-name.

For example, you might configure the default domain map to provide limited feature support for guest subscribers, such as a specific address pool used for guests or the routing instance that provides AAA services. When the router is unable to provide an exact or wildcard match for the guest subscriber, the router then uses the rules specified in the default domain map configuration to handle the guest subscriber’s request.

Domain Map for Subscriber Usernames With No Domain or Realm Name

In some cases a subscriber username might not include a domain name or realm name—you can configure a specific domain map that the router uses for these subscribers. Specify the name none as the domain map domain-map-name.

Benefits of Using Domain Maps

Domains maps simplify managing subscribers at scale by enabling you to make changes for a large number of subscribers in one operation. Domain maps provide granularity in applying changes to specific groups of subscribers based on your map definitions.

Related Documentation

Release History Table
Release
Description
Starting in Junos OS Release 16.1, subscriber management uses a specific order when searching for a domain map that matches the subscriber domain name.
Starting in Junos OS Release 16.1, the wildcard domain map feature enables you to specify a domain name that is used by subscribers when there is no exact match to the subscriber’s domain name.