Example: Stripping Domain Name Per Virtual Router for RADIUS Server Authentication

This example illustrates the final username for a subscriber, based on the virtual router applied.

  1. Configure the five virtual routers.
    host(config)#profile VR1 host(config-profile)#ppp authentication virtual-router vr1 pap chap host(config-profile)#exit host(config)#profile VR2 host(config-profile)#ppp authentication virtual-router vr2 pap chap host(config-profile)#exit host(config)#profile VR3 host(config-profile)#ppp authentication virtual-router vr3 pap chap host(config-profile)#exit host(config)#profile VR4 host(config-profile)#ppp authentication virtual-router vr4 pap chap host(config-profile)#exit host(config)#profile VR5 host(config-profile)#ppp authentication virtual-router vr2 pap chap host(config-profile)#exit
  2. Access the context of a previously created virtual router and enable the strip domain functionality for each virtual router.
    host(config)#virtual-router vr1 host:vr1(config)#aaa strip-domain enable host:vr1(config)#aaa strip-domain delimiter domainName $ host:vr1(config)#aaa strip-domain parse-direction domainName left-to-right host:vr1(config)#radius authentication server 10.209.154.193 host:vr1(config)#key bras host:vr1(config)#exit host:vr1(config)#radius accounting server 10.209.154.193 host:vr1(config-radius)#key bras host:vr1(config-radius)#exit host:vr1(config)#virtual-router vr2 host:vr2(config)#aaa strip-domain enable host:vr2(config)#aaa strip-domain parse-direction domainName left-to-right host:vr2(config)#radius authentication server 10.209.154.194 host:vr2(config-radius)#key bras host:vr2(config-radius)#exit host:vr2(config)#radius accounting server 10.209.154.194 host:vr2(config-radius)#key bras host:vr2(config-radius)#exit host:vr2(config)#virtual-router vr3 host:vr3(config)#radius authentication server 10.209.154.193 host:vr3(config-radius)#key bras host:vr3(config-radius)#exit host:vr3(config)#radius accounting server 10.209.154.193 host:vr3(config-radius)#key bras host:vr3(config-radius)#exit host:vr3(config)#virtual-router vr4 host:vr4(config)#aaa strip-domain enable host:vr4(config)#aaa strip-domain delimiter domainName % host:vr4(config)#radius authentication server 10.209.154.194 host:vr4(config-radius)#key bras host:vr4(config-radius)#exit host:vr4(config)#radius accounting server 10.209.154.195 host:vr4(config-radius)#key bras host:vr4(config-radius)#exit host:vr4(config)#virtual-router vr5 host:vr5(config)#aaa strip-domain enable host:vr5(config)#radius authentication server 10.209.154.193 host:vr5(config-radius)#key bras host:vr5(config-radius)#exit host:vr5(config)#radius accounting server 10.209.154.192 host:vr5(config-radius)#key bras host:vr5(config-radius)#exit

Based on the configurations of the virtual routers, Table 12 lists the final username that is sent to the RADIUS server for RADIUS authentication and accounting for each virtual router.

Note:

  • The output of the show subscribers command does not display the final username of the subscriber. It displays the complete username, including the domain name (if available), of the subscriber for all virtual routers regardless of the status of the strip domain feature.
  • When you execute the show subscribers and logout subscribers commands with the username keyword, you must specify the complete username, including the domain name (if available), of the subscriber regardless of the status of the strip domain feature on a virtual router or AAA domain map.

Table 12: aaa strip-domain Example

Subscribers

Virtual Router Applied

Final User Name

user1@123.com$test

vr1

user1@123.com

user2@123.com$test

vr2

user2

user3@123.com$test

vr3

user3@123.com$test

user4@123.com%test

vr4

user4@123.com

user5@123.com@test$test

vr5

user5@123.com

Related Documentation