 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To create the username in the authentication request, the router uses the trigger, dial-out route, domain name, and optional Multiprotocol Label Switching (MPLS) route distinguisher (RD). The username is constructed as follows:
-
[MPLS RD]/{trigger destination address}@domain-name
For example, given a dial-out route with an IP prefix of 10.10.0.0/16, a domain name of L2TP-dial-out.de.dt, and an MPLS RD of 0.0.0.0:65000, if a trigger packet arrives with a destination IP address of 10.10.1.1, the router creates the following username:
- 0.0.0.0:65000/10.10.1.1@L2TP-dial-out.de.dt
No password is offered, and the authentication request is passed to the S-series AAA server for normal authentication processing.
Using the above example, the AAA domain map processes the L2TP-dial-out.de.dt domain as for any other domain. If RADIUS authentication is configured for the authenticating virtual router (VR) context, AAA passes the authentication request to the E-series RADIUS client. The RADIUS authentication request is consistent with other requests, except that the Service-Type attribute is set to outbound (value of 5).
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |