Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010 Configuration Manual page 106

JUNOSe 11.1.x Broadband Access Configuration Guide
NOTE: If there is no matching entry in the AAA profile for the user's domain name
or for the domain name default, then AAA continues processing as if there were no
AAA profile.
If the user's name does not contain a domain name, then AAA attempts to match
to the domain name none in the AAA profile. If there is no entry for none, then AAA
attempts to match for the domain name default in the AAA profile. If there is no
entry for either none or default, then AAA continues processing as if there were no
AAA profile.
In this example, an administrator wants to use aliases; that is, to associate multiple
Example 2
domain names with a specific domain name and not allow other domain names.
1.
2.
3.
4.
When configured as such, the following scenario is typical:
66
Configuring AAA Profiles
Searches forwardToXyz for a match on the domain name default.
Finds a match and continues as normal using the domain name xyz.com.
Create an AAA profile.
host1(config)#aaa profile toAbc
Map the original domain name to the mapped domain name for domain map
lookup.
host1(config-aaa-profile)#translate abc1.com abc.com
host1(config-aaa-profile)#translate abc2.com abc.com
host1(config-aaa-profile)#translate abc3.com abc.com
Specify the domain name you want to restrict.
host1(config-aaa-profile)#deny default
Associate the AAA profile with the designated PPP interface.
host1(config-if)#ppp aaa-profile toAbc
PPP passes the AAA profile toAbc to AAA in the authentication request.
AAA:
Receives the authentication request from PPP with the subscriber's name
jane@abc1.com
Parses the domain name abc1.com and examines the specified AAA profile
toAbc
Determines that the AAA profile toAbc is valid