Mapping User Requests Without A Configured Domain Name; Using Dnis; Redirected Authentication - Juniper JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010 Configuration Manual
For e series broadband services routers - broadband access configuration
Hide thumbs
Also See for JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010:
- Configuration manual (712 pages)
Table of Contents
Advertisement
Mapping User Requests Without a Configured Domain Name
You can map a domain name called none to a specific virtual router so that the router
can map user names that do not contain a domain name.
If a user request is submitted without a domain name, the router looks for a mapping
between the domain name none and a virtual router. If a match is found, the user's
request is processed according to the RADIUS server configured for the named virtual
router. If the router does not find the domain name none, it checks for the domain
name default. If no matching entries are found, the router sends the request to the
server configured on the default virtual router.
Using DNIS
The E Series router supports dialed number identification service (DNIS). With DNIS,
if users have a called number associated with them, the router searches the domain
map for the called number. If it finds a match, the router uses the matching domain
map entry information to authenticate the user. If the router does not find a match,
it searches the domain map using normal processing.
NOTE: For DNIS to work, the router must be acting as the LNS. Also, the phone
number configured in the aaa domain-map command must be an exact match to
the value passed by L2TP in the called number AVP (AVP 21).
For example, as specified in the following sequence, a user calling 9785551212
would be terminated in vrouter_88, while a user calling 8005554433 is terminated
in vrouter_100.
Redirected Authentication
Redirected authentication provides a way to offload AAA activity on the router, by
providing the domain-mapping-like feature remotely on the RADIUS server. Redirected
authentication works as follows:
1.
2.
3.
To maintain local control, the only VR allowed to redirect authentication is the default
VR. Also, to prevent loopbacks, the redirection may occur only once to a non-default
VR.
host1(config)#aaa domain-map 9785551212 vrouter_88
host1(config)#aaa domain-map 8005554433 vrouter_100
The router sends an authentication request (in the form of a RADIUS
access-request message) to the RADIUS server that is configured in the default
VR.
The RADIUS server determines the user's AAA VR context and returns this
information in a RADIUS response message to the router.
The router then behaves in similar fashion as if it had received the VR context
from the local domain map.
Chapter 1: Configuring Remote Access
Mapping a User Domain Name to a Virtual Router
9
Advertisement
Table of Contents
Troubleshooting
