The Radius-Server Domain-Stripping Enhancements feature introduces two new configuration options
to the radius-server domain-stripping command—the right-to-left and delimiter options.

Before this feature, whenever the radius-server domain-stripping command was enabled, the
authentication, authorization, and accounting (AAA) username format “user@company.com” could be
sent to remote RADIUS servers only in the reformatted username “user.” (That is, the reformatted
username was formed from the original string but terminated at the first “@” character going from left
to right.) This functionality limited the choice of usernames if there were more than one “@” character
within the string. It also limited the domain delimiter to the “@” character because any other possible
characters (such as the “%” character) could not be used. The right-to-left and delimiter options address
these limitations in the following ways:

•

The right-to-left option parses the username in the reverse direction (from right to left) so that the
username “user@company.com” can also be sent in AAA requests.

•

The delimiter option configures a combination of characters (@, $,%, /, -, and \) to be the set if
domain delimiter characters.

Note

Any of domain delimiters in the configured subset can be recognized, but whichever character
comes first when searching the original username string is recognized first.

Release

Modification

12.2(15)B

This feature was introduced on the Cisco 7200 series and Cisco 7400 ASR.