Cisco Cisco IOS Software Releases 12.2 B
1
Cisco IOS Release 12.2(15)B
Radius-Server Domain-Stripping Enhancements
Feature History
This document describes the Radius-Server Domain-Stripping Enhancements feature in Cisco IOS
Release 12.2(15)B. It includes the following sections:
Release 12.2(15)B. It includes the following sections:
•
•
•
•
•
•
Feature Overview
The Radius-Server Domain-Stripping Enhancements feature introduces two new configuration options
to the radius-server domain-stripping command—the right-to-left and delimiter options.
to the radius-server domain-stripping command—the right-to-left and delimiter options.
Before this feature, whenever the radius-server domain-stripping command was enabled, the
authentication, authorization, and accounting (AAA) username format “user@company.com” could be
sent to remote RADIUS servers only in the reformatted username “user.” (That is, the reformatted
username was formed from the original string but terminated at the first “@” character going from left
to right.) This functionality limited the choice of usernames if there were more than one “@” character
within the string. It also limited the domain delimiter to the “@” character because any other possible
characters (such as the “%” character) could not be used. The right-to-left and delimiter options address
these limitations in the following ways:
authentication, authorization, and accounting (AAA) username format “user@company.com” could be
sent to remote RADIUS servers only in the reformatted username “user.” (That is, the reformatted
username was formed from the original string but terminated at the first “@” character going from left
to right.) This functionality limited the choice of usernames if there were more than one “@” character
within the string. It also limited the domain delimiter to the “@” character because any other possible
characters (such as the “%” character) could not be used. The right-to-left and delimiter options address
these limitations in the following ways:
•
The right-to-left option parses the username in the reverse direction (from right to left) so that the
username “user@company.com” can also be sent in AAA requests.
username “user@company.com” can also be sent in AAA requests.
•
The delimiter option configures a combination of characters (@, $,%, /, -, and \) to be the set if
domain delimiter characters.
domain delimiter characters.
Note
Any of domain delimiters in the configured subset can be recognized, but whichever character
comes first when searching the original username string is recognized first.
comes first when searching the original username string is recognized first.
Release
Modification
12.2(15)B
This feature was introduced on the Cisco 7200 series and Cisco 7400 ASR.