The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module describes the algorithm used for deciding the subscriber domain to which a subscriber should be logged on.
The RADIUS Listener decides to which domain the subscriber should be logged on, according to the NAS that sent the Accounting-Start message.
However, if the only NAS the RADIUS Listener is configured with is the proxy device (as illustrated in the following diagram), which is the device from where the RADIUS Listener receives messages, the RADIUS listener cannot distinguish between NAS1 and NAS2 subscribers and cannot map them to different subscriber domains.
Figure 18-1 Example of when the only NAS that the RADIUS Listener is configured with is the Proxy Device
To solve the problem of distinguishing between two NAS devices, the following algorithm is used:
•If a NAS-Identifier attribute exists in the Accounting-Start message and a NAS device is configured with that identifier, this NAS subscriber domain configuration is used.
•If the NAS-Identifier attribute does not exist, the same test will be performed on the NAS-IP-Address attribute. If the NAS-IP-Address attribute exists in the Accounting-Start message the NAS device was configured, this NAS domain configuration is used.
•Otherwise, the domain configured for the NAS identified by the Accounting-Start packet source IP address is used.
Using the RADIUS attributes provides the ability to distinguish between the two NAS devices.
Note If none of the three NAS identification characteristics (packet source IP, NAS-Identifier, or NAS-IP-Address) matches the RADIUS message, the message is dropped because of RADIUS packet processing reasons. The domain selection stage will not be performed.