Cisco SCMS SM LEGs User Guide, Rel 3.5.0
Chapter: Domain Association Algorithm
Domain Association Algorithm
This module describes the algorithm used for deciding the subscriber domain to which a subscriber should be logged on.
Domain Association Algorithm
The RADIUS Listener decides to which domain the subscriber should be logged on, according to the NAS that sent the Accounting-Start message.
However, if the only NAS the RADIUS Listener is configured with is the proxy device (as illustrated in the following diagram), which is the device from where the RADIUS Listener receives messages, the RADIUS listener cannot distinguish between NAS1 and NAS2 subscribers and cannot map them to different subscriber domains.
Figure 18-1 Example of when the only NAS that the RADIUS Listener is configured with is the Proxy Device
To solve the problem of distinguishing between two NAS devices, the following algorithm is used:
•
If a NAS-Identifier attribute exists in the Accounting-Start message and a NAS device is configured with that identifier, this NAS subscriber domain configuration is used.
•If the NAS-Identifier attribute does not exist, the same test will be performed on the NAS-IP-Address attribute. If the NAS-IP-Address attribute exists in the Accounting-Start message the NAS device was configured, this NAS domain configuration is used.
•Otherwise, the domain configured for the NAS identified by the Accounting-Start packet source IP address is used.
Using the RADIUS attributes provides the ability to distinguish between the two NAS devices.
Note If none of the three NAS identification characteristics (packet source IP, NAS-Identifier, or NAS-IP-Address) matches the RADIUS message, the message is dropped because of RADIUS packet processing reasons. The domain selection stage will not be performed.
Feedback