BRAS User Domain Classification
The BRAS supports the following types of domains.
Domain Type |
Description |
|---|---|
Pre-authentication default domain |
This domain is used by only web and fast authentication users to obtain IP addresses. After a user obtains an IP address using the user name bound to this domain, the user can obtain control authorities based on the user group configured in the domain. If a web authentication user is authenticated in this domain, the user is only allowed to access the web authentication server and DNS server. (The access rights are controlled using UCL groups and ACLs.) If no pre-authentication default domain is configured on a BAS interface, default0 is used as the pre-authentication default domain. |
Authentication default domain |
If a user enters a user name that does not contain a domain name during authentication, the user uses the authentication, accounting, and RADIUS schemes configured in the authentication default domain. If no authentication default domain is configured on a BAS interface, default1 is used as the authentication default domain. |
Mandatory authentication default domain |
A user uses the authentication, accounting, and RADIUS schemes configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name remains unchanged during authentication; if the user name does not contain a domain name, the mandatory authentication default domain name is added to the user name. |
Mandatory substitute authentication domain |
A user uses the authentication, accounting, and RADIUS schemes configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name is replaced by the mandatory substitute authentication domain name during authentication; if the user name does not contain a domain name, the mandatory substitute authentication domain name is added to the user name. |
Roaming domain |
A roaming domain policy can be applied only when a user name contains a domain name. If the domain name has not been configured on the BRAS, the user uses the authentication, accounting, and RADIUS schemes configured in the roaming domain. The user name remains unchanged during authentication. If no roaming domain is configured on a BAS interface, default1 is used as the roaming domain. |
Authentication domain |
It is the domain name contained in a user name. When a user enters a user name (a domain name is contained and has been configured on the BRAS, and no mandatory authentication default domain or substitute authentication domain is configured on the BAS interface), the user uses the authentication, accounting, and RADIUS schemes configured in this domain. |
Permit domain |
It is a domain that BAS access users are allowed to access. |