Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

sub-domain

Syntax

Hierarchy Level

Description

You can configure subdomains under a domain map. Subdomain allows you to select different access-profile for users within the same domain different VLAN ID or VLAN ID range. Subdomain gives the flexibility to differentiate the users in a domain. It provides different services per the profile configuration.

The options available at the domain map level are also available at the subdomain. But the options defined for a subdomain are independent from other subdomains and the options at the domain map level.

Characteristics of a Subdomain

  • Subdomain configuration within a domain takes the higher precedence than the domain map level configuration.

  • The qualifier option is mandatory to define a subdomain.

  • Qualifiers (VLAN ID) cannot have any overlap within a domain.

  • You can configure maximum of 16 subdomains within a domain.

Here're some examples of different types of subdomain configurations and their behavior.

  1. Access profile configuration in a domain with VLAN ID qualifier using subdomain.

    This configuration creates different access profiles using the VLAN ID qualifier and subdomain.

  2. Access profile and strip domain configuration through domain map.

    The intention of this configuration is to use the domain map for an access profile selection, then strip the domain name. For each subdomain you can assign different access profile depending on the VLAN ID, but the strip-domain kept common for all cases. Though it appears a repeat configuration in subdomain, since the subdomain is totally independent, it gives better flexibility when it comes to assign modifiers selectively.

  3. Domain map and subdomain configuration for completely independent attribute selection.

    For the same domain abc.com, each subdomain and unqualified domain map (top level) is independently defining its actions. VLAN ID is the qualifier for subdomain, which takes precedence and overrides the unqualified attributes with independent set available in the qualified subdomain.

  4. Configure an empty subdomain.

    This configuration creates an empty subdomain with a set of VLAN ranges. This configuration is an example to exclude the users of the same domain depending on their VLAN ID.

    Any user login qualifying for the subdomain match do not apply any options. All the other non-matching users in the domain get the options from un-qualified top level domain map.

  5. Invalid subdomain configuration (overlapping VLAN ID ranges in subdomains).

    This configuration gets rejected during commit. The qualifiers within the same domain map cannot have any overlap.

    Example of an error message while trying such invalid subdomain configuration commit:

Options

sub-domain name

Name of a subdomain.
aaa-logical-system

Logical system used for applying AAA services.
aaa-routing-instance

Routing instance used for applying AAA services.

  • default—Default routing instance.

  • name—Name of the routing instance you want to configure.
target-routing-instance

Specify the routing instance of the subscriber context.

  • default—Default routing instance.

  • name—Name of the routing instance you want to configure.
access-profile profile-name

Name of an access profile.
address-pool

Specify the address pool used to assign addresses to subscribers associated with the domain map.
dynamic-profile

Specify the dynamic profile that is used for subscriber sessions associated with the subdomain.
override-chap-password

Use this CHAP password for authentication.
override-password

Use this password for authentication.
strip-domain

Enable domain name stripping from the username.
strip-username

Enable user name stripping from the username.

  • left-to-right—Strip to first domain delimiter on the left.

  • right-to-left—Strip to first domain delimiter on the right.
tunnel-profile

Specify the tunnel profile that provides definitions for tunnels associated with the subdomain.
using-user-password

Send overridden CHAP-Password using User-Password.

Required Privilege Level

access—To view this statement in the configuration.

access-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 21.3R1.

Related Documentation