Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure domain name stripping with Cisco Secure ACS

Core issue

Domain name stripping in Cisco Access Control Server (ACS) is useful when there is a combination of Virtual Private Dialup Network (VPDN) and non-VPDN users connnecting to the network. When a username sent  to Cisco IOS  Software includes an "@" sign (as in, and you need to  strip the domain name off the user's ID, you can use directed requests on the router or  the CiscoSecure software on the server.

The first time the users log in, the user name is autopopulated in ACS.  Since a user may come in as "DOMAIN\user" or as "user," names may appear in ACS as "DOMAIN\user" or as "user," resulting in both entries in the database. The duplicate entries can be avoided  by using domain stripping, where the prefix domain with the delimiter "\" can be erased to  have a consistent database.


For more information on configuring domain stripping, refer these documents:

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:06 PM
Updated by:
Labels (1)
Everyone's tags (3)