Guest

Cisco Access Registrar

Cisco Access Registrar 4.2

  • Viewing Options

  • PDF (81.3 KB)
  • Feedback

Product Overview

Cisco ® Access Registrar is the leading Cisco RADIUS authentication, authorization, and accounting (AAA) server for the service provider market. It supports service provider deployment of access services by centralizing AAA information and simplifying provisioning and management. Cisco Access Registrar is a standards-based RADIUS and proxy RADIUS server designed for high performance, extensibility, and integration with external data stores and systems. It provides an ideal solution for service providers with mobile wireless, public WLAN, broadband, dial, and Voice over Internet Protocol (VoIP) services, networks, and WiMAX.
Table 1 lists the features of Cisco Access Registrar 4.2.

Table 1. Cisco Access Registrar 4.2 Features

Feature

Description

Authentication

Cisco Access Registrar supports a wide range of authentication including the latest Extensible Authentication Protocol (EAP) methods. User information can be stored in its internal database or external directories or databases.

Authorization

Cisco Access Registrar has user and group authorization. Session limits and IP address pools can be managed centrally, across multiple Cisco Access Registrar servers.

Accounting

Cisco Access Registrar's flexible accounting allows accounting records to be stored to local files, to external databases, proxies, or any combination of these methods.

RADIUS Proxy

Cisco Access Registrar provides rich RADIUS proxy functions including EAP proxy and failover and round-robin modes.

Customization

Cisco Access Registrar has the flexibility to implement complex realm and AAA policies used in today's multiple-technology service provider environments. It also provides interfaces for automated configuration provisioning and custom-built AAA methods.

Performance

Cisco Access Registrar's high-performance AAA processing increases return on investment (ROI) through lower hardware and server management costs.

New Features

The following features are new in Cisco Access Registrar 4.2:

Dynamic service authorization: Cisco Access Registrar 4.2 adds support for a new service that is selected by the existing mechanisms (such as the policy engine, scripts) and that has an option to set the variables (as appropriate to the phase the packet is in) to reauthenticate, reauthorize, or reaccount using another service. The idea here is to chain the services using this environment variable.

Session scalability: In Cisco Access Registrar 4.2 the number of sessions captured in a server is increased fourfold from its value of 1 million (that is, 4 million sessions per server with session caching).

Lightweight Directory Access Protocol (LDAP) version 3 client library and bind-based authentication: In Cisco Access Registrar 4.2 the existing LDAP client library is enhanced to support LDAPv3 with no extended features. LDAP remote server is enhanced to support bind-based authentication in addition to the existing password-fetch-based authentication.

Update Oracle client library and server: In Cisco Access Registrar 4.2 the existing Oracle client library and server are enhanced to support the Oracle 11g server through the Oracle 10g client library. Cisco Access Registrar 4.2 has been tested and certified with Oracle 9i/10g/11g servers through Oracle 9i/10g clients. Changes in the Oracle driver/driver manager support the latest client and server.

Certificate management with Certificate Revocation List (CRL): Cisco Access Registrar 4.2 has the provision to support CRL fetching and enforcement. The protocols supported for fetching CRLs are LDAP and HTTP.

Shared secret hiding: Cisco Access Registrar 4.2 adds a new property named HideSharedSecretAndPrivateKeys; when set to true, PrivateKeyPassword attribute in EAP based services and SharedSecret attribute under Remoteservers, Clients object will be masked and displayed as <encrypted>.

Support of T series Sun servers: Cisco Access Registrar 4.2 adds support for Sun T series servers. Benchmark testing with complex scripting and performance testing was done with the Sun T 5220 server.

Server virtualization support: Cisco Access Registrar 4.2 adds support for Sun virtualization technology Logical Domains (LDoms); this virtualization technology has been tested in a Solaris 10 environment. A Cisco Access Registrar 4.2 instance with session management in a Solaris server can go up to 900 Transactions Per Second (TPS) by using Sun virtualization technology (LDoms) on the same Solaris server; Cisco Access Registrar 4.2 with session management gives a significant performance increase of around 2700 TPS per server(6 LDoms, each LDom with 450 TPS).

WiMAX support: Cisco Access Registrar 4.2 adds support for WiMAX access technology following Network Working Group (NWG) version 1.1.0 of the stage III document (WiMAX Forum). The EAP method is used to facilitate WiMAX authentication by caching the IP attributes and mobility keys that are generated during network access authentication.

Upgrade Paths

Customers with Cisco Access Registrar 3.x or 4.x can upgrade to Cisco Access Registrar 4.2 by purchasing the appropriate upgrade license (Table 2).
Existing Cisco Access Registrar 4.x customers with Software Application Support (SAS) contracts can upgrade to Cisco Access Registrar 4.2 using the upgrade tool at http://www.cisco.com/upgrade.

Availability And Ordering Information

Cisco Access Registrar 4.2 and the associated upgrade kit started shipping November 20, 2008. Table 2 lists ordering information for Cisco Access Registrar 4.2.
To place an order, visit the Cisco Ordering Home page.

Table 2. Ordering Information for Cisco Access Registrar 4.2

Part Number

Description

AR-4.2-BASE-K9=

Cisco Access Registrar. Limited to 100 Transactions per Second

AR-4.2-100TPS=

Cisco Access Registrar additional license per server. Limited to 100 Transactions per Second

AR-4.2-200TPS=

Cisco Access Registrar additional license per server. Limited to 200 Transactions per Second

AR-4.2-500TPS=

Cisco Access Registrar additional license per server. Limited to 500 Transactions per Second

AR-4.2-1000TPS=

Cisco Access Registrar additional license per server. Limited to 1000 Transactions per Second

AR-4.2-2000TPS=

Cisco Access Registrar additional license per server. Limited to 2000 Transactions per Second

AR-4.2-3000TPS=

Cisco Access Registrar additional license per server. Limited to 3000 Transactions per Second

AR-4.2-5000TPS=

Cisco Access Registrar additional license per server. Limited to 5000 Transactions per Second

AR-4.2-SECONDARY=

Cisco Access Registrar Secondary license. Required for each secondary Server (either Backend or Stand-by)

AR-4.2-UP-3.X-K9=

Cisco Access Registrar 4.2 upgrade license for R3.x Customers, with or without SAS contract. Limit of 1000 Transactions per Second

AR-4.2-UP-4.X-K9=

Cisco Access Registrar 4.2 upgrade license for R4.0 and R4.1 Customers who don't have SAS contract. Limit of 1000 Transaction per Second

An evaluation copy of this product is also available through the Cisco Software Center. All customers must have Cisco.com access and permission to download encrypted information.

For More Information

For more information about Cisco Access Registrar, visit http://www.cisco.com/en/US/products/sw/netmgtsw/ps411/index.html, contact your local account representative, or send email to cns-ar-mkt@cisco.com.