Guest

Cisco Access Registrar

Cisco CNS Access Registrar 3.5 Q&A

  • Viewing Options

  • PDF (34.0 KB)
  • Feedback
Q&A

GENERAL QUESTIONS

Q. What is Cisco® Access Registrar?
A. Cisco Access Registrar is a Remote Authentication Dial-In User Service (RADIUS) server, designed to meet the specific needs of service providers, including deployment, performance, scalability, resilience, and extensibility.
Q. What are the benefits of Cisco Access Registrar?
A. Cisco Access Registrar delivers a fully featured and customizable RADIUS server so that service providers can focus on delivering revenue-generating services. The latest release, Cisco Access Registrar 3.5, provides functionality to deliver the latest authentication, authorization, and accounting (AAA) server technology for broadband and mobile wireless networks, wireless LANs, and public wireless LANs.
Q. How widely is Cisco Access Registrar deployed?
A. Cisco Access Registrar is a mature, carrier-class RADIUS server that has been deployed at numerous service providers, both large and small, worldwide. Originally developed by American Internet Corporation (AIC), Cisco Access Registrar has been deployed by service providers since 1998. AIC was aquired by Cisco Systems ® that same year.
Q. How widely is Cisco Access Registrar deployed?
A. Cisco Access Registrar is a mature, carrier-class RADIUS server that has been deployed at numerous service providers, both large and small, worldwide. Originally developed by American Internet Corporation (AIC), Cisco Access Registrar has been deployed by service providers since 1998. AIC was aquired by Cisco Systems ® that same year.
Q. What are the differences between Cisco Access Registrar, Cisco Secure Access Control Server for Windows and Cisco Secure Access Control Server for Unix?
A. Cisco Access Registrar is a RADIUS AAA server designed for subscriber access in service provider environments. In particular, it provides the configuration flexibility, scalability and performance that service providers require. Cisco Secure Access Control Server for Windows is a RADIUS and TACACS+ AAA server designed for enterprise environments. It provides RADIUS support for user access control, and TACACS+ support for administrative device access control. Included is a rich configuration interface and interfaces to common enterprise databases. Cisco Secure Access Control Server for Unix has support for both RADIUS and TACACS+. It is typically used when a customer requires a unix-based AAA server for administrative device access control. New features are not currently being developed for ACS for Unix.

TECHNICAL QUESTIONS

Q. Is Cisco Access Registrar scalable?
A. Directory and database capabilities allow Cisco Access Registrar to support authentication and authorization for millions of users. Multiple Cisco Access Registrar servers can reference a distributed directory or database. Additionally, Cisco Access Registrar supports replication of its internal database to allow multiple servers to be similarly configured. And its multithreaded architecture provides performance that scales with additional CPUs. Together, these features allow Cisco Access Registrar to scale to support large service deployments with high call rates.
Q. What hardware specification should I use?
A. This depends on the request rate. It is possible to support hundreds or thousands of requests per second with a single server, although a second server is typically purchased for redundancy. Where multiple Cisco Access Registrar servers are deployed, each server may be a primary RADIUS server for a set of network access servers (NASs) and a backup for others. For example hardware specifications, see the Cisco Access Registrar 3.5 Release Notes.
Q. What types of accounting and billing systems does Cisco Access Registrar support?
A. Cisco Access Registrar supports local flat-file accounting records, proxy RADIUS accounting, or writing records directly to an Oracle or MySQL database. In addition, Cisco Access Registrar can be configured to use a combination of these accounting methods when processing an accounting request.
These methods also allow either offline transfers or direct feeds of accounting records into a billing server.
Cisco Access Registrar provides a special billing interface, allowing billing vendors to integrate their systems into Cisco Access Registrar for prepaid functionality. Digiquant and Sicap are the first billing vendors to use this interface.
Q. What are Cisco Access Registrar extensions?
A. Cisco Access Registrar provides a number of extension points where customers or system integrators may extend the logic of the product through C or C++ shared libraries, Java , or TCL scripts. These extension points allow access to incoming and outgoing RADIUS packets for complete processing control. Extension points also support the integration of completely proprietary AAA services with a RADIUS front end.
Q. Is Cisco Access Registrar compatible with equipment from other vendors?
A. Yes. Cisco maintains compatibility with the latest RADIUS standards to ensure that Cisco Access Registrar is compatible with any RADIUS-compliant client, independent of vendor. In addition, the attribute dictionary in Cisco Access Registrar is predefined with the attributes of many third-party vendors. This dictionary is extensible ¾new attributes can be added at any time.
Q. Will Cisco Access Registrar support new AAA protocols such as Diameter?
A. Cisco monitors AAA standards progress and participates in developing new AAA standards. Cisco aims to be at the forefront of AAA technology and will consider supporting new protocols such as Diameter if it makes sense to Cisco customers.
Q. What, if any, additional software is needed to use Cisco Access Registrar?
A. Apart from a fully patched and supported version of the operating system, nothing-Cisco Access Registrar is fully self-contained. It has a fast, built-in database that stores the server configuration and user information. No extra software is required to enforce user or group session limits, to allocate IP addresses from IP pools defined in Cisco Access Registrar, to configure Cisco Access Registrar to act as a RADIUS proxy, or to use the configuration replication feature.
Q. Can Cisco Access Registrar process RADIUS requests differently based on attributes in the request?
A. Yes. Cisco Access Registrar can be configured to dynamically decide how to process requests based on any attribute in the packet, including but not limited to user name prefix or suffix, dialed number, or calling number. An access request can be processed locally using information in a Lightweight Directory Access Protocol (LDAP) directory server or Oracle/MySQL database, forwarded to another RADIUS server, or using a combination of these methods. An accounting request can be processed locally into a file, forwarded to another RADIUS server, written to a database, or a combination of these.
Q. Can Cisco Access Registrar be configured to modify attributes in a RADIUS packet?
A. In addition to the authorization process where attributes stored in its internal database or external database are returned in an access-accept packet, Cisco Access Registrar allows attributes in a RADIUS request, response, or proxy packet to be added, modified, or deleted.
Q. What session management features does Cisco Access Registrar have?
A. Cisco Access Registrar is able to track user sessions. By tracking these sessions, Cisco Access Registrar can enforce session limits on a per-user or group basis. It can also manage shared resources, including IP addresses, home-agent assignment, and on-demand address pools (for Multiprotocol Label Switching virtual private networks).
Cisco Access Registrar maintains an in-memory table of active user sessions and can be configured to store RADIUS attributes in the session table. AR 3.5.2 allows applications on the network to query this session table using XML queries.
Cisco Access Registrar 3.5 adds the ability to query sessions by their age, then release them and generate a Packet of Disconnect (PoD) if necessary.
Session management can take place, independently, on each Cisco Access Registrar server in the network, or one Cisco Access Registrar server can be designated to perform this function for the other Cisco Access Registrar servers in the network to provide centralized session management.
Q. What standards are supported by Cisco Access Registrar?
A. Cisco Access Registrar provides support for the following RFCs:
2865 RADIUS
2866 RADIUS Accounting
2867 RADIUS Accounting Modifications for Tunnel Protocol Support
2868 RADIUS Attributes for Tunnel Protocol Support
3576 Dynamic Authorization Extensions (updates RFC2869) (PoD support only)
3579 RADIUS Support for EAP (updates RFC2869)
2618 RADIUS Authentication Client MIB
2619 RADIUS Authentication Server MIB
2620 RADIUS Accounting Client MIB
2621 RADIUS Accounting Server MIB
Cisco Access Registrar supports the following drafts:
EAP-SIM draft 11 (draft-haverinen-pppext-eap-sim-11.txt)
Digest Authentication over RADIUS (draft-sterman-aaa-sip-00.txt)

ORDERING AND FULLFILLMENT INFORMATION

Q. How do I order Cisco Access Registrar?
A. LMS is available through Cisco direct and channel sales representatives LMS is available through Cisco direct and channel sales representatives.
Q. Are software support contracts available and how are they ordered?
A. Yes. You can purchase an extended service Software Application Support (SAS) contract that provides access to technical support, access to the Cisco.com Software Center, and patches to the Cisco AR product.
Q. What are the current update and upgrade paths for Cisco AR?
A. Cisco AR includes an upgrade kit for existing 1.X and 3.X customers (AR-3.5-UP-K9). If you have SAS for Cisco AR 3.X, you can go to the Cisco.com Software Center and download the Cisco AR minor update. The Cisco AR upgrade is available now through normal Cisco sales channels.