Cisco Access Registrar

Cisco Access Registrar 4.1

  • Viewing Options

  • PDF (156.1 KB)
  • Feedback



Q. What is Cisco ® Access Registrar?
A. Cisco Access Registrar is a RADIUS server that is designed to meet the specific needs of service providers, including deployment, performance, scalability, resilience, and extensibility requirements.
Q. What is new for Cisco Access Registrar 4.1?
A. Cisco Access Registrar 4.1 is a minor release with some enhancements and bug fixes that will benefit a number of current and potential customers. The primary features of Release 4.1 include Extensible Authentication Protocol Tunneled Transport Layer Security (EAP TTLS), RFC 4186 EAP-SIM support, Microsoft Wireless Provisioning Services (WPS) support, and Query and Notify on Session Cache, among many other features.
Q. What are the benefits of Cisco Access Registrar?
A. Cisco Access Registrar delivers a fully featured and customizable RADIUS server so that service providers can focus on delivering revenue generating services. The latest release, Cisco Access Registrar 4.1, provides functionality to deliver the latest authentication, authorization, and accounting server technology for broadband and mobile wireless networks, wireless LANs, and public          wireless LANs.
Q. How widely is Cisco Access Registrar deployed?
A. Cisco Access Registrar is a mature, carrier-class RADIUS server that has been deployed worldwide by numerous large enterprises and service providers, both large and small, since 1998.


Q. Is Cisco Access Registrar scalable?
A. Directory and database capabilities allow Cisco Access Registrar to support authentication and authorization for millions of users. Multiple Cisco Access Registrar servers can reference a distributed directory or database. Additionally, Cisco Access Registrar supports replication of its internal database to allow multiple servers to be similarly configured. Cisco Access Registrar's multithreaded architecture provides performance that scales with additional CPUs. Together, these features allow Cisco Access Registrar to scale to support large service deployments with high call rates.
Q. What hardware specification should I use?
A. This depends on the request rate. It is possible to support hundreds or thousands of requests per second with a single server, although a second server is typically purchased for redundancy. Where multiple Cisco Access Registrar servers are deployed, each Cisco Access Registrar server may be a primary RADIUS server for a set of network access servers (NASs) and a backup for others. For example hardware specifications, please see the Cisco Access Registrar 4.1 Release Notes.
Q. What types of accounting and billing systems does Cisco Access Registrar support?
A. Cisco Access Registrar supports local flat-file accounting records, proxy RADIUS accounting, or writing records directly to an Oracle or MySQL database. In addition, Cisco Access Registrar can be configured to use a combination of these accounting methods when processing an accounting request.

These methods also allow either offline transfers or direct feeds of accounting records into a billing server.

Cisco Access Registrar provides a special billing interface, allowing billing vendors to integrate their systems into Cisco Access Registrar for prepaid functionality.
Q. What are Cisco Access Registrar extensions?
A. Cisco Access Registrar provides a number of extension points where customers or system integrators may extend the logic of the product via C/C++ shared libraries, Java, or TCL scripts. These extension points allow access to incoming and outgoing RADIUS packets for complete processing control. Extension points also support the integration of completely proprietary authentication, authorization, and accounting (AAA) services with a RADIUS front end.
Q. Is Cisco Access Registrar compatible with equipment from other vendors?
A. Yes. Cisco Systems ® maintains compatibility with the latest RADIUS standards to help ensure that Cisco Access Registrar is interoperable with any RADIUS-compliant client, regardless of vendor. In addition, Cisco Access Registrar's attribute dictionary comes predefined with the attributes of many third-party vendors. Cisco Access Registrar's dictionary is extensible ¾new attributes can be added at any time.
Q. Will Cisco Access Registrar support new AAA protocols such as Diameter?
A. Cisco monitors AAA standards progress, and participates in developing new AAA standards. Cisco aims to be at the forefront of AAA technology and will consider supporting new protocols such as Diameter if it will benefit customers.
Q. What, if any, additional software is needed to use Cisco Access Registrar?
A. Apart from a fully patched and supported version of the operating system, Cisco Access Registrar is fully self-contained. It has a fast, built-in database that stores the server configuration and user information. No extra software is required to enforce user or group session limits, allocate IP addresses from IP pools defined in Cisco Access Registrar, configure Cisco Access Registrar to act as a RADIUS proxy, or to use the configuration replication feature.
Q. Can Cisco Access Registrar process RADIUS requests differently based on attributes in the request?
A. Yes. Cisco Access Registrar can be configured to dynamically decide how to process requests based on any attribute in the packet, including but not limited to, username prefix or suffix, dialed number, or calling number. An access request can be processed locally using information in a Lightweight Directory Access Protocol (LDAP) directory server or an Oracle or MySQL database, forwarded to another RADIUS server, or through a combination of these methods. An accounting request can be processed locally into a file, forwarded to another RADIUS server, written to a database, or a combination of these methods.
Q. Can Cisco Access Registrar be configured to modify attributes in a RADIUS packet?
A. In addition to the authorization process where attributes stored in Cisco Access Registrar's internal database or external database are returned in an access-accept packet, Cisco Access Registrar allows attributes in a RADIUS request, response, or proxy packet to be added, modified, or deleted.
Q. What session-management features does Cisco Access Registrar have?
A. Cisco Access Registrar is able to track user sessions. By tracking these sessions, Cisco Access Registrar can enforce session limits on a per-user or group basis. It can also manage shared resources, including IP addresses, home-agent assignment, and on-demand address pools (for Multiprotocol Label Switching [MPLS] VPNs).

Cisco Access Registrar maintains an in-memory table of active user sessions. It can be configured to store RADIUS attributes in the session table. Cisco Access Registrar allows applications on the network to query this session table using either RADIUS or Extensible Markup Language (XML) queries from the 4.1 release.

Cisco Access Registrar can query sessions by their age, then release them and generate a Packet of Disconnect (PoD) if necessary.

Session management can take place, independently, on each Cisco Access Registrar in the network, or one Cisco Access Registrar server can be designated to perform this function for the other Cisco Access Registrar servers in the network to provide centralized session management.
Q. What standards are supported by Cisco Access Registrar?
A. Cisco Access Registrar supports the following RFCs:


2866 RADIUS Accounting

2867 RADIUS Accounting Modifications for Tunnel Protocol Support

2868 RADIUS Attributes for Tunnel Protocol Support

3576 Dynamic Authorization Extensions

3579 RADIUS Support for EAP (updates RFC 2869)

2618 RADIUS Authentication Client MIB

2619 RADIUS Authentication Server MIB

2620 RADIUS Accounting Client MIB

2621 RADIUS Accounting Server MIB

4186 Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)

Cisco Access Registrar supports the following drafts:

• Digest Authentication over RADIUS (draft-sterman-aaa-sip-00.txt)