Cisco® Access Registrar is the leading Cisco RADIUS authentication, authorization, and accounting (AAA) server for the service provider market. It supports service provider deployment of access services by centralizing AAA information and simplifying provisioning and management. Cisco Access Registrar is a standards-based RADIUS and proxy RADIUS server designed for high performance, extensibility, and integration with external data stores and systems. It provides an ideal solution for service providers with mobile wireless, public WLAN, broadband, dial, and Voice over Internet Protocol (VoIP) services, networks, and WiMAX.
Table 1 lists the features of Cisco Access Registrar 4.2.
Table 1. Cisco Access Registrar 4.2 Features
Cisco Access Registrar supports a wide range of authentication including the latest Extensible Authentication Protocol (EAP) methods. User information can be stored in its internal database or external directories or databases.
Cisco Access Registrar has user and group authorization. Session limits and IP address pools can be managed centrally, across multiple Cisco Access Registrar servers.
Cisco Access Registrar's flexible accounting allows accounting records to be stored to local files, to external databases, proxies, or any combination of these methods.
Cisco Access Registrar provides rich RADIUS proxy functions including EAP proxy and failover and round-robin modes.
Cisco Access Registrar has the flexibility to implement complex realm and AAA policies used in today's multiple-technology service provider environments. It also provides interfaces for automated configuration provisioning and custom-built AAA methods.
Cisco Access Registrar's high-performance AAA processing increases return on investment (ROI) through lower hardware and server management costs.
The following features are new in Cisco Access Registrar 4.2:
• Dynamic service authorization: Cisco Access Registrar 4.2 adds support for a new service that is selected by the existing mechanisms (such as the policy engine, scripts) and that has an option to set the variables (as appropriate to the phase the packet is in) to reauthenticate, reauthorize, or reaccount using another service. The idea here is to chain the services using this environment variable.
• Session scalability: In Cisco Access Registrar 4.2 the number of sessions captured in a server is increased fourfold from its value of 1 million (that is, 4 million sessions per server with session caching).
• Lightweight Directory Access Protocol (LDAP) version 3 client library and bind-based authentication: In Cisco Access Registrar 4.2 the existing LDAP client library is enhanced to support LDAPv3 with no extended features. LDAP remote server is enhanced to support bind-based authentication in addition to the existing password-fetch-based authentication.
• Update Oracle client library and server: In Cisco Access Registrar 4.2 the existing Oracle client library and server are enhanced to support the Oracle 11g server through the Oracle 10g client library. Cisco Access Registrar 4.2 has been tested and certified with Oracle 9i/10g/11g servers through Oracle 9i/10g clients. Changes in the Oracle driver/driver manager support the latest client and server.
• Certificate management with Certificate Revocation List (CRL): Cisco Access Registrar 4.2 has the provision to support CRL fetching and enforcement. The protocols supported for fetching CRLs are LDAP and HTTP.
• Shared secret hiding: Cisco Access Registrar 4.2 adds a new property named HideSharedSecretAndPrivateKeys; when set to true, PrivateKeyPassword attribute in EAP based services and SharedSecret attribute under Remoteservers, Clients object will be masked and displayed as <encrypted>.
• Support of T series Sun servers: Cisco Access Registrar 4.2 adds support for Sun T series servers. Benchmark testing with complex scripting and performance testing was done with the Sun T 5220 server.
• Server virtualization support: Cisco Access Registrar 4.2 adds support for Sun virtualization technology Logical Domains (LDoms); this virtualization technology has been tested in a Solaris 10 environment. A Cisco Access Registrar 4.2 instance with session management in a Solaris server can go up to 900 Transactions Per Second (TPS) by using Sun virtualization technology (LDoms) on the same Solaris server; Cisco Access Registrar 4.2 with session management gives a significant performance increase of around 2700 TPS per server(6 LDoms, each LDom with 450 TPS).
• WiMAX support: Cisco Access Registrar 4.2 adds support for WiMAX access technology following Network Working Group (NWG) version 1.1.0 of the stage III document (WiMAX Forum). The EAP method is used to facilitate WiMAX authentication by caching the IP attributes and mobility keys that are generated during network access authentication.
Customers with Cisco Access Registrar 3.x or 4.x can upgrade to Cisco Access Registrar 4.2 by purchasing the appropriate upgrade license (Table 2).
Existing Cisco Access Registrar 4.x customers with Software Application Support (SAS) contracts can upgrade to Cisco Access Registrar 4.2 using the upgrade tool at http://www.cisco.com/upgrade.
Availability And Ordering Information
Cisco Access Registrar 4.2 and the associated upgrade kit started shipping November 20, 2008. Table 2 lists ordering information for Cisco Access Registrar 4.2.