Cisco Prime Access Registrar (Prime Access Registrar) is a high performance, carrier class, 3GPP-compliant, 64-bit RADIUS/Diameter solution that provides scalable, flexible, intelligent authentication, authorization, and accounting (AAA) services.
Prime Access Registrar comprises a RADIUS/Diameter server designed from the ground up for performance, scalability, and extensibility for deployment in complex service provider environments including integration with external data stores and systems. Session and resource management tools track user sessions and allocate dynamic resources to support new subscriber service introductions.
Note Prime Access Registrar can be used with CentOS 6.5 and Red Hat Enterprise Linux (RHEL) 6.4/6.6/7.0 64-bit operating systems using kernel 2.6.32-358.0.1.el6.x86_64 and Glibc version: glibc-2.12-1.132.el6.x86_64.
This release note contains the following sections:
This section describes the system requirements to install and use the Prime Access Registrar software.
Table 1 lists the system requirements for Prime Access Registrar 7.1.
Table 1 Minimum Hardware and Software Requirements for Prime Access Registrar Server
Intel Xeon CPU 2.30 GHz
Co-Existence With Other Network Management Applications
To achieve optimal performance, Prime Access Registrar should be the only application running on a given server. In certain cases, when you choose to run collaborative applications such as a SNMP agent, you must configure Prime Access Registrar to avoid UDP port conflicts. The most common conflicts occur when other applications also use ports 2785 and 2786. For more information on SNMP configuration, see the Configuring SNMP section, in the Cisco Prime Access Registrar 7.1 Installation and Configuration Guide.
Enhanced Feature in Cisco Prime Access Registrar 220.127.116.11
This feature allows you to fetch EPSUserState from a User-Data-Answer (UDA) message on an Sh interface.
A user equipment (UE) can be bocked or allowed for voice over Wi-Fi (VoWiFi) call based on the EPSUserState value fetched from the UDA on an Sh interface.
To fetch EPSUserState, a User-Data-Request (UDR) message is sent with Current-Location = InitiateActiveLocationRetrieval, Data-Reference =UserState, Requested-Domain = PS-Domain, and Requested-Nodes = 1(MME).
The UDA contains a User-Data (or Sh-Data) AVP, which in turn contains the EPSUserState tag. EPSUserState can have one of the following values:
When UDA is received, Prime Access Registrar parses User-Data and extracts the EPSUserState tag from the User-Data AVP. User State is mapped to an environment variable EPSUserState. You can configure a script at 3GPP authorization service outgoing script, to check the EPSUserState environment variable. The request is accepted if the value is 4 (ConnectedReachableForPaging) and rejected for any other value.
[ //localhost/Radius/Scripts/removeUserData ]
Name = removeUserData
Language = Rex
Filename = libhomeepdgremoveuserdata.so
EntryPoint = homeEPDGRemoveUserData
3GPP Authorization Service Configuration
[ //localhost/Radius/Services/Homeepdg3gpp-auth ]
Name = Homeepdg3gpp-auth
Type = 3gpp-authorization
Protocol = diameter
OutgoingScript~ = removeUserData
SessionManager = sm1
DiameterProxyService = diaproxy
FetchLocationInformation = True
Enhanced Features in Cisco Prime Access Registrar 7.1
Prime Access Registrar 7.1 provides the following features:
Prime Access Registrar supports Oracle 12c client.
Prime Access Registrar enables location-based attributes within RADIUS and Diameter that can be used to convey location-related information for authentication and accounting services.
The GUI and CLI are updated with new fields/options to support this functionality.
Voice over Wi-Fi (VoWiFi) Location Based Authentication
Prime Access Registrar allows or blocks access to voice over Wi-Fi (VoWiFi) based on location information of the user equipment (UE). Prime Access Registrar uses Sh interface for fetching the location information of the UE.
Prime Access Registrar can be configured to run a script at 3GPP authorization service outgoing script to check the user location and reject/accept the UE based on the location information.
The GUI and CLI are updated with new fields/options to support this functionality. For more information about location-based authentication, refer to the “Wireless” chapter of the Cisco Prime Access Registrar 7.1 User Guide.
SCTP Multihoming Support for Diameter
Prime Access Registrar provides Stream Control Transmission Protocol (SCTP) multihoming support for Diameter client and remote server. With this feature, you can configure two source and destination addresses on the Diameter client and remote server.
Note When you use Prime Access Registrar with CentOS, ensure that you configure the Diameter SCTP client and remote servers with different source/destination ports.
The GUI and CLI are updated with new fields/options to support this functionality. For more information about SCTP support for Diameter, refer to the “Diameter” chapter of the Cisco Prime Access Registrar 7.1 User Guide.
OCSP Support for EAP-TLS
Prime Access Registrar allows you to configure Extensible Authentication Protocol - Transport Level Security (EAP-TLS) service to support Online Certificate Status Protocol (OCSP), which is used to check the status of X.509 digital certificates. This protocol can be used as an alternate to the certificate revocation list (CRL).
Fixed Anomalies in Cisco Prime Access Registrar 18.104.22.168
Table 2 lists the anomalies fixed in Prime Access Registrar 22.214.171.124 release.
Table 2 Fixed Anomalies in Prime Access Registrar 126.96.36.199
Prime Access Registrar does not work with Diameter service, if HSS responds slowly or after timeout value.
Prime Access Registrar initiates multiple CER messages to the same Diameter remote server.
Using the Bug Search Tool
Use the Bug Search tool (BST) to get the latest information about Cisco Prime Access Registrar bugs. BST allows partners and customers to search for software bugs based on product, release, and keyword, and it aggregates key data such as bug details, product, and version.
BST allows you to:
Quickly scan bug content
Configure e-mail notifications for updates on selected bugs
Start or join community discussions about bugs
Save your search criteria so you can use it later
When you open the Bug Search page, check the interactive tour to familiarize yourself with these and other Bug Search features.
Step 2 To search for a specific bug, enter the bug ID in the Search For field and press Return.
Step 3 To search for bugs in a particular release:
a. In the Search For field, enter the product name and the release version, e.g. Cisco Prime Access Registrar 7.1, and press Return. (Leave the other fields empty.)
b. When the search results are displayed, use the filter and sort tools to find the types of bugs you are looking for. You can search for bugs by severity, by status, how recently they were modified, according to the number of support cases associated with them, and so forth.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.