Cisco Access Registrar

A. Cisco Access Registrar is a Remote Authentication Dial-In User Service (RADIUS) server, designed to meet the specific needs of service providers, including deployment, performance, scalability, resilience, and extensibility.

A. Cisco Access Registrar 4.0 is a major release that has a number of enhancements that will benefit a number of current and potential customers. Main features for AR 4.0 include Web-based Graphical User Interface (GUI), EAP-SIM draft 16 support, EAP-FAST, Microsoft Windows Domain Authentication support, Change of Authorization (CoA) among many other features.

A. Cisco Access Registrar delivers a fully featured and customizable RADIUS server so that service providers can focus on delivering revenue-generating services. The latest release, Cisco Access Registrar 4.0, provides functionality to deliver the latest Authentication, Authorization and Accounting server technology for broadband and mobile wireless networks, wireless LANs, and public wireless LANs.

A. Cisco Access Registrar is a mature, carrier-class RADIUS server that has been deployed at numerous service providers, both large and small, around the world. Originally developed by American Internet Corporation (AIC), Cisco Access Registrar has been deployed by service providers and large enterprises since 1998. AIC was acquired by Cisco that same year.

A. Directory/database capabilities allow Cisco Access Registrar to support authentication and authorization for millions of users. Multiple Cisco Access Registrar servers can reference a distributed directory/database. Additionally, Cisco Access Registrar supports replication of its internal database to allow multiple servers to be similarly configured. Cisco Access Registrar's multithreaded architecture provides performance that scales with additional CPUs. Together, these features allow Cisco Access Registrar to scale to support large service deployments with high call rates.

A. This depends on the request rate. It is possible to support hundreds or thousands of requests per second with a single server, although a second server is typically purchased for redundancy. Where multiple Cisco Access Registrar servers are deployed, each Cisco Access Registrar server may be a primary RADIUS server for a set of network access servers (NASs) and a backup for others. For example hardware specifications, please see the AR 4.0 Release Notes.

A. Cisco Access Registrar supports local flat-file accounting records, proxy RADIUS accounting or writing records directly to an Oracle or MySQL database. In addition, AR can be configured to use a combination of these accounting methods when processing an accounting request.

A. Cisco Access Registrar provides a number of extension points where customers or system integrators may extend the logic of the product via C/C++ shared libraries, Java or TCL scripts. These extension points allow access to incoming and outgoing RADIUS packets for complete processing control. Extension points also support the integration of completely proprietary AAA services with a RADIUS front end.

A. Yes. Cisco Systems maintains compatibility with the latest RADIUS standards to ensure that Cisco Access Registrar is interoperable with any RADIUS-compliant client, regardless of vendor. In addition, Cisco Access Registrar's attribute dictionary comes predefined with the attributes of many third-party vendors. Cisco Access Registrar's dictionary is extensible¾new attributes can be added at any time.

A. Cisco monitors AAA standards progress, and participates in developing new AAA standards. Cisco aims to be at the forefront of AAA technology and will consider supporting new protocols such as Diameter if it makes sense to their customers.

A. Apart from a fully patched and supported version of the operating system, Cisco Access Registrar is fully self-contained. It has a fast, built-in database that stores the server configuration and user information. No extra software is required to enforce user or group session limits, allocate IP addresses from IP pools defined in Cisco Access Registrar, configure Cisco Access Registrar to act as a RADIUS proxy, or to use the configuration replication feature.

A. Yes. Cisco Access Registrar can be configured to dynamically decide how to process requests based on any attribute in the packet, including but not limited to, username prefix or suffix, dialed number, or calling number. An access request can be processed locally using information in a Lightweight Directory Access Protocol (LDAP) directory server or an Oracle or MySQL database, forwarded to another RADIUS server, or through a combination of these methods. An accounting request can be processed locally into a file, forwarded to another RADIUS server, written to a database, or a combination of these methods.

A. In addition to the authorization process where attributes stored in Cisco Access Registrar's internal database or external database are returned in an access-accept packet, Cisco Access Registrar allows attributes in a RADIUS request, response, or proxy packet to be added, modified, or deleted.

A. Cisco Access Registrar is able to track user sessions. By tracking these sessions, Cisco Access Registrar can enforce session limits on a per-user or group basis. It can also manage shared resources, including IP addresses, home-agent assignment, and on-demand address pools (for Multiprotocol Label Switching [MPLS] VPNs).

A. Cisco Access Registrar supports the following RFCs: