Cisco Prime Access Registrar 6.0.1 Release Notes

Table Of Contents

Cisco Prime Access Registrar 6.0.1
Release Notes

Contents

New and Enhanced Features in Cisco Prime Access Registrar 6.0.1

TACACS+ Command Authorization Support

SIGTRAN-M3UA Enhancements

Map Restore Data Authorization Support

MSISDN to IMSI Reverse Translation Support

SCTP Multihoming Support

Multiple Remote Server Support

Support for Blacklisting IMSI Values

Solaris 10 Support

Enhancements in Cisco Prime Access Registrar 6.0.1.1

Enhancements in Cisco Prime Access Registrar 6.0.1

System Requirements

Co-Existence With Other Network Management Applications

Cisco Prime Access Registrar 6.0.1 Licensing

Bugs

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.3

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.2

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.1

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1

Known Anomalies in Cisco Prime Access Registrar 6.0.1.3

Known Anomalies in Cisco Prime Access Registrar 6.0.1.2

Known Anomalies in Cisco Prime Access Registrar 6.0.1.1

Known Anomalies in Cisco Prime Access Registrar 6.0.1

Important Notes

Related Documentation

Obtaining Documentation and Submitting a Service Request

Cisco Prime Access Registrar 6.0.1
Release Notes

---

Cisco Prime Access Registrar (Prime Access Registrar) is a high performance, carrier class RADIUS/Diameter solution that provides scalable, flexible, intelligent authentication, authorization, and accounting (AAA) services.

Prime Access Registrar comprises a RADIUS/Diameter server designed from the ground up for performance, scalability, and extensibility for deployment in complex service provider environments including integration with external data stores and systems. Session and resource management tools track user sessions and allocate dynamic resources to support new subscriber service introductions.

---

Note Prime Access Registrar can be used with Solaris 10, or Red Hat Enterprise Linux 5.3/5.4/5.5/6.0/6.1/6.2 32-bit /64-bit operating system (with 32-bit library is only for 64-bit operating system) using kernel 2.6.18-128.el5 or later versions of 2.6, and Glibc version: glibc-2.5-34 or later.

---

Contents

This release note contains the following sections:

•New and Enhanced Features in Cisco Prime Access Registrar 6.0.1

•Enhancements in Cisco Prime Access Registrar 6.0.1.1

•Enhancements in Cisco Prime Access Registrar 6.0.1

•System Requirements

•Cisco Prime Access Registrar 6.0.1 Licensing

•Bugs

•Related Documentation

•Obtaining Documentation and Submitting a Service Request

New and Enhanced Features in Cisco Prime Access Registrar 6.0.1

Prime Access Registrar introduces the following features:

•TACACS+ Command Authorization Support

•SIGTRAN-M3UA Enhancements

TACACS+ Command Authorization Support

Prime Access Registrar provides command authorization support to authorize the cmd mode commands. Command authorization is based on device access rules and the decision to authorize is based on command sets and conditions or expressions defined for the access rules. They determine whether to authorize a set of commands for the user or not.

If you enable TACACS+ command authorization for a service, you must define the following:

•Command sets—You must configure the list of commands with the arguments and the action to perform: permit or deny.

•Device access rules—You must configure the conditions or expressions and the command sets that are applicable to the access rule if the conditons are met.

•Service—You must enable the device access and associate the device access rules for the service.

When a packet enters the service, it selects the first device access rule and evaluates the condition. If the condition is met, then the service applies the device access rule for the request. If the command that is processed matches a command listed in the command set, the service decides on whether to permit the command for the user or not based on the permissions set up.

SIGTRAN-M3UA Enhancements

Prime Access Registrar provides the following enhancements for SIGTRAN-M3UA:

•Map Restore Data Authorization Support

•MSISDN to IMSI Reverse Translation Support

•SCTP Multihoming Support

•Multiple Remote Server Support

•Support for Blacklisting IMSI Values

•Solaris 10 Support

Map Restore Data Authorization Support

Prime Access Registrar provides the Map Restore Data functionality to fetch the profile information of a subscriber from the HLR. You can configure an M3UA service with the AuthorizationInfoLookUp parameter as Map-Restore to use this functionality. The GUI is updated with new fields to support this functionality.

Map Restore Data Authorization Flow

Prime Access Registrar sends a MAP_SEND_AUTH_INFO request to HLR on receiving EAP-SIM / EAP-AKA authentication request and fetches the authentication vectors in MAP_SEND_AUTH_INFO_RES message. Prime Access Registrar checks the IMSI and if it is authentic, sends a MAP_RESTORE_DATA_REQUEST to fetch the profile information from the HLR. HLR then responds with MAP_INSERT_SUBSCRIBER_DATA request to Prime Access Registrar. The request contains the circuit switched (CS) profile information for a subscriber.

Prime Access Registrar server stores the profile information based on the ProfileInfo configuration and sends a MAP_INSERT_SUBSCRIBER_DATA_RESPONSE to HLR. HLR responds with MAP_RESTORE_DATA_RESPONSE to Prime Access Registrar. After successful acknowledgment of MAP_RESTORE_DATA, Prime Access Registrar server maps the fetched profile through RestoreDataMappings to any of the environment variables configured by the user. The CS profile used to authorize WI-FI access which is fetched from HLR can be transported to access point in any of the radius attribute.

The mapping of the values in the response to a profile is possible based on the configuration in the profilemappings configuration.

MSISDN to IMSI Reverse Translation Support

You can configure an M3UA service to fetch MSISDN from IMSI or vice versa (IMSI from MSISDN) through RADIUS packets. Set the AuthorizationInfoLookUp parameter in the CLI to one of the following:

•MSISDN-IMSI—To fetch MSISDN in the request and send IMSI in the response to the HLR.

•IMSI-MSISDN—To fetch IMSI in the request and send MSISDN in the response to the HLR.

The GUI is also updated with the parameter to support this functionality.

SCTP Multihoming Support

Multihoming feature of Stream Control Transmission Protocol (SCTP) provides the ability for a single SCTP endpoint to support multiple IP addresses. With this feature, each of the two endpoints during an SCTP association can specify multiple points of attachment. Each endpoint will be able to receive messages from any of the addresses associated with the other endpoint. With the use of multiple interfaces, data can be sent to alternate addresses when failures occur and thus Prime Access Registrar runs successfully even during network failures.

Prime Access Registrar allows you to configure multiple source and destination addresses on the remote server using the CLI. The GUI is also updated with an option to provide additional source and destination IP addresses for the remote server.

Multiple Remote Server Support

Prime Access Registrar supports multiple remote servers with the protocol type, SIGTRAN-M3UA. However, Prime Access Registrar validates and ensures the following when multiple remote servers are available:

•The source port is different for all the remote servers.

•If Origin Point Code (OPC) is different, the routing context is also different for all the remote servers.

•Destination Point Code (DPC) and Sub System Number (SSN) combination of the remote servers is unique.

•The NetworkVariant, SubServiceField (SSF), TCAPVariant, NetworkAppearance, and NetworkIndicator values are the same for all the remote servers.

Support for Blacklisting IMSI Values

Prime Access Registrar allows you to blacklist one or more IMSI values available in the EAP-SIM or EAP-AKA requests forwarded to an HLR. A scripting point option is provided such that you can set an environment dictionary variable Blacklisted-IMSI to TRUE or FALSE to blacklist or whitelist IMSI values respectively. An IMSI value marked as blacklisted is rejected and will not be forwarded to the HLR. You can configure a notification code to represent failure. If no notification code is set, 16384 representing General Failure is sent upon rejection of an IMSI value.

Solaris 10 Support

Prime Access Registrar supports SIGTRAN-M3UA on Solaris platform in addition to Linux. You must ensure that you have the following packages while installing Prime Access Registrar in Solaris:

•gcc version-3.4.6

•gdome-config-0.8.1

•xml2-config-2.6.23

•pkg-config-0.15.0

•glib-2.30

•gtk-2.41

•libxml-2.2.6.20

Enhancements in Cisco Prime Access Registrar 6.0.1.1

Table 1 gives the details on the enhancements made in Prime Access Registrar 6.0.1.1.

Table 1 Enhancements in Cisco Prime Access Registrar 6.0.1.1 

Bug	Description
CSCug64962	Enhancement to suppress sending point code in map transactions. Point code has been masked based on the configuration option MaskPointCode if set as TRUE. Point code is not present in CGPA and CPA.
CSCug73864	Length flag needs to be set in EAP-Msg Accs-Chalng to work with smart meter. EnableLengthFlag attribute is added under the directory /r/advanced in aregcmd. Based on the value of this attribute, length flag will be included in the EAPaccess-challenge messages.
CSCug92076	Need support for multiple ISD messages in MRD flow. Prime Access Registrar supports more than one ISD message in the map-restore-data flow.
CSCtn29426	Need to have a configurable option to change the NP in CDPA and CGPA. Added a configuration option for CDPA and CGPA numbering plan in Sigtran remote server.

Enhancements in Cisco Prime Access Registrar 6.0.1

Table 2 gives the details on the enhancements made in Prime Access Registrar 6.0.1.

Table 2 Enhancements in Cisco Prime Access Registrar 6.0.1 

Bug	Description
CSCue45944	Scalable ExtendedBackingStore. If there are multiple remote OCI accounting servers configured in Cisco Prime AR, when one remote server is shut down, packets targeting the other remote servers are blocked. This issue is overcome by refactoring the ExtendedBackingStore (EBS).

System Requirements

This section describes the system requirements to install and use the Prime Access Registrar software.

Table 3 lists the system requirements for Prime Access Registrar 6.0.1.

Table 3 Minimum Hardware and Software Requirements for Prime Access Registrar Server 

Component	Operating System
	Solaris	Linux
OS version	Solaris 10	RHEL 5.3/5.4/5.5/6.0/6.1/6.2
Model	SPARC Enterprise T5220	X86
CPU type	UltraSPARC-T2 (SPARC V9)	Intel Xeon CPU 3.40 GHz
CPU Number	8 cores (8 threads each)	4
CPU speed	1165 MHz	3.40 GHz
Memory (RAM)	8 GB	8 GB
Swap space	10 GB	10 GB
Disk space	2*72 GB	1*146 GB

Co-Existence With Other Network Management Applications

To achieve optimal performance, Prime Access Registrar should be the only application running on a given server. In certain cases, when you choose to run collaborative applications such as a SNMP agent, you must configure Prime Access Registrar to avoid UDP port conflicts. The most common conflicts occur when other applications also use ports 2785 and 2786. For more information on SNMP configuration, see the Configuring SNMP section, in the Installing and Configuring Cisco Prime Access Registrar, 6.0.

Cisco Prime Access Registrar 6.0.1 Licensing

In Prime Access Registrar 6.0.1, licensing is based on transactions per second (TPS) or concurrent online/active subscribers/devices sessions (SUB). TPS is calculated based on the number of packets flowing into Prime Access Registrar. In Session based licensing model, the license is managed based on the number of sessions that resides in Prime Access Registrar. During Prime Access Registrar startup, either TPS based licensing or session based licensing model should be loaded. For more information on licensing, see the Open Source Used In Cisco Prime Access Registrar 6.0.1.

Bugs

This section provides information about known anomalies in Cisco Prime Access Registrar and information about anomalies from previous versions of Prime Access Registrar that have been fixed.

•Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.3

•Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.2

•Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.1

•Anomalies Fixed in Cisco Prime Access Registrar 6.0.1

•Known Anomalies in Cisco Prime Access Registrar 6.0.1.3

•Known Anomalies in Cisco Prime Access Registrar 6.0.1.2

•Known Anomalies in Cisco Prime Access Registrar 6.0.1.1

•Known Anomalies in Cisco Prime Access Registrar 6.0.1

•Important Notes

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.3

Table 4 lists the anomalies fixed in Prime Access Registrar 6.0.1.3.

Table 4 Anomalies Fixed in Prime Access Registrar 6.0.1.3  

Bug	Description
CSCui24502	RFC compliance for routing context mapping.
CSCui03911	MAP request to support CgPA formatting to subsequent MAP requests in CdP.

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.2

Table 5 lists the anomalies fixed in Prime Access Registrar 6.0.1.2.

Table 5 Anomalies Fixed in Prime Access Registrar 6.0.1.2  

Bug	Description
CSCuh60170	Need configurable option for ISD OpCode present in empty response.
CSCuh74729	Failover not working in a specific scenario in sigtran-m3ua remote server.

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1.1

Table 6 lists the anomalies fixed in Prime Access Registrar 6.0.1.1.

Table 6 Anomalies Fixed in Prime Access Registrar 6.0.1.1  

Bug	Description
CSCue59482	Mega menu should roll back when it is dropped in dashboard in GUI.
CSCue70595	CAR crashes sometimes during traffic/no traffic with sigtran-m3ua remote.
CSCue80069	Launching GUI page takes time than expected in all supported browsers.
CSCuf88492	Mapversion should be selected for both eap-sim and eap-aka service.
CSCug50752	Failover does not happen for same request in eap-sim/eap-aka/m3ua service.
CSCug72431	Two message authenticators in Acess-Challenge with m3ua sim/aka service.
CSCug74120	During SRI for LCS (IMSI to MSISDN) fetching corrupted MSISDN.
CSCug75718	CPAR crashes while performing remote-session-service.
CSCug87135	CPAR gets crashed with ECC while sending traffic.
CSCug89352	TACACS+ packets should be counted in tps log.
CSCug91283	MaximumBufferFileSize is fixed to 10 mb.
CSCug91374	CPAR gets crashed while sending Tacacs+ traffic.
CSCug91611	CAR crashes when configuring sigtran-m3ua.
CSCuh35024	Prefix based GT translation broken in CPAR.
CSCuh46863	Network indicator in SCCP payload should be configurable using script.
CSCuh43960	AR sending invalid AT_MAC for eap-aka service with diameter-Wx interface.

Anomalies Fixed in Cisco Prime Access Registrar 6.0.1

Table 7 lists the anomalies fixed in Prime Access Registrar 6.0.1.

Table 7 Anomalies Fixed in Prime Access Registrar 6.0.1  

Bug	Description
CSCte61073	With oracle,User-Password is shown in trace message.
CSCtz47253	Packet committed before reaching the max.transaction count with roundrobin.
CSCua78429	Radius Process restart (crash) when AR encounters ORA native error.
CSCue59540	Reload and Restart should not happen for Read-only user in GUI.
CSCue58898	PAR next generation license should support eap-aka service.
CSCue50385	Validation required in eap-sim/eap-aka service.
CSCue77700	Few sigtran-m3ua remote server configurable attributes not reflected in GUI.
CSCue65762	Need to validate for sigtran-m3ua association with invalid IP.
CSCue61051	PAR installation should not allow with java 64 bit.
CSCue67841	White and black list feature is not supported for m3ua service.
CSCue94460	Need to add RESERVED and SPARE in Field SubServiceField of sigtran-m3ua.
CSCuf04138	M3UA stack on CAR hard-coded to request 5 triplets.
CSCuf88927	LocationSvcGateway should be used as 37 in Application Context Name of TCAP.
CSCue55299	Incorrect log message is logged when license file is not opened.
CSCug29010	GlobalTitleTranslationScript not working in sigtran m3ua remote server.
CSCug23896	MLC Number should be send properly in SRI flow.
CSCue52982	Mandatory RPM should be checked before CAR installation.

Known Anomalies in Cisco Prime Access Registrar 6.0.1.3

Table 8 lists the known anomalies in Prime Access Registrar 6.0.1.3.

Table 8 Known Anomalies in Prime Access Registrar 6.0.1.3  

Bug	Description
CSCui26360	Need to set a limit or count of number of consecutive timeouts in sigtran-m3ua.

Known Anomalies in Cisco Prime Access Registrar 6.0.1.2

Table 9 lists the known anomalies in Prime Access Registrar 6.0.1.2.

Table 9 Known Anomalies in Prime Access Registrar 6.0.1.2  

Bug	Description
CSCue45559	OCI should support same attributes occurrence of mutiple times in marker list.
CSCue75064	Send Authentication Info message should handle the User error.
CSCuh35564	Unable to send packet while using scripting point (IMSI translation) in sigtran-m3ua remote server.
CSCuh57968	GT Prefix length has to be less than Dest GT length for prefix routing
CSCuh62403	After upgrade from CPAR6.0.1, the save and reload is not working. For a workaround, see Important Notes.
CSCuh69337	Validation error occurs after upgrading from CAR 5.0 FCS to CPAR 6.0.1.1 FCS. For a workaround, see Important Notes.
CSCuh81137	With Eap-sim failover, first packet is getting rejected with sigtran-m3ua.
CSCuh96532	Negative invoke ID in sigtran-m3ua map flow.
CSCui24502	RFC compliance for routing context mapping.

Known Anomalies in Cisco Prime Access Registrar 6.0.1.1

Table 10 lists the known anomalies in Prime Access Registrar 6.0.1.1.

Table 10 Known Anomalies in Prime Access Registrar 6.0.1.1  

Bug	Description
CSCue45559	OCI should support same attributes occurrence of mutiple times in marker list.
CSCue75064	Send Authentication Info message should handle the User error.
CSCuh35564	Unable to send packet while using scripting point (IMSI translation) in sigtran-m3ua remote server.
CSCuh57968	GT Prefix length has to be less than Dest GT length for prefix routing
CSCuh62403	After upgrade from CPAR6.0.1, the save and reload is not working. For a workaround, see Important Notes.
CSCuh69337	Validation error occurs after upgrading from CAR 5.0 FCS to CPAR 6.0.1.1 FCS. For a workaround, see Important Notes.

Known Anomalies in Cisco Prime Access Registrar 6.0.1

Table 11 lists the known anomalies in Prime Access Registrar 6.0.1.

Table 11 Known Anomalies in Prime Access Registrar 6.0.1  

Bug	Description
CSCua73730	AR radius crashes when BufferAccountingPackets is enabled for TACACS+.
CSCuc98251	CAR 5.1 merging of Cisco-avpair from base profile fails.
CSCud44814	AR getting crashed while sending CC request to diameter local service.
CSCud67479	Some of the attributes are not replicated while replicating with script.
CSCue45559	OCI should support same attributes occurrence in mutiple time markerlist.
CSCue70595	CAR crashes sometimes during traffic/no traffic with sigtran-m3ua remote.
CSCue75064	Send Authentication Info message should handle the User error.
CSCuf05024	Remote server type is missing in trap.
CSCuf74381	IP range needs to be editable in resource manager in GUI.
CSCug29165	Service Outage policy is not applied for TACACS+.
CSCug29186	Service Outage script is not called in TACACS+.
CSCug29265	Service Outgoing script is not called for TACACS+.
CSCug30716	Validation required in m3ua service Authorization look up as MAP-RESTORE.
CSCug33470	Timeout & outstanding request count mismatch in stats output.
CSCtz22609	Odbc-acc failover is not working when backup server buffer is disabled.
CSCtz46852	Each retransmission also included in the transaction count.

Important Notes

Table 12 identifies certain important observations documented against Prime Access Registrar 6.0.1, in addition to the open caveats mentioned in Known Anomalies in Cisco Prime Access Registrar 6.0.1.2 and Known Anomalies in Cisco Prime Access Registrar 6.0.1.1.

Table 12 Important Observations in Prime Access Registrar 6.0.1.1  

Bug	Description	Condition	Workaround	Release
CSCuh62403	After upgrade from CPAR6.0.1, save and reload is not working	While upgrading from Prime Access Registrar 6.0.1	1. Create a file (/tmp/upgrade-mcd.txt) with the following content: [ servers/name/radius/1/defaults ] EnableLengthFlag = str:[0]FALSE SendOpCodeInISDResponse = str:[0]FALSE [ servers/name/radius/1/remoteodbcsessionse rver ] UseCacheIndex = str:[0]FALSE 2. Stop the Prime Access Registrar server. 3. Run the following commands: Note The mcdadmin commands will prompt for username and password of Prime Access Registrar server. –/cisco-ar/bin/mcdadmin -r /servers/name/radius/1/ remoteodbcsessionserver/UseCacheIndex –/cisco-ar/bin/mcdadmin -i /tmp/upgrade-mcd.txt –rm -f /tmp/upgrade-mcd.txt 4. Restart the Prime Access Registrar server.	6.0.1.1
CSCuh69337	Validation error occurs after upgrading from CAR 5.0 FCS to CPAR 6.0.1.1 FCS	While upgrading from Access Registrar 5.0 FCS kit to Prime Access Registrar 6.0.1.1 FCS kit	Set the subscriber db look up and add a remote server manually after the upgrade process. Then, save the configuration to complete the upgradation.	6.0.1.1

Related Documentation

The following is a list of the documentation for Prime Access Registrar 6.0.1. You can access the URLs listed for each document at www.cisco.com on the World Wide Web. We recommend that you refer to the documentation in the following order:

•Cisco Prime Access Registar 6.0.1 User Guide

•Cisco Prime Access Registrar 6.0.1 Release Notes

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

This document is to be used in conjunction with the documents listed in the "Cisco Prime Access Registrar 6.0.1 Licensing" section.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2013 Cisco Systems, Inc. All rights reserved.