The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides an overview of the software installation process. You can install the Cisco Prime Access Registrar software on a machine for the first time, or you can upgrade the existing Prime Access Registrar software to a latest version.
Prime Access Registrar software is available in a packaged DVD-ROM or can be download from the Cisco.com website. “Downloading Cisco Prime Access Registrar Software” section provides detailed information about downloading the Prime Access Registrar 9.0 software.
Before you install the Prime Access Registrar 9.0 software, you must copy a license file to the location where you will install the software. You will receive the license file as an e-mail attachment. “Cisco Prime Access Registrar 9.0 Licensing” section provides detailed information about the new licensing mechanism in Prime Access Registrar.
Note Before you begin the software installation, ensure that your server has the recommended patches. For patch details refer to Installing Cisco Prime Access Registrar 9.0. A dedicated server should be allocated for Prime Access Registrar installation and it is recommended to run Prime Access Registrar as a standalone application. Installing any other application(s) in the same server is not supported.
Prime Access Registrar is a 64-bit, 3GPP-complaint RADIUS (Remote Authentication Dial-In User Service)/Diameter server that enables multiple dial-in Network Access Server (NAS) devices to share a common authentication, authorization, and accounting database.
Before you install Prime Access Registrar, ensure that:
Note Oracle Instant Client libraries are not supported. For ODBC, Prime Access Registrar supports MySQL database connectivity and for OCI, it supports Oracle database connectivity.
Note You must install the rpm versions relevant to the RHEL OS versions while installing Prime Access Registrar.
Required 64-bit rpms for Relevant RHEL OS Versions
|
|
|
|
---|---|---|---|
This section describes the system requirements to install and use the Prime Access Registrar software.
Table 1 lists the system requirements for Prime Access Registrar 9.0.
Prime Access Registrar supports JDK versions 1.8 and 1.11. Also, Apache Tomcat version has been upgraded to 9.0.20.
Prime Access Registrar 9.0 uses the RedHat Package Manager (RPM) and installs as a script. When you begin the software installation, the installation process uses a dialog to determine how to install the software.
The next question in the installation dialog asks, “Where do you want to install?” The default location to install the software is /opt/CSCOar. You can choose to specify another location by entering it at this point. That directory would then be the base install directory, sometimes referred to as $INSTALL or $BASEDIR.
The installation dialog asks for the location of the license file.
Prime Access Registrar uses a licensing mechanism that requires a file to be copied from a directory on the Prime Access Registrar workstation. Earlier versions of Access Registrar used a license key. You should copy the license file to the Prime Access Registrar workstation before you begin the software installation. You can copy the license file to /tmp or another directory you might prefer. The installation process will copy the license file from the install location that you have provided, for example /opt/CSCOar/license.
See “Cisco Prime Access Registrar 9.0 Licensing” section for more detailed information about the Prime Access Registrar license file requirements.
The installation dialog asks for the location of the Java Runtime Environment (JRE). Prime Access Registrar provides a web-based GUI that requires JRE Version 1.8.x/1.11.x to be installed on the Prime Access Registrar server.
If you already have a Java Version 7 or Version 8 platform installed, enter the directory where it is installed. If you need the JRE, you can download it from one of the following websites:
The installation dialog asks for the location of the Oracle installation directory required for OCI configuration. The installation process uses this information to set the ORACLE_HOME variable in the /opt/CSCOar/bin/arserver script.
If you are not using OCI, press Enter to skip this step.
Note Supported Oracle client versions are 10.2.0.1.0 - 12c.
The installation dialog asks if you want to install the example configuration. You can use the example configuration to learn about Prime Access Registrar and to understand the Prime Access Registrar configuration.
You can delete the example configuration at any time by running the command:
/opt/CSCOar/bin/aregcmd -f /opt/CSCOar/examples/cli/delete-example-configuration.rc
On initiating the installation process, a message stating whether you want to install the Prime Access Registrar in the /opt/CSCOar base directory is displayed. You need to select the required option to proceed further.
If the base directory does not exist, a message stating whether you want to create the selected base directory is displayed. You need to select the required option to proceed installation.
The base directory must be created before you can install the software. If you do not agree to create the base directory at this point, the installation process terminates and no changes are made to the system. The default base directory is /opt/CSCOar.
Prime Access Registrar can be run as a non-root user as well. Make sure that you have an existing non-root user account. If you wish to run Prime Access Registrar as a non-root user, and the user does not exist, choose to exit the installation.
Configuration Changes as non-root User
If you install Prime Access Registrar as a non-root user, ensure that you perform all operations within Prime Access Registrar as a non-root user. Otherwise, log files will be created in root mode. To avoid this, run the following script:
Connection Between Prime Access Registrar and OCI
If you install Prime Access Registrar as a non-root user, you must have access permissions to the oracle client libraries. If you do not have access permissions to the oracle client libraries, Prime Access Registrar will not be able to load the oracle client libraries at run time and will display the error message OCILIB is not initialised in name_radius_1_log.
Follow the below steps to resolve the issue:
Step 1 Run the following command:
chown -R cparadm:cparadm /opt/oracle
Where, /opt/oracle is the oracle user home directory if ORACLE_HOME path in arserver script is "/opt/oracle/12.1.0/client_1"
Step 2 Verify $ORACLE_HOME/lib directory is accessible by non-root user (user who controls the Prime Access Registrar application.)
Step 3 Append "$ORACLE_HOME/lib" in /etc/ld.so.conf (at the bottom) and run the ldconfig command as root user.
Note Replace $ORACLE_HOME by its value. Example: /opt/oracle/12.1.0/client_1/lib.
Step 4 Execute the following command:
Check if it lists the oracle client library path that you added in /etc/ld.so.conf.
Step 5 After executing the above four steps, login as non-root user and run the ldconfig command as non-root user.
Step 7 Restart Prime Access Registrar as non-root user using the following command:
Now, Prime Access Registrar will be able to initialize the OCILIB properly.
Before executing the library files and other packages, a confirmation message stating that “Do you want to continue with the installation of <CSCOar>?” is displayed. Enter Y or yes to continue with the installation. No further user input is required.
Prime Access Registrar software is available for download at:
http://www.cisco.com/cgi-bin/tablebuild.pl/access-registrar-encrypted?sort=release
All versions of Prime Access Registrar software available for download are listed. The current version is CSCOar-9.0.0.0-lnx26_64-install.sh.
Complete the following steps to download the software.
Step 1 Create a temporary directory, similar to /tmp, to hold the downloaded software package.
Step 2 Enter the URL to the Cisco.com website for Prime Access Registrar software:
http://www.cisco.com/cgi-bin/tablebuild.pl/access-registrar-encrypted?sort=release
Step 3 Click on the link for Prime Access Registrar software:
CSCOar-9.0.0.0-lnx26_64-install.sh
The Software Center Download Rules page appears. You should read these rules carefully.
Warning Before downloading this software please ensure that each of the following licenses and agreements are in place with Cisco Systems or a Cisco Systems authorized reseller.
These rules require you to acknowledge the following:
By clicking Agree, you confirm that the download of this file by you is in accordance with the requirements listed and that you understand and agree that Cisco Systems reserves the right to charge you for, and you agree to pay for, any software downloads to which you are not entitled. All Cisco Systems Operating System and application software licenses and downloads are governed by Cisco Systems' applicable End User License Agreement/Software License Agreement. By clicking Agree you further agree to abide by the terms and conditions set forth in Cisco Systems' End User License agreement/Software License Agreement and your service agreement.
If you click Agree, the End User License Agreement / Software License Agreement is displayed.
Step 4 Read the End User License Agreement / Software License Agreement carefully, and if you accept the terms, click Accept.
The software Download page appears. In few seconds, a File Download dialog box appears. If it does not appear, click the link provided in the page.
Step 5 Click Save and indicate where to save the file on your computer, such as /tmp, then click Save again.
Cisco Prime Access Registrar offers two options to manage your licenses:
Smart Licensing is a cloud-based approach to licensing. Cisco Smart Software Licensing helps you to procure, deploy, and manage licenses easily where devices self-register and report license consumption, removing the need for product activation keys (PAKs). It pools license entitlements in a single account and allows you to move licenses freely through the network, wherever you need them.
The licenses that you have purchased are maintained in a centralized database called the Cisco Smart Software Manager (CSSM). Applications will report their license usage to a Smart Agent (SA) which will then use Call Home to report the usage to the CSSM. For more information, refer to https://software.cisco.com.
You can use Cisco Smart Licensing to:
For detailed information about the Smart Licensing process, see Chapter6, “Smart Licensing”
In Prime Access Registrar 9.0, licensing is based on transactions per second (TPS) or concurrent online/active subscribers/devices sessions (SUB). TPS is calculated based on the number of packets flowing into Prime Access Registrar. In Session based licensing model, the license is managed based on the number of sessions that reside in Prime Access Registrar. During Prime Access Registrar startup, either TPS based licensing or session based licensing model should be loaded.
The Remote Authentication Dial-In User Service (RADIUS) transaction in Prime Access Registrar constitutes:
Each pair (request and its response) is one transaction. In a proxy scenario, the additional traffic created by the proxy request from Prime Access Registrar and its response will not be considered as a different transaction. However, only those requests from the RADIUS client/NAS is taken as a transaction.
The Diameter transaction constitutes a complete Diameter-Request and Diameter-Answer.
Prime Access Registrar can be deployed in an active/stand-by server combination (with RHEL clustering solution). The active server performs all the AAA functionality. Only if the active server goes down, RHEL cluster will trigger the stand-by server.
Prime Access Registrar can optionally be deployed in a two-tier architecture—front-end and back-end server. The front-end server performs AAA functions. The back-end server performs session management functions.
Greenfield customers can purchase Prime Access Registrar 9.0 version by purchasing the required part numbers. Prime Access Registrar is also available by e-delivery; with e-delivery, the licenses are obtained electronically. The licenses need to be ordered using the part numbers in Table 2 .
|
|
---|---|
Physical delivery of Prime Access Registrar software/license. |
|
Electronic delivery of Prime Access Registrar software/license. |
|
Prime Access Registrar Base license; support for RADIUS; required for each region, supports 100 transactions per second |
|
Prime Access Registrar Next Generation Base license; required for each region, support for RADIUS, Diameter, and IPv6; |
|
Prime Access Registrar Director Base license; intelligent AAA proxy, and Accounting write support; Includes RADIUS support; required for each region; |
|
Prime Access Registrar Director Additional license; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Subscriber Base license; required for each region; support for RADIUS; supports up to 100,000 concurrent active sessions |
|
Prime Access Registrar Next Generation Subscriber Base license; required for each region; support for RADIUS, Diameter, and IPv6; supports up to 100,000 concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License region; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar Additional License; |
|
Prime Access Registrar License for RADIUS<->Diameter translations framework |
|
Prime Access Registrar License for interaction with HSS and EAP-SIM / EAP-AKA / EAP-AKA’ authentication |
|
Prime Access Registrar Base license with SIGTRAN enabled; support for RADIUS only; supports 100 transactions per second |
|
Prime Access Registrar Next Generation Base license with SIGTRAN enabled; RADIUS, Diameter, and IPv6; supports 100 transactions per second |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Additional License with SIGTRAN enabled; |
|
Prime Access Registrar Subscriber Base license with SIGTRAN enabled; support for RADIUS; supports up to 100,000 concurrent active sessions |
|
Prime Access Registrar Next Generation Subscriber Base license with SIGTRAN enabled; required for each region; support for RADIUS, Diameter, and IPv6; supports up to 100,000 concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License with SIGTRAN enabled; supports 100,000 concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License with SIGTRAN enabled; supports 200,000 concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License with SIGTRAN enabled; supports 500,000 concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License with SIGTRAN enabled; supports 1 million concurrent active sessions |
|
Prime Access Registrar Additional Subscriber License with SIGTRAN enabled; supports 2 million concurrent active sessions |
|
Prime Access Registrar License for enabling Enhanced IP Allocation feature with the capacity of 1,000 IP allocations. For details about the Enhanced IP Allocation feature, refer to the Cisco Prime Access Registrar 9.0 Administrator Guide. |
|
Prime Access Registrar Additional License with Enhanced IP Allocation enabled; supports 10,000 IP allocations |
|
Prime Access Registrar Additional License with Enhanced IP Allocation enabled; supports 100,000 IP allocations |
|
Prime Access Registrar Additional License with Enhanced IP Allocation enabled; supports 1 million IP allocations |
|
Prime Access Registrar Additional License with Enhanced IP Allocation enabled; supports 2 million IP allocations |
When you order the Cisco Prime Access Registrar product, a text license file will be sent to you by e-mail. If you are evaluating the software, Cisco will provide you with an evaluation license.
If you decide to upgrade your Prime Access Registrar software, a new text license file will be sent to you by e-mail.
Note While upgrading, the licenses of previous versions cannot be used with Prime Access Registrar 9.0. Backward compatibility support in terms of license will not be available in this version.
If you receive a Software License Claim Certificate, you can get your Prime Access Registrar license file at the following URL:
Note You need to be the registered user of Cisco.com to generate a Software License.
Within one hour of registration at the above website, you will receive your license key file and installation instructions in e-mail.
You must have a license in a directory on the Prime Access Registrar machine before you attempt to install Prime Access Registrar software. If you have not installed the Prime Access Registrar license file before beginning the software installation, the installation process will fail.
You can store the Prime Access Registrar license file in any directory on the Prime Access Registrar machine. During the installation process, you will be asked the location of the license file, and the installation process will copy the license file to the /opt/CSCOar/license directory, or $INSTALL/license directory if you are not using the default installation location.
The license file might have the name ciscoar.lic, but it can be any filename with the suffix .lic. To install the Prime Access Registrar license file, you can copy and paste the text into a file, or you can simply save the file you receive in e-mail to an accessible directory.
If you add additional licenses, you can open the file in /opt/CSCOar/license and add additional lines to the license file, or you can create an additional license file to hold the new lines. If you add a new file, remember to give it a .lic suffix. You must restart the Prime Access Registrar server for the new license to take effect. To restart the Prime Access Registrar server, enter the following on the server command line:
The following is an example of a Cisco Prime Access Registrar license file.
Prime Access Registrar provides two ways of getting license information using aregcmd :
Prime Access Registrar provides a -l command-line option to aregcmd. The syntax is:
where directory_name is the directory where the Prime Access Registrar license file is stored. The following is an example of the aregcmd -l command:
Licensed Application: Cisco Prime Access Registrar (Standard Version)
Following are the licensed components:
The Prime Access Registrar server displays license information when you launch aregcmd, as shown in the following:
For a complete list of Cisco Access Registrar 9.0 documentation, see the Cisco Prime Access Registrar 9.0 Documentation Overview.
Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.