Cisco Prime Access Registrar

Table Of Contents

Cisco Prime Access Registrar 6.0 Release Notes

Contents

New Features In Cisco Prime AR 6.0

Identity and Access Management for Smart Grid Solutions

Network and Concurrent session based licensing

Cisco Prime Branding

Red Hat Enterprise Linux (RHEL) Clustering

Red Hat Enterprise Linux (RHEL) 6.x Support

TACACS+ SNMP and Statistics Support

M3UA/SIGTRAN connectivity to HLR

Enhancements in Cisco Prime Access Registrar 6.0

System Requirements

Co-Existence With Other Network Management Applications

Cisco Prime Access Registrar 6.0 Licensing

Bugs

Anomalies Fixed in Cisco Prime Access Registrar 6.0

Known Anomalies in Cisco Prime Access Registrar 6.0

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Cisco Prime Access Registrar 6.0 Release Notes

---

Cisco Prime Access Registrar is a high performance, carrier class RADIUS/Diameter solution that provides scalable, flexible, intelligent authentication, authorization, and accounting (AAA) services.

Cisco Prime Access Registrar comprises a RADIUS/Diameter server designed from the ground up for performance, scalability, and extensibility for deployment in complex service provider environments including integration with external data stores and systems. Session and resource management tools track user sessions and allocate dynamic resources to support new subscriber service introductions.

---

Note Cisco Prime AR 6.0 can be used with Solaris 10, or Red Hat Enterprise Linux 5.3/5.4/5.5/6.0/6.1/6.2 32-bit /64-bit operating system (with 32-bit library is only for 64-bit operating system) using kernel 2.6.18-128.el5 or later versions of 2.6, and Glibc version: glibc-2.5-34 or later.

---

Contents

This release note contains the following sections:

•New Features In Cisco Prime AR 6.0

•Enhancements in Cisco Prime Access Registrar 6.0

•System Requirements

•Cisco Prime Access Registrar 6.0 Licensing

•Bugs

•Related Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

New Features In Cisco Prime AR 6.0

Cisco Prime AR 6.0 introduces these features.

•Identity and Access Management for Smart Grid Solutions

•Network and Concurrent session based licensing

•Cisco Prime Branding

•Red Hat Enterprise Linux (RHEL) Clustering

•Red Hat Enterprise Linux (RHEL) 6.x Support

•TACACS+ SNMP and Statistics Support

•M3UA/SIGTRAN connectivity to HLR

Identity and Access Management for Smart Grid Solutions

Cisco Prime AR 6.0 provides the identity and access management for the smart grid solutions on IPv6 networks. This is achieved using the Elliptic Curve Crytographic (ECC) based certificate validation and also supports TACACS+ authentication and command accounting. For EAP services, in addition to RSA certificates, Cisco Prime AR supports verification of ECC certificates. ECC uses elliptic curves to encrypt data when creating keys which enables you to create shorter and stronger keys for better efficiency. This is achieved using the Cisco SSL library APIs. TACACS+ supports ASCII, PAP, and CHAP Authentication type, login and enable services, and LDAP, OCI, and ODBC services in addition to Local service. TACACS+ also tracks and maintains the executed command details in the command accounting. For more information about TACACS+ SNMP support, see TACACS+ SNMP and Statistics Support.

Network and Concurrent session based licensing

Cisco Prime AR 6.0 introduces network wide licensing. The license is applicable across the network. A base server is needed per region.

Licensing can be based on either existing Transactions Per Second (TPS) model or the new number of Concurrent Online/Active Subscriber/Device Sessions (SUB) model.

Cisco Prime Branding

Cisco Prime AR 6.0 introduces the Prime Graphical User Interface for better usability, look and feel.

Red Hat Enterprise Linux (RHEL) Clustering

Cisco Prime AR 6.0 supports Red Hat Enterprise Linux (RHEL) Clustering. A two-node cluster is built with the help of Red Hat Clustering (RHCS) suite such that Cisco Prime AR will be running initially in the primary node. If there is a failure in the Cisco Prime AR service which means either the service is stopped or crashed, Cisco Prime AR service will automatically failover to the secondary node without any manual intervention.

Red Hat Enterprise Linux (RHEL) 6.x Support

In this version of Cisco Prime AR supports the following versions of Red Hat Enterprise Linux, RHEL 6.0/6.1/6.2.

---

Note You must download the libncurses.so.5.5 and libnssutil3.so library files and the respective rpm files in the /usr/ lib directory, and glibc-32bit-2.10.1-10.5.1.x86_64.rpm rpm file so that installation on Linux can be completed successfully.

---

TACACS+ SNMP and Statistics Support

Cisco Prime AR 6.0 uses CISCO-AAA-SERVER-MIB to describe the statistics of Terminal Access Controller Access-Control System Plus (TACACS+) protocol. TACACS+ protocol is a terminal access control protocol for routers, switches, network access servers and other network computing devices. The main goal of TACACS+ is to provide separate authentication, authorization, and accounting services. In Cisco Prime AR, TACACS+ provides authentication for login services with PAP, CHAP, and ASCII authentication types. It also tracks and maintains the executed command details in the command accounting. Configuration is supported through the CLI/GUI and statistics are provided through CLI, GUI, and SNMP.

M3UA/SIGTRAN connectivity to HLR

Cisco Prime AR supports SS7 messaging over IP (SS7oIP) via SIGTRAN-M3UA, a new transport layer which leverages Stream Control Transmission Protocol (SCTP). Cisco Prime AR supports SIGTRAN-M3UA to fetch the authentication vectors from HLR, which is required for EAP-AKA/EAP-SIM authentication.

Enhancements in Cisco Prime Access Registrar 6.0

Table 1 gives the details on the enhancements made in Cisco Prime AR 6.0.

Table 1 Enhancements in Cisco Prime Access Registrar 6.0 

Bug	Description
CSCtz34783	Need a script in API to set Radius packet code. In Cisco Prime AR 6.0, the access-request or accounting-request is converted to CoA or PoD request and sent to the remote server. The remote server sends a corresponding CoA or PoD response to the Cisco Prime AR server in order to accept or reject a request.
CSCub41918	Need to support redirection of CoA and PoD requests in the proxy service. CoA and PoD requests needs to be redirected to the configured client in the proxy service.The CoA or PoD responses sent by the remote server should be redirected by the Cisco Prime AR server to the configured client.

System Requirements

This section describes the system requirements to install and use the Cisco Prime AR software.

Table 2 lists the system requirements for Cisco Prime AR 6.0.

Table 2 Minimum Hardware and Software Requirements for Cisco Prime AR Server 

Component	Operating System
	Solaris	Linux
OS version	Solaris 10	RHEL 5.3/5.4/5.5/6.0/6.1/6.2
Model	SPARC Enterprise T5220	X86
CPU type	UltraSPARC-T2 (SPARC V9)	Intel Xeon CPU 3.40 GHz
CPU Number	8 cores (8 threads each)	4
CPU speed	1165 MHz	3.40 GHz
Memory (RAM)	8 GB	8 GB
Swap space	10 GB	10 GB
Disk space	2*72 GB	1*146 GB

Co-Existence With Other Network Management Applications

To achieve optimal performance, Cisco Prime AR should be the only application running on a given server. In certain cases, when you choose to run collaborative applications such as a SNMP agent, you must configure Cisco Prime AR to avoid UDP port conflicts. The most common conflicts occur when other applications also use ports 2785 and 2786. For more information on SNMP configuration, see the Configuring SNMP section, in the Installing and Configuring Cisco Prime Access Registrar, 6.0.

Cisco Prime Access Registrar 6.0 Licensing

In Cisco Prime AR 6.0, licensing is based on transactions per second (TPS) or concurrent online/active subscribers/devices sessions (SUB). TPS is calculated based on the number of packets flowing into Cisco Prime AR. In Session based licensing model, the license is managed based on the number of sessions that resides in Cisco Prime AR. During Cisco Prime AR startup, either TPS based licensing or session based licensing model should be loaded. For more information on licensing, see the Cisco Prime Access Registrar 6.0 Licensing section, in the Installing and Configuring Cisco Prime Access Registrar, 6.0.

Bugs

This section provides information about known anomalies in Cisco Prime AR 6.0 and information about anomalies from previous versions of Cisco Prime AR that have been fixed.

•Anomalies Fixed in Cisco Prime Access Registrar 6.0

•Known Anomalies in Cisco Prime Access Registrar 6.0

Anomalies Fixed in Cisco Prime Access Registrar 6.0

Table 3 lists the anomalies fixed in Cisco Prime AR 6.0.

Table 3 Anomalies Fixed in Cisco Prime AR 6.0  

Bug	Description
CSCuc19027	Cisco Prime AR crashes while sending traffic in eap-tls and eap-ttls.
CSCua75300	Cisco Prime AR crashes or restarts while reloading with TACACS + traffic without core file.
CSCub40574	TotalPacketsInuse in Tacacs statistics are not displayed properly in Cisco Prime AR 6.0 CLI and GUI.
CSCuc02792	Failover takes long time when you configure odbc-accounting with group service.
CSCub98092	Cisco Prime AR crashes during TACAS+ traffic with repeated users and when the authentication type is ASCII and PAP.
CSCuc65560	Cisco Prime AR crashes when you change the protocol/type from odbc/odbc-acc to oci/oci-acc.
CSCuc28770	In Cisco Prime AR 6.0 GUI, if you save the client configuration details without entering values for the mandatory fields, the Save and Cancel buttons disappear.
CSCuc10733	In Cisco Prime AR 6.0 GUI, list is not populated during switching between Radius and Vendor attributes.
CSCuc10866	In Cisco Prime AR 6.0 GUI, session key is not displayed in query-sessions.
CSCuc19483	After installation, Cisco Prime AR restarts with core file.
CSCua75311	In Cisco Prime AR 6.0, the value for totalPacketsInUse should not be negative in TACACS+ statistics output.
CSCub45082	Cisco Prime AR crashes when you receive Disconnect-NAK packet from NAS.
CSCua90170	When UseECCCertificates is enabled, Cisco Prime AR crashes with peapv0/peapv1 in the presence of traffic with mschap as inner method.
CSCub41806	Unable to reset the EnableKeepAlive field while configuring LDAP in Cisco Prime AR 6.0 GUI.
CSCuc64814	Multiple traps are displayed for the LDAP server when the server is up/down or a bad route is added/removed.
CSCuc64908	Multiple traps are displayed for the proxy server when you shut down or start up the AR server.

Known Anomalies in Cisco Prime Access Registrar 6.0

Table 4 lists the known anomalies in Cisco Prime AR 6.0.

Table 4 Known Anomalies in Cisco Prime AR 6.0 

Bug ID	Description
CSCua78429	Response is not sent to client when Cisco Prime AR encounters ORA error for accounting packets (like start, stop, and interim) in TACACS with oci/odbc service.
CSCtz22609	odbc-acc failover is not working when backup server buffer is disabled.
CSCue05688	Cisco PAR intermittently crashes in stress test.

Related Documentation

The following is a list of the documentation for Cisco Prime AR 6.0. You can access the URLs listed for each document at www.cisco.com on the World Wide Web. We recommend that you refer to the documentation in the following order:

Cisco Prime Access Registrar 6.0 Documentation Guide (OL-26927-01)

http://www.cisco.com/en/US/docs/net_mgmt/prime/access_registrar/6.0/roadmap/guide/PrintPDF/
ardocgd.html

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

This document is to be used in conjunction with the documents listed in the "Cisco Prime Access Registrar 6.0 Licensing" section.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2013 Cisco Systems, Inc. All rights reserved.