Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
6
Helpful
4
Replies

EAP-SIM, EAP-AKA, EPS-AKA support

Go to solution
mamckenn
Level 1
Level 1

‎05-09-2023 08:59 AM

Hi all,

I saw a conversation about this from a few years ago. Can someone at Cisco please confirm if ISE supports EAP-SIM, EAP-AKA, or EPS-AKA, of if there are plans to do so. 

If not, do enterprises still have to rely on CPAR, and how would that interoperate with an existing ISE deployment? Or would CPAR be a separate radius implementation with its own policy rules?

Do any enterprises actually use CPAR? it seems to be more for mobile carriers?

thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ahollifield
VIP
VIP

‎05-09-2023 10:32 AM

ahollifield_0-1683653397337.png

CPAR = Cisco Prime Access Registrar?  I don't know much about the product but my understanding is it is purpose built for the service provider space and does not target enterprise use-cases like ISE.

View solution in original post

4 Replies 4

Go to solution
ahollifield
VIP
VIP

‎05-09-2023 10:32 AM

ahollifield_0-1683653397337.png

CPAR = Cisco Prime Access Registrar?  I don't know much about the product but my understanding is it is purpose built for the service provider space and does not target enterprise use-cases like ISE.

Go to solution
Arne Bier
VIP
VIP

‎05-09-2023 05:32 PM

Hi @mamckenn 

I spent some years working with CPAR and it's a great RADIUS/DIAMETER server for service provider customers. EAP-SIM/AKA requires a lot of backend connectivity to the service provider's HLR (Home Location Register) using SIGTRAN or whatever else they use these days. It's a whole other world. Has no place in Enterprise networking. 

I can't say for sure, but ISE will never support EAP-SIM/AKA etc because Enterprise customers have no means to communicate with a service provider's HLR.

Are you asking in relation to OpenRoaming perhaps?

Go to solution
mamckenn
Level 1
Level 1

‎05-10-2023 04:17 AM

Hi, can someone at Cisco please give the the definitive answer for this please.  Please don't try to second guess the architecture, at this stage i just simply need to know if ISE supports EAP-SIM, EAP-AKA, or EPS-AKA, of if there are plans to do so. thanks

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to mamckenn

‎05-10-2023 05:32 AM

Did you see the screenshot I posted? That is from ISE 3.1 and shows you all of the supported EAP types. Secondly road map items are typically never discussed in a public form like this. Also, if you *must* have an answer from a Cisco employee I would think your Cisco account team would be the best place to ask rather than a public forum.
Customers Also Viewed These Support Documents