Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
0
Helpful
1
Replies

NAC Guest Server users migration to ISE (with passwords)

Go to solution
Ruslan Ivanov
Cisco Employee
Cisco Employee

‎02-10-2016 12:04 PM

We have a good question from one of the customer – can we migrate from NAC Guest Server to ISE 1.3 and keep the same passwords for guest endpoinds?

We can export passwords in cleartext from NGS, but, as far as I know ISE can’t import it anyway.

May be we can leverage advanced services or someone from BU to help with migration – it is social project, in that NGS used by customer to provide free internet and free access to educational materials for local rural schools, and it is nearly impossible to change passwords on hundreds of ipads at different schools at different locations.

Can we use guest CRUD API for that (as far, as i know - we can't submit password here), or use some workaround (like internal users storage, etc)?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎02-10-2016 03:00 PM

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎02-10-2016 03:00 PM

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

0 Helpful
Customers Also Viewed These Support Documents