cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1061
Views
0
Helpful
1
Replies
Ruslan Ivanov
Cisco Employee

NAC Guest Server users migration to ISE (with passwords)

We have a good question from one of the customer – can we migrate from NAC Guest Server to ISE 1.3 and keep the same passwords for guest endpoinds?

We can export passwords in cleartext from NGS, but, as far as I know ISE can’t import it anyway.

May be we can leverage advanced services or someone from BU to help with migration – it is social project, in that NGS used by customer to provide free internet and free access to educational materials for local rural schools, and it is nearly impossible to change passwords on hundreds of ipads at different schools at different locations.

Can we use guest CRUD API for that (as far, as i know - we can't submit password here), or use some workaround (like internal users storage, etc)?

1 ACCEPTED SOLUTION

Accepted Solutions
Jason Kunst
Cisco Employee

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

View solution in original post

1 REPLY 1
Jason Kunst
Cisco Employee

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube