cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1237
Views
0
Helpful
1
Replies

NAC Guest Server users migration to ISE (with passwords)

Ruslan Ivanov
Cisco Employee
Cisco Employee

We have a good question from one of the customer – can we migrate from NAC Guest Server to ISE 1.3 and keep the same passwords for guest endpoinds?

We can export passwords in cleartext from NGS, but, as far as I know ISE can’t import it anyway.

May be we can leverage advanced services or someone from BU to help with migration – it is social project, in that NGS used by customer to provide free internet and free access to educational materials for local rural schools, and it is nearly impossible to change passwords on hundreds of ipads at different schools at different locations.

Can we use guest CRUD API for that (as far, as i know - we can't submit password here), or use some workaround (like internal users storage, etc)?

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

View solution in original post

1 Reply 1

Jason Kunst
Cisco Employee
Cisco Employee

Unfortunately there is no way to set the guest password on ISE via any mecahnism

this has been extensively researched for several different options and the only way to do it is point ISE at NGS as a RADIUS server and continue using those accounts until they expire or new accounts are created on ISE and the old accounts terminated  when the device is reconfigured

Are they actually using it for guest services? Suspension expiration? Management really required via a sponsor portal?

it doesn't really sound like they are actually using real guest services but instead using those accounts as more permanent ones? If that's the case the other option is to instead create internal accounts on ISE via the rest api for those accounts which has the ability to set the password via a csv import or api call

Cisco Identity Services Engine API Reference Guide, Release 1.4 - External RESTful Services Calls [Cisco Identity Servic…

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: