I am working on a NAC Guest project where I need to do web-auth for wired-guest users.
I read through the doc "
IBNS: Cisco Integrated Local Web Authentication Deployment and Configuration Guide"
and able to get NGS working with ACS via internal database or AD for wired web-auth. Which means, when I plugged a guest PC onto the network, open a broswer, enter either a ACS internal user ID or a domain user ID, the web-auth will work and download the dACL from ACS.
BTW, I am using switch to intercept HTTP and send them to NGS for web login.
However, when I tried to enter a Guest ID which got created by NGS, it always failed. And I have the following questions, where the document is not clear.
1) The sample login page in NGS reference to an IP "18.104.22.168" and the document says it should NOT be used anywhere but needs to be resolvable. What does that mean?
2) The sample login page in NGS has a HTML code to add "NGS" as the realm which will show as "ngs\guestusername" in the ACS failed log. Why do we need to add that?
3) The sample login page in NGS use "@" as the realm seperator. What happen if I use email address as username in NGS, which is the default setting?
4) The sample login page in NGS uses "https://22.214.171.124", can we change that to HTTP? Does it requires crypto image for the switch?
I am getting different type of error in ACS, one is 11014 RADIUS packet contains invalid attribute(s), one is Authentication against RADIUS Token server failed.