Hi, there,

I am working on a NAC Guest project where I need to do web-auth for wired-guest users.

I read through the doc "

IBNS: Cisco Integrated Local Web Authentication Deployment and Configuration Guide"

and able to  get NGS working with ACS via internal database or AD for wired  web-auth. Which means, when I plugged a guest PC onto the network, open a  broswer, enter either a ACS internal user ID or a domain user ID, the  web-auth will work and download the dACL from ACS.

BTW, I am using switch to intercept HTTP and send them to NGS for web login.

However,  when I tried to enter a Guest ID which got created by NGS, it always  failed. And I have the following questions, where the document is not  clear.

1) The sample login page in NGS reference to an  IP "1.1.1.1" and the document says it should NOT be used anywhere but  needs to be resolvable. What does that mean?

2) The sample login  page in NGS has a HTML code to add "NGS" as the realm which will show as  "ngs\guestusername" in the ACS failed log. Why do we need to add that?

3)  The sample login page in NGS use "@" as the realm seperator. What  happen if I use email address as username in NGS, which is the default  setting?

4) The sample login page in NGS uses "https://1.1.1.1",  can we change that to HTTP? Does it requires crypto image for the  switch?

I am getting different type of error in ACS,  one is 11014 RADIUS packet contains invalid attribute(s), one is  Authentication against RADIUS Token server failed.

Please help