Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2246
Views
15
Helpful
6
Replies

NAC Guest server for wired and wireless

Vishal Arora
Level 1
Level 1

‎09-14-2010 03:51 AM - edited ‎02-21-2020 04:05 AM

Hi

My customer wants the NGS to install for both wired and wireless users. For wireless users we can integrate it with the WLC but i don't know how it will work for wired users at the same time. Pls suggest.

Thanks

0 Helpful
6 Replies 6

Nicolas Darchis
Cisco Employee
Cisco Employee

‎10-08-2010 03:08 AM

Hi Vishal,

you can use NGS as a hotspot to provide the web login page with the switch webauth. It's basically an web authentication on the switch with the NGS as external server.

I would start with this :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html

Regards,

Nicolas

0 Helpful

Vishal Arora
Level 1
Level 1
In response to Nicolas Darchis

‎10-08-2010 05:09 AM

Hi Nicolas

Thanks for your valuable reply. As per the document posted by you i am sumarrizing my understanding on the solution. Pls correct me if i am wrong.

We will integrated User switches with the ACS for the RADIUS. Now for user database we will integrate NGS as the external user database with ACS.

My question is if this is yes then will all the policies we configure on NGS will work.

Thanks

Vishal

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee

‎10-08-2010 03:42 AM

Hi Vishal,

Please note that if you want to return ACLs (and usually in wired web auth you need to), you will have to integrate with ACS as NGS itself cannot return ACLs in the reply radius attributes.

Basically the process is as follows:

1 - Client plugs cable on switch.

2 - Web auth is triggered on the port.

3 - default ACL permiting only DNS and DHCP is applyed so that the client PC can obtain IP address and open a browser.

4 - Client will be redirected to the NGS hotspot login page.

5 - Client will enter credentials.

6 - Client broswer will send an HTTP POST packet containing the credentials.

7 - The switch will intercept the POS packets and retrieve the credentials entered.

8 - The switch will send Radius Access-Request to the ACS.

9 - The ACS will use the NGS as External Identity source to authenticate the client.

10 - The NGS will reply with Radius Access-Accept to the ACS and the ACS will reply to the switch including the ACL in the Access-Accept.

11 - the Switch authorizes the client on the port and applies the ACL it received from the ACS.

Please follow the document Nicolas posted as it is a good one.

HTH,
Thanks

Vishal Arora
Level 1
Level 1
In response to Tiago Antunes

‎10-08-2010 05:09 AM

Hi

Thanks for your valuable reply. As per the document posted by Nicolas i am sumarrizing my understanding on the solution. Pls correct me if i am wrong.

We will integrated User switches with the ACS for the RADIUS. Now for user database we will integrate NGS as the external user database with ACS.

My question is if this is yes then will all the policies we configure on NGS will work.

Thanks

Vishal

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to Vishal Arora

‎10-08-2010 05:15 AM

Yes, they will stil work.

The ACS function is simply to add the ACL attribute which is the only thing the NGS cannot do.

Cheers,
Tiago

jonmarso_07
Level 1
Level 1
In response to Tiago Antunes

‎05-21-2012 11:33 AM

Without the ACS, only with the NAC guest is possible?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card