cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4065
Views
15
Helpful
4
Replies

NAC Guest Server

Ahmed Shahzad
Level 1
Level 1

Hi Guru,

Do we need Cisco NAC appliance or Wireless controller with Cisco NAC Guest Server, or Cisco NAC Guest server can work independently?

Is there any way to implement Cisco NAC Guest server without NAC appliance or wireless LAN controller?

Best Regards,
Ahmed Shahzad.    

1 Accepted Solution

Accepted Solutions

Can you please check if you can access this link:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html.

It is a fully detailed "Cisco Integrated Local Web Authentication Deployment and Configuration Guide".

HTH,

Tiago

View solution in original post

4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

Hi,

NGS is a device which the main function is to allow sponsors to create guest accounts and then these guests can access network resources by authneticating against the NGS database.

Commonly NGS is used as WEB Auth portal or as a Radius Server.

Now you will alwasy need other devices to work together with NGS.

For example using a WLC you can creat an SSID for Web auth and configure the NGS as the external web auth page for the login.

Another tipical deployment is to integrate it with NAC appliance so that you can track logged in users via the Clean Access Manager Online user list.

Also, you can use the NGS for Wired guest access, in conjuntion with ACS. In this scenario, a sponsor createss the guest account and the guest plugs the PC to the switch port, opens a browser, enters credentials on the NGS Login page and then the switch tries to authenticated the user against the ACS which by its turn will querry the NGS for that user, using RADIUS.

So in summary, NGS should always be used together with other devices as it acts as a Database source for guest users, but needs tpo be used with the devices where the clients are really connected (wireless or wired).

Hope this helps,

Tiago

Hi Guru,

Thanks for your response.

Do you have any reference of document describing the configuration of NAC Guest server for wired user with ACS 5.x?

Best Regards,

Ahmed Shahzad.    

Can you please check if you can access this link:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html.

It is a fully detailed "Cisco Integrated Local Web Authentication Deployment and Configuration Guide".

HTH,

Tiago

Hi, Tiago,

I read through the doc you mentioned above and able to get NGS working with ACS via internal database or AD for wired web-auth. Which means, when I plugged a guest PC onto the network, open a broswer, enter either a ACS internal user ID or a domain user ID, the web-auth will work and download the dACL from ACS.

BTW, I am using switch to intercept HTTP and send them to NGS for web login.

However, when I tried to enter a Guest ID which got created by NGS, it always failed. And I have the following questions, where the document is not clear.

1) The sample login page in NGS reference to an IP "1.1.1.1" and the document says it should NOT be used anywhere but needs to be resolvable. What does that mean?

2) The sample login page in NGS has a HTML code to add "NGS" as the realm which will show as "ngs\guestusername" in the ACS failed log. Why do we need to add that?

3) The sample login page in NGS use "@" as the realm seperator. What happen if I use email address as username in NGS, which is the default setting?

4) The sample login page in NGS uses "https://1.1.1.1", can we change that to HTTP? Does it requires crypto image for the switch?

I am getting different type of error in ACS, one is 11014 RADIUS packet contains invalid attribute(s), one is Authentication against RADIUS Token server failed.

Please help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: