PDF(113.2 KB) View with Adobe Reader on a variety of devices
Updated:Feb 24, 2011
Q. What is Cisco NAC Guest Server?
® NAC Guest Server enables organizations to deploy guest network access on Cisco NAC appliances or Cisco wireless LAN controllers by unifying the creation of guest accounts with provisioning in the network and adding full reporting capabilities to a guest network deployment. It facilitates the creation of guest accounts by permitting any designated internal user to sponsor a guest and create the account for them in a simple and secure manner. In addition, the whole process is recorded in a single place and stored for later reporting, including details of the guest accessing the network.
Q. Why should I care about Cisco NAC Guest Server?
A. Cisco NAC Guest Server reduces the complexity and cost of deploying guest access within your environment. It ties together creation, provisioning, and reporting of guest user accounts to deliver an easy-to-use system. In addition, Cisco NAC Guest Server enables you to take control of the security and audit requirements that relate to providing guest access.
Q. What are the business benefits of Cisco NAC Guest Server?
A. The business benefits of Cisco NAC Guest Server include:
• Increasing productivity and partner/customer satisfaction by providing guest access
• Simplifying the task of provisioning guest accounts, leading to increased usage
• Saving money by making it possible for sponsors to create guest accounts
• Meeting the audit requirements associated with guest access
• Enabling an additional layer of policy-based security, if desired
• Providing a consistent guest management interface across both the Cisco NAC Appliance and wireless LAN controller as enforcement points
Q. What are the components of Cisco NAC Guest Server?
A. Cisco NAC Guest Server is a standalone appliance that combines the hardware appliance and application software in a single package. It provides guest policy enforcement to either the Cisco NAC Appliance or Cisco wireless LAN controller, which is where guest policies are enforced.
Q. Is Cisco NAC Guest Server the only component I need to provide guest access?
A. Cisco NAC Guest Server provides the provisioning and reporting functions of guest access. You will still need to purchase a network enforcement device to provide the captive portal to the guest user. These functions can be provided by either Cisco NAC Appliance or Cisco wireless LAN controllers.
Q. How does Cisco NAC Guest Server work?
A. Provisioning guest accounts using Cisco NAC Guest Server is a simple process:
1. The sponsor browses to the Web interface of Cisco NAC Guest Server and authenticates with his or her corporate credentials.
2. The sponsor enters the guest's information and the desired start and end time for the temporary account.
3. Cisco NAC Guest Server provides the details to the guest through a hard-copy printout, an e-mail, or an SMS text message sent to the guest's telephone.
4. Cisco NAC Guest Server provisions the account when it is valid and removes it when it expires.
5. The network enforcement device (Cisco NAC Appliance or wireless LAN controller) sends accounting information on the guest's activity to the Cisco NAC Guest Server for audit and reporting purposes.
Q. How does the provisioning work when deployed with Cisco NAC Appliance?
A. If Cisco NAC Appliance is used as the captive portal and enforcement point for guest access, Cisco NAC Guest Server uses the appliance's API to manage the guest accounts directly on the appliance. This is an HTTPS-based API that creates and deletes accounts based upon status.
Q. How does the provisioning work when deployed with a Cisco wireless LAN controllers?
A. If the captive portal within the wireless LAN controller is used to provide guest access, Cisco NAC Guest Server acts as a RADIUS server and holds the accounts in its own database. When a guest enters their temporary username and password into the portal on the wireless LAN controller, the controller then authenticates the user against the guest server using the RADIUS protocol. Cisco NAC Guest Server responds to the wireless LAN controller with a "permit" or "deny" message. If the account is valid, a "permit" message is sent, along with the amount of time that the guest account will be valid. When the time on the guest account expires, the wireless LAN controller will automatically log out the user.
Q. Do I need to purchase a Cisco NAC Appliance to use Cisco NAC Guest Server or can I just use wireless LAN controllers?
A. You can use Cisco NAC Guest Server with either Cisco wireless LAN controllers or Cisco NAC Appliance, or a combination of both. Depending on your security requirements for guest access, you may choose to deploy wireless LAN controllers alone, or add Cisco NAC Appliance for additional security features such as security policy assessment and enforcement.
Q. Why would I use Cisco NAC Guest Server instead of the built-in "lobby ambassador" function in the Cisco NAC Appliance or wireless LAN controller?
A. The lobby ambassador function only provides basic provisioning of accounts by a small amount of predefined individuals. Cisco NAC Guest Server adds many critical functions, including:
• The ability to authenticate sponsors against a corporate directory. This permits self-service guest account creation, which results in increased usage, reduced costs of implementation, and reduced support costs.
• Role-based access for sponsors, which provides different levels of access based upon sponsor credentials.
• Username and password policies to match your corporate policy.
• Delivery of temporary user accounts via a hard-copy printout, e-mail, or SMS text message.
• Customization of the user interface.
• Full audit trail, from account creation to provisioning to logging the guest's access to the network.
• Reporting on guest usage for security, operational, and accounting purposes.
Q. Is there a limit to the amount of guests that I can provision/authenticate with Cisco NAC Guest Server?
A. There are no limits to the amount of sponsors that can use the system or guests that may be provisioned.
Q. Where can I find out more information on Cisco NAC?
A. More information on Cisco NAC, including Cisco NAC Guest Server and Cisco NAC Appliance, is available at
http://www.cisco.com/go/nac/appliance. You may also contact your local Cisco account representative.
Q. Where can I find out more information on Cisco wireless LAN controllers?
A. More information on Cisco wireless solutions, including Cisco wireless LAN controllers, is available at
http://www.cisco.com/go/wireless. You may also contact your local Cisco account representative.