New: Updated to include the Cisco Secure Network Server (SNS)
Cisco® NAC Guest Server is a core component of the Cisco TrustSec® solution that can be added to Cisco NAC wired or wireless deployments to integrate secure guest access. Cisco NAC Guest Server facilitates the creation of guest accounts for temporary network access by permitting any internal user to sponsor a guest and create the guest account in a simple and secure manner. In addition, the whole process is recorded in a single place and available for reporting purposes, inclusive of network access activity details.
Cisco NAC Guest Server is ideal for organizations that may need to provide Internet access to visiting customers and partners. Productivity demands and advances in mobility have transformed enterprises into major hotspots. The Cisco NAC Guest Server vastly streamlines the process of offering guest access accounts in a simple, secure, and flexible way.
Features and Benefits
Cisco NAC Guest Server enables your organization to do the following:
• Provide a complete access control and confidentiality solution: Cisco NAC Guest Server is deployable with other Cisco TrustSec components - including policy components, infrastructure enforcement components, endpoint components, and professional services - for a comprehensive access control and confidentiality solution.
• Decrease deployment and management costs: Cisco NAC Guest Server allows trusted employees to create guest accounts quickly and securely. This removes the resource burden from IT and help desk personnel.
• Reduce deployment risk: Automating temporary account provisioning with a fixed policy reduces the risk of human error and allows for removal at the correct time.
• Improve productivity for guests: The streamlining of guest account creation encourages guests to use the network and enhances productivity.
• Improve customer and partner satisfaction: Providing guest access for visitors enables greater collaboration. Customers and partners alike appreciate this capability.
Cisco NAC Guest Server provides the ability for sponsors - employees of the host company - to create guest accounts. Sponsors are authenticated against the web interface on the guest server and are granted permissions based on their role. The administrator decides which policies should be applied against each user role.
Authentication of the sponsor is performed against either an internal user account database defined by the administrator, or against the organization's Active Directory implementation. Sponsors are assigned to a role based on the groups they belong to in Active Directory, or they are assigned to a user on a local database who sponsors the guest. Sponsors can be given role-based permissions to create accounts, edit accounts, suspend accounts, and run reporting. These permissions can be granted to only accounts they created or to all accounts, or not granted at all.
Guest Account Creation
Cisco NAC Guest Server creates accounts based on the policy established for both usernames and passwords. Usernames can be based on the guest's email address, first or last name, or a completely random username based on a length and complexity that the administrator sets. Passwords can also be created based on the length and complexity required by corporate authentication policies.
Accounts are provisioned into the integrated database in the Cisco NAC Guest Server. From here they can be automatically provisioned and managed on the Cisco NAC Manager, or authenticated by Cisco wireless LAN controllers.
User Account Details
It is possible to pass user account details to a guest using various methods, all of which are completely configurable by the administrator. Access details can be printed as a hard copy to hand to guests, sent as an email prior to their arrival, or transmitted by SMS text message to guests' mobile phones. This enables an additional level of security by creating an audit trail of who was provided with the details.
Regardless of how access details are given, the content is fully customizable. Administrators can add details such as additional instructions or an acceptable use policy for guests to acknowledge.
Tight Integration with complete Cisco NAC Solution
Cisco NAC Guest Server integrates with Cisco NAC Server and Manager through its API. This way the guest accounts can be controlled directly on the guest server, including creation, editing, suspension, and deletion of accounts. The Cisco NAC Guest Server then controls these accounts on the Cisco NAC Manager through its API. In addition, the guest server receives accounting information from the NAC solution to enable full reporting of the entire experience.
Tight Integration with Cisco Wireless LAN Controller
Cisco NAC Guest Server integrates with Cisco Wireless LAN Controllers through the RADIUS protocol. In this way, guest accounts are controlled directly on the guest server, including creation, editing, and deletion of accounts. The wireless LAN controller need only be pointed toward the guest server to authenticate guest users. In addition, the guest server receives accounting information from the wireless LAN controller to enable full reporting of the entire experience.
The Cisco NAC Guest Server is a standalone component that can be added to Cisco NAC or wireless deployments to integrate secure guest access. The guest server houses the database and provides an integrated web server to permit access to both the sponsor and administrator's user interfaces. It integrates with the Cisco NAC Server and Manager or Cisco Wireless LAN Controller to provide the network access.
Figures 1 and 2 show how the Cisco NAC Guest Server works with the Cisco NAC Server appliance, first for a sponsor and then for a guest.
Figure 1. A Sponsor Using Cisco NAC Guest Server with a Cisco NAC Server Appliance
Figure 2. A Guest Using Cisco NAC Guest Server with a Cisco NAC Server Appliance
Figures 3 and 4 show how the Cisco NAC Guest Server works with a Cisco wireless LAN controller, first for a sponsor, then for a guest.
Figure 3. Sponsor Using Cisco NAC Guest Server with a Cisco Wireless LAN Controller
Figure 4. Guest Using Cisco NAC Guest Server with a Cisco Wireless LAN Controller
The Cisco NAC family now uses the Cisco Secure Network Server (SNS), taking advantage of a common hardware platform across NAC Manager, NAC Server, NAC Guest Server, the Identity Services Engine (ISE), and Cisco Secure Access Control Server (ACS) to create a flexible deployment environment.
The Cisco Secure Network Server family is based on the Cisco UCS C220 M3 Rack Server and is configured specifically to support security applications. The Cisco NAC Guest Server utilizes the SNS-3415 and is highlighted in Table 1.
Table 1. Cisco NAC Guest Server Hardware Specifications
1 x QuadCore Intel Xenon E5-2609 @ 2.4 GHz
4 x 4 GB (16 GB)
1 x 600 GB 6 Gbps SAS 10,000 RPM
4 x 1 Gb
1 x 650 Watts
Trusted Platform Module
Cisco NAC Guest Server is used in conjunction with a Cisco Wireless LAN Controller, the Cisco NAC Server and Manager, or a combination. Deploying with the Cisco NAC Server and Manager offers additional security features for both wired and wireless users, such as security policy assessment and enforcement.
Table 2 contains the ordering information for the Cisco NAC Guest Server. Order one of each of the three product part numbers per Cisco NAC Guest Server.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction.