Cisco NAC Guest Server Installation and Configuration Guide, Release 2.0

Welcome to Cisco NAC Guest Server

---

Introduction

The Cisco NAC Guest Server is a complete provisioning, management, and reporting system that provides temporary network access for guests, visitors, contractors, consultants, or customers. The Cisco NAC Guest Server works alongside Cisco NAC Appliance, Cisco Wireless LAN Controllers, and other Cisco Network Enforcement devices, which provide the captive portal and enforcement point for guest access.

Cisco NAC Guest Server allows any user with privileges to easily create temporary guest accounts and sponsor guests. Cisco NAC Guest Server performs full authentication of sponsors, the users who create guest accounts, and allows sponsors to provide account details to the guest by printout, email, or SMS. The entire experience, from user account creation to guest network access, is stored for audit and reporting.

When guest accounts are created, they are either provisioned within the Cisco NAC Appliance Manager (Clean Access Manager) or stored within the built-in database on the Cisco NAC Guest Server. When using the Guest Server's built-in database, external network access devices, such as the Cisco Wireless LAN Controller, can authenticate users against the Guest Server using the RADIUS (Remote Authentication Dial In User Service) protocol.

The Cisco NAC Guest Server provisions the guest account for the amount of time specified when the account is created. Upon expiry of the account, the Guest Server either deletes the account directly from the Cisco NAC Appliance Manager or sends a RADIUS message which notifies the network access device (NAD) of the amount of valid time remaining for the account before the NAD should remove the user.

Cisco NAC Guest Server provides vital guest network access accounting by consolidating the entire audit trail from guest account creation to guest use of the account so that reports can be performed through a central management interface.

Guest Access Concepts

Cisco NAC Guest Server makes use of a number of terms to explain the components needed to provide guest access.

Guest User

The guest user is the person who needs a guest user account to access the network.

Sponsor

The sponsor user is the person who creates the guest user account. This person is often an employee of the organization that provides the network access. Sponsors can be specific individuals with certain job roles, or can be any employee who can authenticate against a corporate directory such as Microsoft Active Directory (AD).

Admin

The admin user is the administrator who configures and maintains the Cisco NAC Guest Server appliance.

Network Enforcement Device

These devices are the network infrastructure components that provide the network access. Additionally, network enforcement devices are responsible for pushing guest users to a captive portal where they can enter their guest account details. When a guest enters his or her temporary user name and password, the network enforcement device checks those credentials against the guest accounts created by the Guest Server.

Guest Server

The Cisco NAC Guest Server ties together all the pieces of guest access. The Guest Server links the sponsor creating the guest account, the account details passed to the guest, the guest authentication against the network enforcement device, and the network enforcement device's verification of the guest with the Guest Server. Additionally, the Cisco NAC Guest Server consolidates accounting information from network enforcement devices to provide a single point of guest access reporting.

Before You Start

This section describes the following:

•Package Contents

•Rack Mounting

•Cisco NAC Guest Server Licensing

•Upgrading Firmware

•Additional Information

Package Contents

Verify the contents of the packing box as shown in Figure 1-1, to ensure that you have received all items necessary to install your Cisco NAC Guest Server. Save the packing material in case you need to repack the unit. If any item is missing or damaged, contact your Cisco representative or reseller for instructions.

Figure 1-1 Shipping Box Contents

---

Note As product software is preloaded onto the Cisco NAC Guest Server appliance, the shipping contents do not include a separate software installation CD.

---

Rack Mounting

The Cisco NAC Guest Server occupies one rack unit (1U). A rack-mounting kit is included in the shipment. For rack-mounting information and instructions, refer to the 1U Rack Hardware Installation Instructions for HP Products document also included in the shipment.

Cisco NAC Guest Server Licensing

You need to obtain and install a FlexLM product license for your Cisco NAC Guest Server via its web interface for your system to work. See Installing the Product License and Accessing the Administration Interface for instructions on how to obtain and install license(s) for your system.

For additional details, refer to Cisco NAC Appliance Service Contract / Licensing Support.

Upgrading Firmware

The Cisco NAC Guest Server is based on the following:

•Cisco NAC Appliance 3310 (NAC-3310) hardware platform. NAC-3310 is based on the HP ProLiant DL140 G3. The Cisco NAC Guest Server appliance is subject to any system BIOS/Firmware upgrades required for the server model on which it is based.

•Cisco NAC Appliance 3315 (NAC-3315) hardware platform. The next generation Cisco NAC Appliance (NAC-3315) is based on the IBM System x3250 M2 server platform.

For further details refer to Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access).

Additional Information

For late-breaking or additional details for this release, refer to the Release Notes for Cisco NAC Guest Server, Release 2.0.2.

For the latest online updates to this guide, visit http://www.cisco.com/en/US/products/ps6128/products_installation_and_configuration_guides_list.html

See Product Documentation for a list of related documentation for Cisco NAC Guest Server.