NAC Guest server for wired and wireless

Unanswered Question
Sep 14th, 2010
User Badges:

Hi


My customer wants the NGS to install for both wired and wireless users. For wireless users we can integrate it with the WLC but i don't know how it will work for wired users at the same time. Pls suggest.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Vishal Arora Fri, 10/08/2010 - 05:09
User Badges:

Hi Nicolas


Thanks for your valuable reply. As per the document posted by you i am sumarrizing my understanding on the solution. Pls correct me if i am wrong.



We will integrated User switches with the ACS for the RADIUS. Now for user database we will integrate NGS as the external user database with ACS.


My question is if this is yes then will all the policies we configure on NGS will work.



Thanks


Vishal

Tiago Antunes Fri, 10/08/2010 - 03:42
User Badges:
  • Cisco Employee,

Hi Vishal,


Please note that if you want to return ACLs (and usually in wired web auth you need to), you will have to integrate with ACS as NGS itself cannot return ACLs in the reply radius attributes.


Basically the process is as follows:

1 - Client plugs cable on switch.

2 - Web auth is triggered on the port.

3 - default ACL permiting only DNS and DHCP is applyed so that the client PC can obtain IP address and open a browser.

4 - Client will be redirected to the NGS hotspot login page.

5 - Client will enter credentials.

6 - Client broswer will send an HTTP POST packet containing the credentials.

7 - The switch will intercept the POS packets and retrieve the credentials entered.

8 - The switch will send Radius Access-Request to the ACS.

9 - The ACS will use the NGS as External Identity source to authenticate the client.

10 - The NGS will reply with Radius Access-Accept to the ACS and the ACS will reply to the switch including the ACL in the Access-Accept.

11 - the Switch authorizes the client on the port and applies the ACL it received from the ACS.


Please follow the document Nicolas posted as it is a good one.


HTH,
Thanks

Vishal Arora Fri, 10/08/2010 - 05:09
User Badges:

Hi


Thanks for your valuable reply. As per the document posted by Nicolas i am sumarrizing my understanding on the solution. Pls correct me if i am wrong.



We will integrated User switches with the ACS for the RADIUS. Now for user database we will integrate NGS as the external user database with ACS.


My question is if this is yes then will all the policies we configure on NGS will work.



Thanks


Vishal

Tiago Antunes Fri, 10/08/2010 - 05:15
User Badges:
  • Cisco Employee,

Yes, they will stil work.

The ACS function is simply to add the ACL attribute which is the only thing the NGS cannot do.


Cheers,
Tiago

Actions

This Discussion

Related Content