NGS is a device which the main function is to allow sponsors to create guest accounts and then these guests can access network resources by authneticating against the NGS database.
Commonly NGS is used as WEB Auth portal or as a Radius Server.
Now you will alwasy need other devices to work together with NGS.
For example using a WLC you can creat an SSID for Web auth and configure the NGS as the external web auth page for the login.
Another tipical deployment is to integrate it with NAC appliance so that you can track logged in users via the Clean Access Manager Online user list.
Also, you can use the NGS for Wired guest access, in conjuntion with ACS. In this scenario, a sponsor createss the guest account and the guest plugs the PC to the switch port, opens a browser, enters credentials on the NGS Login page and then the switch tries to authenticated the user against the ACS which by its turn will querry the NGS for that user, using RADIUS.
So in summary, NGS should always be used together with other devices as it acts as a Database source for guest users, but needs tpo be used with the devices where the clients are really connected (wireless or wired).
I read through the doc you mentioned above and able to get NGS working with ACS via internal database or AD for wired web-auth. Which means, when I plugged a guest PC onto the network, open a broswer, enter either a ACS internal user ID or a domain user ID, the web-auth will work and download the dACL from ACS.
BTW, I am using switch to intercept HTTP and send them to NGS for web login.
However, when I tried to enter a Guest ID which got created by NGS, it always failed. And I have the following questions, where the document is not clear.
1) The sample login page in NGS reference to an IP "184.108.40.206" and the document says it should NOT be used anywhere but needs to be resolvable. What does that mean?
2) The sample login page in NGS has a HTML code to add "NGS" as the realm which will show as "ngs\guestusername" in the ACS failed log. Why do we need to add that?
3) The sample login page in NGS use "@" as the realm seperator. What happen if I use email address as username in NGS, which is the default setting?
4) The sample login page in NGS uses "https://220.127.116.11", can we change that to HTTP? Does it requires crypto image for the switch?
I am getting different type of error in ACS, one is 11014 RADIUS packet contains invalid attribute(s), one is Authentication against RADIUS Token server failed.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...