Specifications
5-17
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 5 Configuring User Login Page and Guest Access
Guest User Access
See Create Local User Accounts, page 6-15 for further details.
Guest User Access
Guest access makes it easy to provide visitors or temporary users limited access to your network. The
following are two methods to implement guest access:
Configure Guest User Registration—You can require guest users to register on the network by providing
a set of credentials that identify that particular user on the CAM for the duration of the guest user session.
Registered guest users share the network with authenticated users, but only get access to the network
resources you specify in the guest user authentication role.
Enable the Preset “Guest” User Account—With the guest account method, guest users share the network
with authenticated users. The Event Log displays all guest users with username “guest” but will
differentiate each guest user by login timestamp and MAC/IP address (if L2) or IP address (if L3).
Note Guest users accessing the Cisco NAC Appliance system via the preset “Guest” user account must
use the “Local DB” provider option. For more information, see Customize Login Page Content,
page 5-8.
Configure Guest User Registration
Guest user registration allows guest users to log in using their own individual login ID independent of
any existing local user accounts. Guest users enter any login credentials that identify that user’s
session(s) on the NAC Appliance system and those credentials identify that user on the CAM for the
duration of the guest user session. Users can enter ID numbers, Email addresses, names, or any of a
number of identifiers you specify when configuring guest user registration parameters on the CAM. This
method allows guest users to submit unique user ID strings so that the administrator can track, manage,
and display user sessions with meaningful identifiers. The identifier the user submits in the login page
appears in the Online Users and User Management > Guest Users pages while the Guest user is logged
in. (The alternate guest account method described below—Enable the Preset “Guest” User
Account—does not record any specific individual information for any users and all users on the system
appear as “guest.”)
To enable Guest Registration on the NAC Appliance system:
1. Create a new Guest user role as you would any other user login role using the User Management >
User Roles > New Role page as described in Create User Roles, page 6-2.
2. Configure the Guest authentication provider type and map it to the Guest role as described in Guest,
page 7-26.
3. Configure the user login page to require Guest registration (as described in Customize Login Page
Content, page 5-8) in the Administration > User Pages > Login Page > List | Edit > Content page:
–
Enable the Provider Label and click the checkbox corresponding to the Guest authentication
provider type you have configured under Available Providers to ensure it appears in the list of
available authentication sources in the Providers options users see on the login page.
–
Enable both the Guest Label and Guest Registration Required options to ensure users see the
Guest login option on the login page.