Specifications

5-22
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 5 Configuring User Login Page and Guest Access
Guest User Access
Enable the Preset “Guest” User Account
At installation, the Clean Access Manager includes a built-in guest user account. By default, the local
user “guest” belongs to the Unauthenticated Role and is validated by the Clean Access Manager itself
(Provider: LocalDB). You should specify a different role for the guest user and configure that role with
login redirection, traffic control, and timeout policies as appropriate for guest users on your network.
With this method, the Guest Access button is enabled on the user login page. When a visitor clicks the
button, the username and password
guest/guest are sent to the CAM for authentication, and the guest
user can be immediately redirected to the desired web page. Note that you must configure a new user
role to which to associate the guest user.
1. Create a new Guest user role as you would any other user login role using the User Management >
User Roles > New Role page as described in Create User Roles, page 6-2.
2. Associate the Guest user to a Guest role as described in Create or Edit a Local User, page 6-15.
3. Configure Traffic Policies for the Guest role as described in Chapter 8, “User Management: Traffic
Control, Bandwidth, Schedule”.
4. Configure the user login page to enable Guest access as described in Configuring the Guest User
Access Page, page 5-18.
Note Cisco recommends using the guest login method described in Configure Guest User Registration,
page 5-17 over both this “Enable Login Page Guest Access” option and the Allow All method. (Earlier
releases of Cisco NAC Appliance also allowed guest users to log in by submitting their email address
and gain network access via the Allow All provider type. The user ID the guest user submitted in the
login page (e.g., their email address) would appear as the User Name in the Online Users page while
the user was logged in.)