Specifications
B-12
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Appendix B API Support
Guest Access Operations
Required In Parameters:
• op: changeloggedinuserrole
• ip: Specifies the IP address of a logged-in user. To specify multiple users, use a comma-separated
IP list.
• role: Specifies a new role for the user.
Note If you do not use session-based authentication, the admin and passwd arguments are required. See
Authentication Requirements, page B-2.
Out Parameters: <!--error=mesg--> comment
• Success: mesg value of 0
• Failure: error string
Guest Access Operations
The following APIs allow administrators to create, delete, and view local user accounts on the CAM:
• getlocaluserlist, page B-12
• addlocaluser, page B-13
• deletelocaluser, page B-13
Local users are those internally validated by the CAM as opposed to an external authentication server.
These APIs are intended to support guest access for dynamic token user access generation, providing the
ability to:
• Use a webpage to access Cisco NAC Appliance API to insert a visitor username/password
combination, such as jdoe@visitor.com/jdoe112805, and then assign a role, such as guest1day.
• Delete all guest users associated with the guest access role for that day.
• List all usernames associated with the guest access role.
These APIs support most implementations of guest user access dynamic token/password generation and
allow the removal of those users for a guest role.
You must create the front-end generation password/token. For accounting purposes, Cisco NAC
Appliance provides RADIUS accounting functionality only.
getlocaluserlist
The getlocaluserlist function returns a list of local user accounts with user name and role name.
Required In Parameters:
• op: getlocaluserlist
Note If you do not use session-based authentication, the admin and passwd arguments are required. See
Authentication Requirements, page B-2.
Out Parameters: <!--error=mesg--> comment