Cisco OL-15986-01 User Manual

Cisco NAC Guest Server Installation and Configuration Guide

Release 1.1.0
March 2008

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-15986-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS M ANUAL ARE SUBJECT TO CHA NGE WITHOUT NO TICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICA TION OF ANY PRODUCT S.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORT H IN THE INFORMATION PACKET T HAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP head er compressi on is an adap tation of a program developed by the Universi ty of Ca lifornia, Berk eley (UCB) as part of UCB ’s public
domain version of the UNIX operatin g system. All rights reserved . Copyri ght © 1981 , Rege nts of the Uni versity of Calif ornia.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THE SE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAI M ALL WARRANTIE S, EXPRESSED OR
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NO NINFRINGEM ENT OR ARISING FROM A COURS E OF
DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING ,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE S.

CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Net work are trademar ks; Changing the Way We Work, Live, Play, and
Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the
Cisco

Certified Internetwork Expert logo, Cisco IOS, Cis co Press, Cis co S ystems, Cisco Syste ms Ca pita l, th e Cis co Systems logo, Cisco Unity, Collaboration Without
Limitation, Enter prise /Solv er, EtherC ha nnel , EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient,
IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort
MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise,
The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx
United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0801 R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unint entional an d coinc idental.

Cisco NAC Guest Server Installation and Configuration Gu ide

© 2008 Cisco Systems, Inc. All rights res erved.

logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the

IMPLIED, INCLUDING, WI TH OUT

logo, LightStream, Linksys, MediaTone, MeetingPlace,

About This Guide ix

CONTENTS

CHAPTER

CHAPTER

CHAPTER

1 Welcome to Cisco NAC Guest Server 1-1

Introduction 1-1

Guest Access Concepts 1-1

Before You Start 1-2

Package Contents 1-2
Rack Mounting 1-3
Cisco NAC Guest Server Licensing 1-3
Upgrading Firmware 1-3
Additional Information 1-4

2 Installing Cisco NAC Guest Server 2-1

Connecting the Cisco NAC Guest Server 2-1
Command Line Configuration 2-3

Configure IP Address and Default Gateway 2-3
Change Root Password 2-5

Re-Imaging the Appliance 2-6

3 System Setup 3-1

OL-15986-01

Accessing the Administration Interface 3-1

Obtain and Install Cisco NAC Guest Server License 3-2

Access Cisco NAC Guest Server Administration Interface 3-3
Configuring Network Settings 3-4
Date and Time Settings 3-5
SSL Certificate 3-7

Accessing the Guest Server using HTTP or HTTPS 3-7

Generating Temporary Certificates/ CSRs/ Private Key 3-8

Downloading Certificate Files 3-9

Downloading the CSR and Certificate 3-9
Downloading the Private Key 3-9

Upload Certificate Files 3-10
Configuring Administrator Authentication 3-10

Add New Admin Account 3-10

Cisco NAC Guest Server Installation and Configuration Guide

iii

Contents

Edit Existing Admin Account 3-11
Delete Existing Admin Account 3-13

CHAPTER

4 Configuring Sponsor Authentication 4-1

Configuring Local Sponsor Authentication 4-1

Add New Local User Account 4-1
Edit Existing User Account 4-3
Delete Existing User Account 4-4

Configuring Active Directory (AD) Authentication 4-5

Add Active Directory Domain Controller 4-6
Edit Existing Domain Controller 4-7
Delete Existing Domain Controller Entry 4-9

Configuring LDAP Authentication 4-9

Add an LDAP Server 4-11
Edit an Existing LDAP Server 4-12
Delete an Existing LDAP Server Entry 4-14

Configuring RADIUS Authentication 4-15

Add a RADIUS Server 4-16
Edit an Existing RADIUS Server 4-17
Delete an Existing RADIUS Server Entry 4-18

Configuring Sponsor Authentication Settings 4-18

Changing the Order of Authentication Servers 4-18
Sponsor Timeouts 4-19

CHAPTER

CHAPTER

iv

5 Configuring User Group Permissions 5-1

Adding User Groups 5-1
Editing User Groups 5-4
Deleting User Groups 5-6
Specifying the Order of User Groups 5-7
Mapping to Active Directory Groups 5-8
Mapping to LDAP Groups 5-8
Mapping to RADIUS Groups 5-10

6 Configuring Guest Policies 6-1

Setting the Username Policy 6-1
Setting the Password Policy 6-2
Setting the Guest Details Policy 6-3

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Contents

CHAPTER

CHAPTER

CHAPTER

7 Integrating with Cisco NAC Appl iance 7-1

Adding Clean Access Manager Entries 7-1
Editing Clean Access Manager Entries 7-3
Deleting Clean Access Manager Entries 7-4
Configuring the CAM for Reporting 7-4

Adding a RADIUS Accounting Server 7-5

Configure the CAM to Format RADIUS Accounting Data 7-6

8 Configuring RADIUS Clients 8-1

Overview 8-1
Adding RADIUS Clients 8-2
Editing RADIUS Clients 8-3
Deleting RADIUS Clients 8-4

9 Guest Account Notification 9-1

Configuring Email Notification 9-2
Configuring SMS Notification 9-3

CHAPTER

CHAPTER

10 Customizing the Application 10-1

User Interface Templates 10-1
Adding a User Interface Template 10-2
Editing a User Interface Template 10-2

Editing the Print Template 10-4

Editing the Email Template 10-5

Editing the SMS Template 10-6

Using Account Durations 10-7
Deleting a Template 10-8
Setting the Default Interface Mapping 10-8
Setting User Default Redirection 10-9

11 Backup and Restore 11-1

Configuring Backup Settings 11-2

Taking a snapshot 11-2

Scheduling a Backup 11-3
Restoring Backups 11-3

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

v

Contents

CHAPTER

CHAPTER

12 Replication and High Availability 12-1

Setting up replication 12-1
Configuring Provisioning 12-3
Replication Status 12-4
Recovering from Failures 12-4

Network Connectivity 12-4
Device Failure 12-5

Deployment Considerations 12-5

Connectivity 12-5
Load Balancing 12-6

Web Interface 12-6
RADIUS Interface 12-6

12-7

13 Logging and Troubleshooting 13-1

System Logging 13-1
Log Files 13-2

Downloading the log files 13-2
Application Logging 13-2
Email Logging 13-2
RADIUS Logging 13-2
CAM Update Logging 13-3
Web Server Logging 13-3

CHAPTER

CHAPTER

vi

14 Licensing 14-1

Licensing 14-1

15 Sponsor Documentation 15-1

Introduction to Cisco NAC Guest Server 15-1
Connecting to the Guest Server 15-1
Creating Guest User Accounts 15-4

Print Account Details 15-6
Email Account Details 15-6
Text Message Account Details (SMS) 15-6

Multiple Guest Accounts 15-7

Creating Multiple Accounts from Text Entry 15-7
Creating Multiple Accounts from CSV File 15-8
Creating Multiple Random Accounts 15-8

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Printing/Email/SMS Multiple Accounts 15-9

Viewing Multiple Account Groups 15-10

Viewing Multiple Account Groups 15-10
Finding Multiple Account Groups by username 15-11

Finding Multiple Account Groups on the Active Accounts Report. 15-11
Editing Guest Accounts 15-12
Suspending Guest Accounts 15-12
Viewing Active Accounts and Resending Details 15-13
Reporting on Guest Users 15-13

Contents

APPENDIX

A Open Source License Acknowledgements A-1

Notices A-1

OpenSSL/Open SSL Project A-1

License Issues A-1

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

vii

Contents

viii

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

About This Guide

March 5, 2008, OL-15986-01

This preface includes the following sections:

• Audience

• Purpose

• Document Conventions

• Product Documentation

• Obtaining Documentation and Submitting a Service Request

Audience

This guide is for network adm inistrato rs who are im plement ing Cisco NAC Guest Server to provision
guest access on their networks. Cisco NAC Guest Server works alongside Cisco NAC Appliance, Cisco
Unified Wireless Networks and other Cisco Network Enforcement devices to provide the captive portal
and enforcement point for guest access.

Purpose

The Cisco NAC Guest Server Install ation and Co nfiguration Guid e describes how to install and
configure the Cisco NAC Guest Server appliance. It describes the simple initial installation of the
appliance via CLI and the configuration and administration of the Guest Access Portal through the
web-based interface .

Document Conventions

Item Convention

Indicates command line output. Screen font
Indicates informat ion you ente r. Boldface screen f ont
Indicates variables for which you supply values. Italic screen font

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

ix

Item Convention

Indicates web admin conso le modules, me nus, tabs, links an d
submenu link s.

Indicates a menu item to be selected. Administration > User Pages

Product Documentation

Table 1 lists documents are available for Cisco NAC Guest Server on Cisco.com at the following URL:
http://www.cisco.com/en/US/products/ps6128/tsd_products_sup port_se ries_home .html

Tip To access external URLs referenced in this document, right-click the link in Adobe Acrobat and select

“Open in Weblink in Browser.”

Table 1 Cisco NAC Appliance Document Set

About This Guide

Boldface font

Document Title Refer to This Document For Information On:

Release Notes for Cisco NAC Guest Server,
Release 1.1.0

Cisco NAC Guest Server Installation and
Configuration Guide (this docu ment )

Cisco NAC Appliance Service Co ntract /
Licensing Support

Cisco NAC Appliance Product Literature Online in ks to Ord er ing Gui de Bu lle tin s, D ata

Cisco NAC Appliance - Clean Access Manager
Installation and C onfiguration G uide

Cisco NAC Appliance - Clean Access Server
Installation and C onfiguration G uide

Cisco Wireless LAN Controller Configuration
Guide, Rel eas e 4.0

Details on the latest Cisco NAC Guest Server
release.

Hardware information, initi al installation, setup and
configuration instructions for Cisco NAC Guest
Server.

Information on serv ice cont r act su ppo rt, lic ensing
support and RMA su ppo rt f or Ci sco NAC
Appliance, Cisco NAC Profiler and Cisco NAC
Guest Server.

Sheets, Q&A and Chalk Talk presentations
Configuration guides for NAC Appliance Manager

and Server

Configuration inform ation for Cisco Wireless LAN
Controllers

Obtaining Documentation and Su bmitting a Service Reque st

For information on obtaining docume ntatio n, submittin g a service request, an d gatherin g additiona l
information, see the monthly What’s
revised Cisco

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.

Cisco NAC Guest Server Installation and Configuration Guide

x

technical documentation, at:

New in Cisco Product Documentation, which also lists all new and

OL-15986-01

Introduction

CHA PTER

1

Welcome to Cisco NAC Guest Server

The Cisco NAC Guest Server is a complete provisioning and reporting system that provides temporary
network access for guests, visitor s, contra ctors, consultants or cu stomer s. The Guest Ser ver works
alongside Cisco NAC Appliance or Cisco Wireless LAN Controller which provide the captive portal and
enforcemen t poin t for gue st ac cess.

Cisco NAC Guest Server allows any user with privileges to ea sily cre ate tem porar y g ue st ac c ounts and
sponsor guests. Cisco NAC Guest Server performs full authentication of sponsors, the users who create
guest accounts, and allows spo nsors t o provide a ccou nt d eta ils t o th e gue st by p rint out, em ail o r SMS.
The entire experience , from user accou nt cre ation to gu est netwo rk acces s, is stor ed for au dit and
reporting.

When guest accounts are created, they are eit her pro visioned wit hin the Cisco N AC Appliance Manager
(Clean Access Manager) or stored within the built-in database on the Cisco NAC Guest Server. When
using the Guest Server’s built-in database, external network access devices, such as the Cisco Wireless
LAN Controller, can authenticate users against the Guest Server using the RADIUS (Remote
Authentication Dial In User Service) protocol.

The Cisco NAC Guest Server provisions the guest account for the amount of time specified when the
account is created. Up on e xpiry o f the a ccount , the Gu est Ser ver either deletes the a ccount directly from
the Cisco NAC Appliance Manager or sends a RADIUS message whi ch notifies the network ac cess
device (NAD) of the amount of valid time remaining for the account before the NAD should remove the
user.

Cisco NAC Guest Server provides vital guest network access accounting by consolidating the entire
audit trail from g ue st a ccoun t c re ation t o gue st u s e of t he a cco unt so t hat repor ts can be pe rfo rm ed
through a centra l ma nage ment inter face.

Guest Access Concepts

Cisco NAC Guest Server makes use of a number of terms to explain the co mpone nts ne ed ed to provide
guest access.

Guest User

The Guest User is the person who needs a user account to access the network.

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

1-1

Before You Start

Chapter 1 Welcome to Cisco NAC Guest Server

Sponsor

The Sponsor is t he pe rson w ho c reate s th e gue st u ser a cco unt. Th is per son i s of ten an em ploy ee o f the
organization that provides the network ac cess. Sponso rs can be spec ific individuals with cert ain job
roles, or can be any employee who can authenticate against a corporate directory such as Microsoft
Active Directory (AD).

Network Enforcement Devic e

These devices a re th e ne tw o rk i nf ras truc ture co mpo nent s th at p ro v id e t he n etw o r k acc ess. Additionally,
network enforceme nt device are resp onsibl e f or pu shing guest use rs to a ca ptive portal wh er e they c an
enter their guest account details. When a guest enters his or her temporary user name and password, the
network enforcement device checks those credentials against the guest accounts created by the Guest
Server.

Guest Server

This is the Cisco NAC Guest Server , which ties t ogethe r all the piec es of guest a ccess. T he Guest Se rver
links the sponsor creating the guest account, the account details passed to the guest, the guest
authentication against the network enforcement device, and the network enforcement device’s
verification of the guest with the Guest Server. Additionally, the Cisco NAC Guest Server consolidates
accounting informa tion fro m network enfo rcemen t devices to provide a singl e point of gue st access
reporting.

Before You Start

This section describes the fo llowing:

• Package Contents

• Rack Mounting

• Cisco NAC Guest Server Li cens ing

• Upgrading Firmware

• Additional Information

Package Contents

Verify the contents of the packing box (Figure 1-1) to ensure that you have received all items necessary
to install your Cisco NAC Guest Server. Save the packing material in case you need to repack the unit.
If any item is missing or damaged, cont act your Ci sco repre sentative or reseller fo r instructi ons.

1-2

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 1 Welcome to Cisco NAC Guest Server

185434

rd

Rack mounting kit

DB-9 serial null modem cable

Figure 1-1 Shipping Box Contents

Before You Start

RJ-45 cable

(straight-through)

Cisco NAC Guest Server

Note Because product sof tware is p re load ed on to t he Cisco NAC Guest Server applia nce, the sh ipping

contents do not include a separate software installation CD.

Rack Mounting

The Cisco NAC Guest Server occupie s o ne rac k unit ( 1U ). A rack -mo unti ng kit is inc lude d in t he
shipment. For rack-mounting information and instructions, refer to the 1U Rack Hardware Installation
Instructions for HP Products document also included in the shipment .

Cisco NAC Guest Server Licensing

Documentation

Information

Cisco

Cisco NAC

Getting Started

Appliance

Packet

Guide

Important

Information

Safety

AC power co

Yo u need to obta in a nd insta ll a FlexLM p rod uct l icen se f or your Ci sco NAC Guest Server via i ts web
interface for your system to work. See
on how to obtain and install license(s) for your system.

For additional details, refer to Cisco NAC Appliance Service Contract / Licensing Su ppo rt.

Upgrading Firmware

The Cisco NAC Guest Server is based on th e C is co NAC Appliance 331 0 (NAC-3310) hardware
platform. The Cisco NAC Guest Server appliance is subject to any system B IOS/Fir mware upgrad es
required for the server model on whi ch it is based . NAC-3310 is based on the HP ProLiant DL140 G3
and may require per iodi c firm ware upg ra des.

OL-15986-01

Note For further details refer to Supported Hardware and System Requirements for Cisco NAC Appliance

(Cisco Clean Acce ss) .

Accessing the Administration Interface, page 3-1 for instructions

Cisco NAC Guest Server Installation and Configuration Guide

1-3

Before You Start

Additional Information

For late-breaking or additional details for this release, refer to the Release Notes for Cisco NAC Guest

Server, Release 1.0.0.

For the latest online updates to this guide, visit

http://www.cisco.com/en/US/products/ps6128/products_installation_and_configuration_guides_list.ht
ml

See Product Documentation for a list of related documentation for Cisco NAC Guest Server.
For details on how to obtain technical support, refer to section Obtaining Documentation and Submitting

a Service Request .

Chapter 1 Welcome to Cisco NAC Guest Server

1-4

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

CHA PTER

Installing Cisco NAC Guest Server

This chapter contains the following sections:

• Connecting the Cisco NAC Guest Server

• Command Line Configuration

• Re-Imaging the Appliance

Connecting the Cisco NAC Guest Server

The Cisco NAC Guest Server is based on th e C is co NAC Appliance 331 0 (NAC-3310) hardware
platform and comes prelo aded wi th a d efaul t system image. When y ou rece i ve the Gue st Serv er , perfor m
the initial configuration described in
CD installation to re-image the appliance, refer to Re-Imaging the Appliance for instructions.

T o perform initial con figuration, you will ne ed to connect to your appliance an d access its command line,
as described be low.

Command Line Co nfigurat ion , p age 2-3. If you need to perfo rm

2

OL-15986-01

Step 1 You can access the Cisco NAC Guest Server command line in one of two ways:

a. Connect a monitor and keyboard directly to the machine via the keyboard/video monitor connectors

on the back panel of the machine (

b. Connec t a null modem serial cable fr om a workstation (PC/laptop ) to the serial port on the appl iance.

Open a serial connection on the workstation using terminal emulation software (such as
HyperTerminal or SecureCRT) with settings set to 9600 baud, 8 data bits, no parity, 1 stop bit, no
flow control.

Step 2 Connect a stra ight -th rou gh Ca tegory 5 Eth ern et cabl e to the eth0 (NIC 1) 1 0/ 100 /1000 Eth er net p ort o n

the back panel of the appli ance an d to your local ar ea network.

Step 3 Connect the AC power cord to t he ba ck pa nel o f the appl ia nce a nd to a g rou nded AC outlet , and power

on the appliance(

Step 4 Proceed to the instructions in Command Line Configurat ion, pag e 2-3.

Figure 2-1).

Figure 2-2)(pref er re d m eth od).

Cisco NAC Guest Server Installation and Configuration Guide

2-1

Connecting the Cisco NAC Guest Server

Figure 2-1 Cisco NAC Guest Server Front Panel

Chapter 2 Installing Cisco NAC Guest Server

4 6

1 2 3

5 7

180955

8 9 8

1 Hard disk drive (HDD) bay 6 HDD activity LED indicator (green)

CD-ROM/DVD drive

2

UID (Unit identification) button with LED
indicator (blue)

3

Power button with LED indicator (bicolor:
green/amber)

7

Thumbscrews for the front bezel

8

4 System health LED indicator (amber) 9 Front USB ports

Activity/link status L ED indi ca tors f or NI C 1
(eth0) and NIC2 (eth1) (green)

5

Figure 2-2 Cisco NAC Guest Server Rear Panel

2 31 6 3 7

54

180957

151312111098

14

1 Ventilation holes 9 UID button with LED indicator (blue)
2 Thumbscrew for the top cover 10 Rear USB ports (black)

Thumbscrews for the PCI riser board
assembly

3
4 NIC 3 (eth2) and NIC 4 (eth3) PCI Express

GbE LAN (RJ-45) ports (Intel)

5 13 PS/2 keyboard port ( purpl e)

Standard height/full-length PCI E xpress
x16/PCI-X riser board slot cover

6

Power supply ca ble so cket

7

Video port (blue)

11
12 Serial port

PS/2 mouse port (gree n)

14

10/100 Mbps iLO LAN port for IPM I
management (RJ-45)

15

NIC 1 (eth0) and NIC 2 (eth1) integrated GbE
LAN (RJ-45) ports (Broadcom)

8

2-2

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 2 Installing Cisco NAC Guest Server

Note The three LAN ports each have their own LED indicators for activity/link status and network speed.

Command Line Configuration

A very minimal amount of command line configuration is needed on the Cisco NAC Guest Server
appliance. This is to perform two tasks.

• Configure IP Address and Default Gateway, page 2-3 so that the appliance can be accessed on the

network

• Change Root Password, page 2-5 on the appliance from the default

Configure IP Address and Default Gateway

Command Line Configuration

To allow the appliance to be accessed on the ne twork you nee d to configure the IP addre ss and defaul t
gateway for the first interface on the appliance (eth0 or NIC1). To configure these details perform the
following steps.

Step 1 Using either keyboar d and monit or conn ection t o the appli ance, or seri al consol e conne ction,

authenticate to the command line interface. The user name for the console is root and th e default
password is cisco (

Figure 2-3 Authenticate to the Console

Figure 2-3).

OL-15986-01

Step 2 To configure the network settings, type the co mm an d syst em-c onfig-network an d pr ess <Enter>. The

Select A Device me nu ap pe ar s (

Figure 2-4).

Cisco NAC Guest Server Installation and Configuration Guide

2-3

Command Line Configuration

Figure 2-4 Choose eth0 Interface

Step 3 Select the eth0 interface from the list using the up and down arrow keys and press <Enter>.

Chapter 2 Installing Cisco NAC Guest Server

Step 4 You can now enter all the correct network settings for the appliance (Figure 2-5).

Figure 2-5 Change Network Configuration Details

Enter the following information:

• Static IP—The IP Address that you want to assign to the Cisco NAC Guest Server

• Netmask—The corresponding subnet mask

2-4

• Default gateway IP—The de fault gateway for the network

You can use the Tab key, Arrow keys or <Enter> to move between fields,. When f inished, ta b to the OK
button and press <Enter>.

Step 5 Exit the system-config-network by selecting Quit from the network selection screen (Figure 2-6).

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 2 Installing Cisco NAC Guest Server

Figure 2-6 Quit the Utility

Step 6 At the command line either reboot the appliance by typing reboot and pressing <Enter> or follow the

instructions to

Command Line Configuration

Change Root Password, page 2-5 be fo re e nt eri ng reboot.

Change Root Password

Note You should change the ro ot p assword from the default of cisc o, it is advised to use a complex password

for enhanced security.

Step 1 From the command line enter the command passwd and press <Enter>.
Step 2 Enter the n ew password and pr ess <Ent er>.
Step 3 Repeat the password and press <Enter>.

Continue to System Setup, page 3-1 to access and configure the admin console.

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

2-5

Re-Imaging the Appliance

Re-Imaging the Appliance

When the Cisco NAC Guest Server is shipped, the system image already preloaded on the unit, so
imaging is unnecessary. If you need to re-image the appliance to factory defaults, you can download the
system image ISO from Cisco Secure Software Downloads on Cisco.Com and burn this ISO file to a
blank CD-ROM.Once you have the system image on a bootable CD, you can perform the following steps
to install the system image onto the appliance. Refer to the

Release 1.1.0 for additional details.

Caution Imaging the appliance will delete all data on the appliance, there will be no method of recovery of data

from the Guest Server after imaging has been started. Make sure to backup any data that you need before
starting this process.

Step 1 Insert the bootable CD into the CD-ROM drive of the Cisco NAC Guest Server appliance.
Step 2 Decide whethe r to perfor m the insta llation usi ng a connect ed keyboard and mon itor or over a serial

console. Connect either a keyboard and monitor to the back of the unit, or attach a null modem cable to
the serial port on the back of the appliance. From the computer the serial cable is attached you will need
to run a terminal emulati on pr ogram with setting s set to 9600 baud , 8 data bi ts, no par ity, 1 stop bit, no
flow control.

Step 3 Once you have connected to the appliance and inserted the CD containing the image, power on the

appliance. Switch the applianc e on, or if alre ady starte d switch it off and the n back on agai n.

Chapter 2 Installing Cisco NAC Guest Server

Release Notes for Cisco NAC Guest Server,

Step 4 The appl ian ce s hould now bo ot f rom the C D -ROM drive and the in itia l i nsta ll sc re en di sp lays

(

Figure 2-7).

Figure 2-7 Initial Install Screen

Step 5 At the Initial Install Screen, choose how to run the installation according to how you are connected to

the appliance.

• If directly connecte d using a keyboard an d monitor, type insta ll and press <Enter>.

• If you using a serial connect ion, type serial a t the boot prom pt, then pre ss <Enter>.

2-6

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 2 Installing Cisco NAC Guest Server

Note If you press <Enter> by mistake on a serial connection, the imaging process will still run, but

there is no display until the appliance reboots at the end of the process.

Step 6 The system image automatically installs on the hard disk (Figure 2-8).

Figure 2-8 Transferring Install Image

Re-Imaging the Appli ance

Step 7 When the install image is successfully, transferred the system reboots automatically (Figure 2-9).

Figure 2-9 Appliance Reboots

Step 8 The CD-ROM automatically ejects from the appliance.

Note Remove the CD and stor e it sa fely so tha t the a pplia nc e do es no t ac cide ntal ly re boot fr om i t a t

a later time.

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

2-7

Re-Imaging the Appliance

Step 9 The appliance boots and runs the final setu p of the image automatical ly . The imaging process is comple te

when the login screen displays (

Figure 2-10 Imaging Complete

Figure 2-10).

Chapter 2 Installing Cisco NAC Guest Server

Step 10 Login as user root, and con tinue to th e instru ctions in Command Lin e Configuratio n, page 2-3 to

complete the installation.

2-8

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

CHA PTER

System Setup

The system can be configured through the web interface to provide the networking configuration for the
appliance and other system settings that are important such as time and SSL certificate. The Cisco NAC
Guest Server is administered entirely using a web interface over either HTTP or HTTPS.

This chapter includes the following sections:

• Accessing the Administration Interface

• Configuring Network Settings

• Date and Time Settings

• SSL Certificate

• Configuring Administrator Authentication

Accessing the Administration Interface

3

Upon first accessing the web administration interface of the Cisco NAC Guest Server, you will need to
install a product license. You can obtain a license using the instructions in the PAK shipped with the
appliance or by registering for a evaluation license at

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?FormId=146.

Note For additional details on evaluation licenses refer to Cisco N AC Appliance Service Contract / Licensing

Support.

This section describes the fo llowing:

• Obtain and Install Cisco NAC Guest Server License

• Access Cisco NAC Guest Server Administration Interface

OL-15986-01

Cisco NAC Guest Server Installation and Configuration Guide

3-1

Accessing the Admin is tration Interface

Obtain and Install Cisco NAC Guest Server License

Use the following steps to obtain and install your FlexLM product license files for Cisco NAC Guest
Server.

Step 1 With FlexLM lic en si ng, y ou will receiv e a Product Author iza tio n Key (PAK) for each Guest Serv e r t ha t

you purchase. The PAK is affixed as a sticky label on the Software License Claim Certificate card that
is included in y our p ac kage .

Chapter 3 System Setup

Warning

Step 2 Log in as a registered CCO user and fill out the Customer Registration form found at the PAK Cisco

The PAK is NOT the Cisco NAC Guest Server license. The PAK is used to obtain the Cisco NAC Guest
Server license, as described below.

Technical Support site:

http://www.cisco.com/go/license. During customer registration, sub mit each

PAK you receive and the eth0 MAC address of your Cisco NAC Guest Server.

Warning

The eth0 MAC address entered for the Guest Server must be in UPPER CASE (i.e. hexadecimal letters
must be capitalized). Do not enter colons (“:”) in between characters.

Please follow the instructions on the license web pages carefully to ensure that the correct MAC
addresses are entered.

Step 3 For each PAK that you submit, a license file is generated and sent to you via email.
Step 4 Save each license file you receive to disk.
Step 5 Open a web brows er to th e Ci sco NAC Guest Ser ver admin int er face by ente rin g th e IP address that yo u

configured throug h the co mm and l ine a s the U RL.

• For HTTP access, open http://<guest_server_ip_address>/admin

• For HTTPS access, open https://<guest_server_ip_address>/admin

Step 6 In the Guest Server License Form(Figure 3-1), click the Browse button and locate the license file.

3-2

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 3 System Setup

Accessing the Administration Interface

Figure 3-1 Guest Server License Form (example)

Step 7 Click Submit to install the license.

Access Cisco NAC Guest Server Administration Interface

Step 8 The Cis co NAC Guest Ser ver A dm i nis tra tio n in te rfa ce ( Fi gure 3-2) displays. This is the administrator

interface to the appliance.

Step 9 Login as the admin user. The default user name/password i s admin/admin.

Figure 3-2 Admin Login

OL-15986-01

Note Cisco recommends setting up SSL access and change the default admin user password for security. Refer

to SSL Certificate, page 3-7 and Edit Existing Admin Account, page 3-11 for details.

Cisco NAC Guest Server Installation and Configuration Guide

3-3

Configuring Network Settings

Step 10 After the license is installed, the administrator interface is brought up in web browser as follows:

• For HTTP access, open http://<guest_server_ip_address>/admin

• For HTTPS access, open https://<guest_server_ip_address>/admin

Note Entering the Guest Server IP address without the” /admin” as the URL brings up the sponsor interface.

See Chapter 4, “Configuring Sponsor A uthenti cation” for details.

Configuring Network Settings

Configure remaining network settings before performing any other operation. This minimizes the need
to restart the appliance later on.

Step 1 From the admi nist rati on home pa ge se le ct Server > Network Settings from the left hand menu

(

Figure 3-3).

Chapter 3 System Setup

Figure 3-3 Administr ation Home Page

3-4

Step 2 The Network Sett ings page provide s all the ne twork setting s that ca n be change d on the appli ance

(

Figure 3-4).

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 3 System Setup

Date and Time Settings

Figure 3-4 Networ k Settings

Yo u can chan ge the fol lowing Network Settin gs:

• Domain Name—Ente r the domai n name for your organizati on (e.g. ci sco.co m)

• Hostname—Enter the name of the appliance as defined in DNS (without DNS suffix)

• IP Address—Enter the IP address of the eth0 interface on the appliance

• Subnet Mask—Enter the c orresp onding subn et mask

• Default Gateway—The default gateway for the network to which the appliance is connected

• Nameserver 1—IP addr e ss of t he pri mar y D NS ser ver

• Nameserver 2—IP address of the secondary DNS server

Step 3 Click the Save S e t t i n g s button to save the changes that you made.
Step 4 Once ch an ge s a re s aved, y ou ne ed t o res tar t t he G ues t S er ver t o en sure all p roc es ses us e th e co rr ect I P

address. Click th e Restart button, and the rest art proc ess will begin on th e Gues t Server within 60
seconds.

Date and Time Settings

Correct date and time are critical to the Cisco NAC Guest Server. The Guest Server authenticates guest
users based upon t he t ime th eir a ccou nts are valid. I t i s im por tant for the tim e t o be c orrec t so gu est
accounts are created and removed at the correct time. If possible, Cisco recommends using a Network
Time Protocol (NTP) server to synchronize the time and date.

OL-15986-01

Step 1 From the administration interface select Server > Date/Time Settings from the left hand menu

(

Figure 3-5).

Cisco NAC Guest Server Installation and Configuration Guide

3-5

Date and Time Settings

Step 2 Select the correct Date and Time for the location of the Guest Server.

Chapter 3 System Setup

Figure 3-5 Date/Time Settings

Step 3 Click the Set System Date and Time button to apply the time and date.
Step 4 Select the correct Timezone for the location of the Guest Server.
Step 5 Apply the settings by clicking the Set System Timezone button.

Note If you change the time zone, this action automatically adjusts the date and time on the server.

Step 6 If you have an NTP se rver available on the net work, ente r the a ddr ess of t he NT P server.
Step 7 Click the Set NTP Server button. This sa ves the settings and restarts the NTP proces s so the new settings

take effect.

Note When setting the NTP server it may take some time for synchronization to occur . Synchroniza tion occurs

much faster if the time is set to be close to the NTP serve r (and saved with the Set button) before clicking
the Set NTP Server button.

3-6

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01

Chapter 3 System Setup

SSL Certificate

Both sponsors and administrators can access the Cisco NAC Guest Server using either HTTP or HTTPS.
For more secure access Cisco recommends using HTTPS access.

This section describes the fo llowing

• Accessing the Guest Server using HTTP or HTTPS

• Generating Temporary Certificates/ CSRs/ Private Key

• Downloading Certificate Files

• Upload Certificate Files

Accessing the Guest Se rver us ing HTT P or HT TPS

Yo u can co nfigure wheth er sponsors and admin istrators ac cess the portal using HTTP, both HTTP and
HTTPS, or HTTPS only.

SSL Certificate

Step 1 From the administration interface, select Server > SSL Settings from the left hand m enu ( Figure 3-6).

Figure 3-6 SSL Settings Main Page

Step 2 The Main SSL Settings page provides t he following options:

• Redirect http to https—W hen enable d, any sponsor or adm inistrat or acce ssing the Gu est Server

using HTTP is automatically redirected to the HTTPS interface. If this setting is not enabled, then
no redirection occurs .

OL-15986-01

• Allow http access—When enabled, allows sponsors and administrators to access the portal with

standard HTTP. If this is not enabled, sponso rs and admi nistrato rs are redi rected if the first option
is set, or if not set, are shown a web page explaining that HTTP ac cess is not available.

Step 3 When you h ave made your cha nge s, c lick the Save Settings button.

Cisco NAC Guest Server Installation and Configuration Guide

3-7

SSL Certificate

Note The Main SSL Settings page also provides the Restart Web Server button. You need to restart the Web

Server component of the appliance when new certificates are generated or uploaded to the appliance.
Clicking the Restart button makes the Guest Server use the new certificates.

Generating Temporary Certificates/ CSRs/ Private Key

Cisco NAC Guest Server ships with a default certificate installed. If you are planning on using HTTPS,
Cisco highly recommends generating a new temporary certificate/private key. When doing this, a
certificate signing request (CSR) is also generated that can be used to obtain a CA signed certificate.

The whole process of generating a temporary certificate, CSR and private key is performed on the Create
page. Entering the correct details on the Create page automatically generates the required files.

Step 1 From the administration interface, select Server > SSL Settings from the left hand menu, then select

Create from the menu at the top of the p age (

Figure 3-7 Create SSL Page

Figure 3-7).

Chapter 3 System Setup

3-8

Step 2 Enter the details on the screen to provide the details for the temporary certificate and CSR.

• Common Name—This is either the IP address of the Cisco NAC Guest Ser v er, or the fully qualif ied

domain name (FQDN) for the Guest Server. The FQDN must resolve correctly in DNS.

• Organization—The na me o f your o rganizati on o r com pa ny.

• Organizational Unit—The nam e of the depar tment or business un it that owns the device.

• City—The city where the server is located.

• State—The state where the server is located.

• 2 Letter Country Code—The 2 letter ISO abbreviation for the country where the Guest Server is

located, such as US for United States, GB for Great Britai n or United Ki ngdom.

Step 3 Click Cr eate Cert if icate. This creates a temporary self-signed certificate, a new private key and also the

corresponding C SR w hic h can be u sed fo r obt a ining a cer tificat e f rom a C er tificate A utho rit y ( CA).

Cisco NAC Guest Server Installation and Configuration Guide

OL-15986-01