1 / 32

Cisco NAC Guest Server Guest Access - Simplified

Cisco NAC Guest Server Guest Access - Simplified. Tim Wellborn SE Sangeeta Kodukula SE DFW Cisco Users Group, April 6, 2011. 1 The “Business Case” For Secure Guest Access 2 Cisco NAC Guest Server Overview 3 Deployment Options 4 Summary & Additional Resources 5 Demo . Agenda.

Télécharger la présentation

Cisco NAC Guest Server Guest Access - Simplified

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Cisco NAC Guest ServerGuest Access - Simplified Tim WellbornSE Sangeeta KodukulaSE DFW Cisco Users Group, April 6, 2011

  2. 1 The “Business Case” For Secure Guest Access 2 Cisco NAC Guest Server Overview 3 Deployment Options 4 Summary & Additional Resources 5 Demo Agenda

  3. The Enterprise Hotspot Enterprises are the most important hotspot destination for business partners in a connected world. • Provide network access to visitors • Presents a professional and secure access to visitors • Enable improved productivity from vendors and contractors • Strengthen collaboration between employees and partners Provide Guest Access in a seamless, secure manner

  4. Guest Access Considerations Provisioning of user accounts Receptionist, help desk, any user Ease of use Reduce infrastructure upgrades Avoid parallel network infrastructure Integration with network infrastructure Know who is doing what Know who created which account Audit and accountability Cost of implementation Cost of ongoing management Cost Meet security policy requirements Provide secure guest access Security

  5. ROI - Cisco Internal Real World Example • 400,000 Guests per year (and increasing) • $X per call to setup a guest (cost avoided) • Cost savings of $M/year by self provisioning April 08 January 05

  6. NAC Guest ServerOverview

  7. SPONSOR The internal user who wants to be able to provide internet access to their guest NAC GUEST SERVER Enables sponsor to create guest account; audits; provisions account on network enforcement device GUEST The visitor who needs network access Four Key Components of Guest Access NETWORK ENFORCEMENT DEVICE Web re-direction, authentication and provides access. Wireless LAN Controller or NAC Appliance

  8. Managing the Guest User Lifecycle NOTIFICATION PROVISIONING Create Guest Accounts Give Accounts to Guests Print Account and Access Details Create a single Guest Account Send Account Details via Email Create multiple Guest Accountsby Importing a CSV file Send Account Details via SMS Manage Guest Accounts Report on Guests View, edit or suspend yourGuest Accounts View audit reports on individual Guest accounts Manage batches of accountsyou have created Display Management reports on Guest Access REPORTING MANAGEMENT

  9. Provisioning • Who should create user accounts? • Receptionist/Lobby Ambassador • IT Security • Managers • Help Desk • Any Employee • NAC Guest Server lets you choosebased upon your security policy • Allowing any employee to create accounts provides increased usage and will be just as secure • Reduced Cost • Full Audit Trail • Speed of access • Ease of use

  10. Sponsor Portal • Customizable Web Portal for internal sponsors • Authenticate with corporate credentials • Local Database • Active Directory • LDAP • RADIUS • Kerberos

  11. Sponsor Single Sign On Log in to Windows Automatic Authenticationto NAC Guest Server • Integrates with Active Directory • Supports all windows authentication mechanisms including: • username/password • Smart Card • Biometrics etc.

  12. Creating Guest Accounts 1. Enter user details 2. Specify start and end times 3. Add user

  13. Email Address First/Last Name Random Username Policy

  14. Alphabetic Numeric Special Choice of characters and length Guest Password Policy

  15. Flexible Time Policies • Create accounts by: • Start/End Time • Usage from first login • For example account valid for 1 hour from first login • Usage within a certain period • For example account valid for 2 hours within 24 hours from first login • Account Restrictions • Set times when guest cannot login, such as outside office hours Provides complete flexibility for when you want to allow guest access

  16. Notification: Guest User Account Delivery Send account information via print-out, email, or SMS

  17. Audit and Reports Visibility and Management of Guest Users Sponsor Information Guest Information Account Management

  18. Guest Activity Reporting Internet Username: guestname IP Address: Login Time: 15:05 Logout Time: 14:30 15:07 accessed http://www.cisco.com 15:08 usedthe bittorrent protocol 15:09 connected to vpn.mycompany.com Consolidated Audit Report of Guest Activity

  19. Detailed guest audit information • When they logged in • Where they logged in • The guests address • What they did • What was allowed • What was disallowed

  20. NAC Guest ServerDeployment Options

  21. Network Enforcement Devices Network Enforcement Devices control the guest user • Deliver the automatic redirect to a captive portal • Authenticate the user against the Guest Server • Enforce the Users Access Privileges • Records Network Access Information • Cisco NAC Appliance for Secure Guest Access • Cisco Wireless LAN Controllers • Cisco Catalyst Switch

  22. Customizable Portals Login Credit Card Welcome to ourguest hotspot! Fully customize this page and add the widgets you want! Guest Self Registration Password Change

  23. NAC Guest Server Walkthrough 1. Sponsor creates account on the NAC Guest Server NAC Guest Server 2. Sponsor gives the credentials to the guest via print-out, email or sms RADIUS Wireless LAN Controller NAC Guest Server 3. Guest authenticates with the web portal from NGS which authenticates the guest by RADIUS to the NGS

  24. NAC Guest Server Walkthrough 4. If auth is successful the guest is given Internet access Internet Wireless LAN Controller 6. When the account expires the Wireless LAN Controller logs off the guest 5. Wireless LAN Controller and Firewalls provide audit information to the NAC Guest Server

  25. Wireless Only Deployment Easiest to deploy; least design impact Broad use-case Active Directory Sponsored Guest Optional Cisco NGS Guest Server Internet LAN\Wan Wireless LAN Controller * Employee Wireless uses separate SSID providing higher security and full network access

  26. Add Secure Wired Access in Public Spaces Enabling this feature may have impact to network design and configuration changes. Employee wired access on these ports becomes limited to internet in this scenario Employee Active Directory Sponsored Guest Conference Room Ports Optional Parity for Wired / WLAN Cisco NGS Guest Server Internet LAN\Wan Wireless LAN Controller * Employee Wireless uses separate SSID providing higher security and full network access

  27. Complete Guest and Employee Secure Network Access Enabling this feature on switch ports leverages similar 802.1XPEAP solution typical of Enterprise Wireless authentication. 802.1X MAB Employee 802.1X/MAB Compatibility Active Directory Sponsored Guest Switch LAN\Wan Parity for Wired / WLAN SSC Employee Cisco NGS Guest Server Internet Wireless LAN Controller * Employee Wireless uses separate SSID providing higher security and full network access

  28. Application Programming Interface • Open Web API for use by custom applications • Example applications: • Visitor Management Systems (Automatically create guest accounts) • Hotel Property Management Systems (Provision at guest check-in) • Identity Management System (Single portal for all accounts)

  29. Costing Summary • Above does not include Implementation planning and deployment

  30. MANY Variations NAC Guest Server is the primary tool to meet requirements of most guest access solutions • Different Designs • Different Network Enforcement Devices • Different Authentication Methods • Different Auditing/Tracking Requirements NAC Guest Server with Wireless Guest Access Provides easy yet secure solution

  31. DEMO

More Related