Cisco Cisco Clean Access 3.5
7-11
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 7 User Pages and Guest Access
Set Up Guest Access
See
for further details.
Set Up Guest Access
Guest access makes it easy to provide limited access to your network for visitors or temporary users.
Cisco Clean Access includes a built-in guest user account. By default, the account belongs to the
Unauthenticated Role, and is validated by the Cisco Clean Access (local) provider. You should specify
traffic control policies and timeout properties for the role as appropriate for guest users on your network.
Cisco Clean Access includes a built-in guest user account. By default, the account belongs to the
Unauthenticated Role, and is validated by the Cisco Clean Access (local) provider. You should specify
traffic control policies and timeout properties for the role as appropriate for guest users on your network.
Note
Local authentication must be enabled to use the built-in guest access account.
The only thing you need to do to implement guest access is to enable the guest access button in the login
page. When a visitor clicks the button, the login credentials guest/guest are sent to the Clean Access
Manager for authentication.
page. When a visitor clicks the button, the login credentials guest/guest are sent to the Clean Access
Manager for authentication.
To enable the guest access button:
1.
Click Users Pages from the Administration module.
2.
Edit the login page on which you want to provide guest access.
3.
Open the Content form.
4.
Click the Guest Label option. Modify, if desired, the label that appears on the guest access button.
5.
Click Update.
With the guest account method for guest access, guest users share the network with authenticated users.
Multiple guests are not differentiated in the Clean Access Manager user logs.
Multiple guests are not differentiated in the Clean Access Manager user logs.
An alternative for setting up guest access involves setting up networks solely for guest users. In this case,
you can use email addresses (or any other user property) as identifiers for the individual guests. An
example application for this type of access is a library in which you want users to be differentiated, in
guestbook fashion, but not closely authenticated.
you can use email addresses (or any other user property) as identifiers for the individual guests. An
example application for this type of access is a library in which you want users to be differentiated, in
guestbook fashion, but not closely authenticated.
To set up differentiated guest access:
1.
Create an authentication provider server of type Allow All.
2.
In the login page, rename the Username Label to Email Address, or hide the username label if you
do not want users to provide an identifier. (The implicit username and password for the Allow All
auth provider is guest/guest.)
do not want users to provide an identifier. (The implicit username and password for the Allow All
auth provider is guest/guest.)
3.
On the login page, hide the password label, providers, and guest login button.
4.
Set the default provider to the authentication provider you set up in the first step of this procedure.
Guests can now access the network without login credentials. If the user submits an identifier in the login
page, such as an email address, the identifier appears in the Online Users page while the user is logged in.
page, such as an email address, the identifier appears in the Online Users page while the user is logged in.