Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 15 Administration
API Support
(administrator login) function returns a session ID which has to be set as a cookie for usage of any
API. The adminlogout function should then be used to terminate the session. However, if
adminlogout is not used, the session will still be terminated by admin session timeout.
API. The adminlogout function should then be used to terminate the session. However, if
adminlogout is not used, the session will still be terminated by admin session timeout.
•
Authentication by Function
If you do not want to create a shell script using cookies, you can instead perform authentication
every time a function is used. If authenticating by function, you will need to add the admin and
password parameters to all functions that you are using in your existing script. In this case, you do
not use the adminlogin and adminlogout functions.
every time a function is used. If authenticating by function, you will need to add the admin and
password parameters to all functions that you are using in your existing script. In this case, you do
not use the adminlogin and adminlogout functions.
Guest Access Support
The getlocaluserlist, addlocaluser, deletelocaluser API functions allow administrators to create, delete,
and view local user accounts on the CAM (local users are those internally validated by the CAM as
opposed to an external authentication server): These APIs are intended to support guest access for
dynamic token user access generation, providing the ability to:
and view local user accounts on the CAM (local users are those internally validated by the CAM as
opposed to an external authentication server): These APIs are intended to support guest access for
dynamic token user access generation, providing the ability to:
•
Use a webpage to access Cisco NAC Appliance API to insert a visitor username/password (for
example, jdoe@visitor.com, jdoe112805), and assign a role (for example, guest1day).
example, jdoe@visitor.com, jdoe112805), and assign a role (for example, guest1day).
•
Delete all guest users associated with that role for that day (for example, guest1day)
•
List all usernames associated with that role (for example, all users for guest1day)
These APIs will support most implementations of guest user access dynamic token/password generation
and allow the removal of those users for a guest role.
and allow the removal of those users for a guest role.
Note
You will still need to create the front-end generation password/token. For accounting purposes, Cisco
NAC Appliance provides RADIUS accounting functionality only.
NAC Appliance provides RADIUS accounting functionality only.
Summary of Operations
summarizes the operations supported. See the Cisco API page itself (via
https://<ccam-ip-or-name>/admin/cisco_api.jsp) for complete details.
Table 15-2
Operations Supported by cisco_api.jsp
Operation Name
Description
1.
addcleanmac
Adds MAC address to Clean Access certified devices list as an exempted device.
2.
addlocaluser
Adds a new local user account. Takes user name, password, and role name. Returns success
or failure.
or failure.
Note
getlocaluselist
,
addlocaluserlist
, and
deletelocaluser
support guest access
for dynamic token user access generation.