Registration Administration

Registration forces any new end-system connected on the network to provide the user's identity in a web page form before being allowed access to the network. Registration utilizes Registration Web Server functionality installed on an Extreme Access Control engine to allow end users to register their end-systems and automatically obtain network access without requiring the intervention of network operations.

In addition, the Registration Web Server provides a Registration Administration web page that allows Helpdesk and IT administrators to track the status of registered end-systems, as well as add, modify, and delete registered end-systems on the network. The web page also provides access to the Pre-Registration Portal (if pre-registration is enabled) and the Screen Preview web page. This provides visibility and control into the registration system for administrators on the network without requiring the delegation of NAC Manager access for these users.

IT and Helpdesk administrators are granted access to the Registration Administration web page via NAC Manager, using the Administration view in the Edit Portal Configuration window. Once administrators are granted access, they can access the Registration Administration web page at https://<Access Control Engine Name or IP address>/administration. Administrators can also access the web page from the Registration Administration toolbar button or the Tools > Registration Administration menu option in NAC Manager.

	NOTE:	The Registration Administration web page cannot be accessed if the Enable Registration checkbox is deselected in the Edit NAC Configuration window.

The Registration Administration web page contains four tabs:

Devices
Users
Pre-Registration Portal
Screen Preview

Devices

The Devices web page contains a listing of all end-systems registering to the network. Use the Display drop-down menu to filter the end-systems according to state:

Pending - If Required Sponsorship is configured for registration to the network, this state displays any devices waiting for sponsor approval.
Approved - This state displays all end-systems successfully registered to the network.
Suspended - This state displays end-systems whose registration expired, but are not deleted (as configured in the Edit Portal Configuration window, Authenticated Access). This gives administrators an opportunity to approve, deny, or edit the end-system's registration. Suspended end-systems are assigned the default profile.
Denied - This state lists end-systems denied registration.

Use the buttons at the bottom of the page to approve, deny, edit, or delete the selected end-system.

Following is a sample Devices web page. See the field definitions below for more information.

Sample Devices Page

Click the fields for more information.

Display: Use the Display drop-down menu to filter end-systems according to registration state.

Filter Results: Use the Filter Results field to filter for specific entries in the list.

User Name: For unauthenticated registration, this is "Guest" followed by the MAC address with which the end-system originally connected. For authenticated registration, this is the actual user name with which the end user logged in. Click the link to open the Edit User web page where you can edit the end user's registration information. For example, you can change the end user's expiration time or user type. Click Submit to make the changes.

MAC Address: The device's MAC address with which the end-system originally connected, or a MAC address automatically discovered and registered by an assessment agent (for agent-based assessment). Click the link to open an Edit Device web page where you can make changes to the device registration information. For example, you can change the end-system group or add a description. Click Submit to make the changes.

Group: The end-system registration state.

State: The end-system group to which device is assigned.

Sponsor: If sponsorship is configured for registration to the network, the email address of the sponsor assigned to approve registration.

Description: A description for the registration process.

Buttons: Select a device and use the buttons to approve, deny, edit, or delete the device.

Users

The Users web page contains two display options available from the Display drop-down menu in the upper left corner:

Registered Users - displays a list of all registered users and lets you add, edit, or delete a registered user.
Local Users - displays a list of user entries in Local Password Repositories and lets you add, edit, or delete users.

Registered Users

The Registered Users web page displays a list of all registered users in all states: Pending, Approved, Suspended, and Denied. Use the buttons at the bottom of the web page to add, edit, or delete a registered user. Use the Register New Device button to open the Devices page and add a device for the selected registered user. Use the Devices For User button to open the Devices page and display all the devices registered for the selected user.

Following is a sample Registered Users web page. See the field definitions below for more information.

Sample Registered Users Page

Click the fields for more information.

Filter Results: Use the Filter Results field to filter for specific entries in the list.

User Name: For unauthenticated registration, this is "Guest" followed by the MAC address with which the end-system originally connected. For authenticated registration, this is the actual user name with which the end user logged in. Click the link to open a page where you can edit the user's registration information.

Device Count: The number of devices registered to the selected user. Click the link to open the Devices page and see a listing of the registered devices.

Last Name: The end user's last name, if that field is visible and required on the Registration Web Page.

First Name: The end user's first name, if that field is visible and required on the Registration Web Page.

Sponsor: If sponsorship is configured for registration to the network, the email address of the sponsor assigned to approve registration.

E-Mail Address: The end user's e-mail address, if that field is visible and required on the Registration Web Page.

Max Registered Devices: Displays the number of devices the user is allowed to register to the network: either the Default number (which is the Maximum Registered Devices specified in the Authenticated Access view in the Edit Portal Configuration window) or an Override number specified when manually adding or editing the user on the Registration page.

Buttons: Click Add to open a page where you can add a registered user. Select a user name and use the buttons to edit, or delete a user. Select a user and click Register New Device to register an additional device for that user. The maximum number of MAC addresses each user is allowed to register is determined by the Maximum Registered Devices specified in the Authenticated Access view in the Edit Portal Configuration window. Select a user and click Devices For User to open the Devices page and display all the devices registered for the selected user.

Add Registered User

Following is a sample web page where you can add a new registered user. Enter the end user registration information and then click Submit to register the user. See the field definitions below for more information.

Sample Add Registered User Page

Click the fields for more information.

First Name: Enter the end user's first name, if desired.

Middle Name: Enter the end user's middle name, if desired.

Last Name: Enter the end user's last name, if desired.

User Name: Enter the end user's user name. This field is required.

E-Mail Address: Enter the end user's e-mail address, if desired.

Start Time: Use the calendar button to select a date when registration begins.

Expires Time: Use the calendar button to select a date when registration expires. This expiration time takes precedence over the Default Expiration value configured in the Edit Portal Configuration window, Authenticated Access. If you do not enter a value in this field (the field is blank), then the registration does not expire.

Sponsor: If sponsorship is configured for registration to the network, enter the email address of the sponsor assigned to approve registration.

User Type: Use the drop-down list to select the type of user: unauthenticated (guest registration) or authenticated (authenticated registration).

Max Registered Devices: Use this field to specify the maximum number of devices this user is allowed to register on the network. Leave the field blank to use the default Maximum Registered Devices specified in the Authenticated Access view in the Edit Portal Configuration window, or enter a value to override the default. Use this feature to allow your network administrators or help desk personnel to register more devices than the maximum count you specified for students or regular employees.

Local Users

The Local Users web page provides the ability to quickly add, edit, and delete users in a Local Password Repository without having to access the local repository through the NAC Manager AAA configuration. Local Password Repositories can be used to store credentials for authenticated registration and pre-registration, as well as for access to registration administration and sponsor administration web pages. NAC Manager supplies a default repository, or you can create additional repositories using the Edit Basic AAA Configurations Window. Click Add to open a page where you can add a local user to a specified Local Password Repository.

Sample Local Users Page

Add Local User

Following is a sample web page where you can add a user to a Local Password Repository. Enter the user name, password, and specify the password repository, then click Submit to add the user. The user entry displays on the Local User web page.

Sample Add Local User Page

Pre-Registration Portal

The Pre-Registration Portal web page lets selected personnel easily register guest users in advance of an event, and print out a registration voucher that provides the guest user with their appropriate registration credentials. Pre-registration must be enabled in the Edit Portal Configuration window for the page to be available. For more information on pre-registration, see How to Configure Pre-Registration.

Sample Pre-Registration Portal Page

Screen Preview

The Screen Preview web page allows you to preview the web pages that may be accessed by the end user during the remediation and registration process. You can also access this web page using the Appliance Portal Pages button at the bottom of the Edit Portal Configuration window.

A useful feature on this web page is View for End-System. You can enter an end user's IP address in the field and click View for End-System button to see the captive portal web page that the end user is looking at. Using this view, you can actually register or remediate the end-system, and change the end-system's state. This is useful when attempting to help an end user that is having trouble on a web page.

Sample Screen Preview Page

Related Information