topic Re: Cisco ISE - Time Limit on Limited Access Policy in Network Access Control

Cisco ISE - Time Limit on Limited Access Policy

jlaguerre — Thu, 19 Jan 2023 14:31:09 GMT

Can a Time Limit be placed on Policy Set which uses the Pre-Auth/Limited Access Authorization Profile.
Scenario: A PC Authenticated for Machine Access and is given Limited Access, awaiting User Login.

If user doesn't login after a set period of time, the PC is automatically switched to denied access. Is this scenario possible?

Re: Cisco ISE - Time Limit on Limited Access Policy

Karsten Iwen — Thu, 19 Jan 2023 14:46:31 GMT

I am not aware of a way to achieve this. But I am pretty sure that if something like this is done, it will cause some trouble. Will users understand that they have to disconnect the ethernet-link to make it work if they first start the PC and then go for a coffee without logging in?

Re: Cisco ISE - Time Limit on Limited Access Policy

ahollifield — Thu, 19 Jan 2023 18:55:44 GMT

Yeah without user feedback how would this work? What is the need to switch to a deny-access condition if you make your "machine authentication only" condition restrictive enough?