cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

169
Views
0
Helpful
3
Replies
Cisco Employee

limit a user from creating more than one guest accounts per day from an endpoint.

We have integrated ISE and SMS gateway.


Now the customer requirement is one mobile device should only be able to generate username and password once in 24 hrs. Can we achieve the same through ISE ?


If yes then what policy we need to configure for that ?


Currently guest can create as many number of accounts as possible from that endpoint without logging in. We want to limit guest device to create username and password only once in 24 hours.

Everyone's tags (9)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: limit a user from creating more than one guest accounts per day from an endpoint.

Not natively, please get this info to our ISE Product Management team to add to the product feature request

You could limit them using device registration.

When they first come in they are redirected to guest portal.

After they go through the flow their MAC address is put into the Guest Endpoint group and then you base authorization off this flow.

If Guest Endpoints then permit access

That device will no longer be able to click on don’t have an account. Still doesn’t restrict then from signing up from another device if they have one.

Otherwise you would need to do some advanced scripting work and have a go between to control this. This would be complex from what I can envision.

View solution in original post

3 REPLIES 3
Cisco Employee

Re: limit a user from creating more than one guest accounts per day from an endpoint.

Not natively, please get this info to our ISE Product Management team to add to the product feature request

You could limit them using device registration.

When they first come in they are redirected to guest portal.

After they go through the flow their MAC address is put into the Guest Endpoint group and then you base authorization off this flow.

If Guest Endpoints then permit access

That device will no longer be able to click on don’t have an account. Still doesn’t restrict then from signing up from another device if they have one.

Otherwise you would need to do some advanced scripting work and have a go between to control this. This would be complex from what I can envision.

View solution in original post

Highlighted
Cisco Employee

Re: limit a user from creating more than one guest accounts per day from an endpoint.

What policy do we need to configure here. Can you share the snapshot of the policy in any.

Also can we restrict the device for 24hrs. Post that he should be able to generate new username and password.

Cisco Employee

Re: limit a user from creating more than one guest accounts per day from an endpoint.

If wireless_mab and guestendpoint group then permit access

If wireless_mab then redirect to guest portal

You will need to set your endpoint purge policy for guestendpoints equal to 0 days so they clear out every morning (keep in mind this is globally at the time set per the system MNT timezone)

if you’re using a worldwide system you will need to write a script to clear the endpoints out

similar info here

https://communities.cisco.com/thread/79413?start=0&tstart=0