Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1200
Views
1
Helpful
6
Replies

Allow guest user 2h connection within 24h

Go to solution
marcel.schaaper
Level 1
Level 1

‎12-02-2016 12:53 AM

We have a requirement to setup a guest WLAN for a customer.

The WLAN will use an AUP page on the ISE server, after the user accepted the AUP page, the user is allowed to have 2h connection to internet within a period of 24h. Can this be configured on ISE?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Charlie Moreton

‎12-02-2016 07:37 AM

Charles it seems like there is more to this correct? 

The requirement is to give access but then if user disconnects and comes back they would get access again until the whole 2 hours are up?

Say I come in 1 hour and then later want to come in another hour?

I just don't see this working because the user would have to login to the web portal for the time to count right? But if you require web auth then there is no way to base access off endpoint group where you could call out if the portal user id is blank to not allow self-registration?

Charles perhaps we could brainstorm a little on a call

Marcel there is no way that I can tell to restrict access based off a simple hotspot portal access. we don't track time like a guest account. it would be 2hours from accepting the AUP (if using lastAUPacceptance) and that's it, we don't count up the time with simple AUP hotspot portal

Have you also looked into options from CMX or EMSP offerings?

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎12-02-2016 05:18 AM

In ISE 2.1, Set the Guest Type (I would duplicate the Daily Guest and use the duplicate) by going to Work Centers > Guest Access > Configure > Guest Types.  Click the Guest Type you want to configure and select From first login.  Set the Maximum account duration to 2 hours and Default to 2.  Click Save.

2hours.PNG

Next, click the link on this page that is highlighted in the screenshot above to be taken to the Guest Account Purge Policy (You can also get there bu navigating to Work Centers > Guest Access > Settings > Guest Account Purge Policy). Under Schedule purge of expired guest accounts, select Purge occurs every: and set it to 1 days.

Then set the Time of purge: to midnight or a time close to midnight.

2HoursPurge.PNG

No you can navigate to Work Centers > Guest Access > Configure > Guest Portals and select the Self Registered Guest Portal you want to use.

To restrict ALL users to the 2 hour expiration, in the Portal Settings section, change the Employees using this portal as guests inherit login options from: to the 2 Hour Guest Type.

2hoursPortal1.PNG

Select Self-Registration Page Settings and change Assign self-registered guests to the guest type: to your 2 hour Guest Type.  Also change Account valid for: to 2 Hours.  Scroll up and click Save.

2hoursPortal2.PNG

The account will expire at the end of 2 hours and after the daily purge, they can go through the self-registration process again.

Go to solution
marcel.schaaper
Level 1
Level 1
In response to Charlie Moreton

‎12-02-2016 05:37 AM

Thanks for the information.

I don't think this solution covers what customer requires.

Currently we are running ISE server version 1.3, so we need to upgrade to which verion is recommended?

I understand this is for registered guests (webportal), we are using an AUP page where user only accepts policy and get connected?

The 2h connection time within 24h is not fullfilled here, as the purge takes place every midnight, but it might do for the customer. Any other possible solution (something like: after connecting 24h purge timer starts)?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Charlie Moreton

‎12-02-2016 07:37 AM

Charles it seems like there is more to this correct? 

The requirement is to give access but then if user disconnects and comes back they would get access again until the whole 2 hours are up?

Say I come in 1 hour and then later want to come in another hour?

I just don't see this working because the user would have to login to the web portal for the time to count right? But if you require web auth then there is no way to base access off endpoint group where you could call out if the portal user id is blank to not allow self-registration?

Charles perhaps we could brainstorm a little on a call

Marcel there is no way that I can tell to restrict access based off a simple hotspot portal access. we don't track time like a guest account. it would be 2hours from accepting the AUP (if using lastAUPacceptance) and that's it, we don't count up the time with simple AUP hotspot portal

Have you also looked into options from CMX or EMSP offerings?

0 Helpful

Go to solution
marcel.schaaper
Level 1
Level 1

‎12-02-2016 09:02 AM

Hi,

No I don't know about CMX or EMSP.

0 Helpful

Go to solution
marcel.schaaper
Level 1
Level 1

‎09-18-2017 02:38 AM

Hi,

We are implementing this solution. The ISE servers have been upgraded to version 2.2.0.470.

We are not permitted to change the purge time from the default 30days to 1 day?

Save is greyed out?

Also when I try to purge the MAC from the identity group it doesn't allow me, option is greyed out?

Remove all doesn't work either.

.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to marcel.schaaper

‎09-18-2017 07:16 AM

You are likely hitting CSCvd01079.

Please ensure the latest of ISE 2.2 patch applied.

0 Helpful
Customers Also Viewed These Support Documents