Not sure if this is possible. I'd like to create a ISE policy based on the last successful ISE authentication. Something like: If device has authenticated within the last 30 days send them to a full access VLAN, if not send them to limited access VLAN.
Has anyone done this before or know if its possible with base licenses? Could this be achieved with Plus licenses.
In short, no. There is not a construct for using historical RADIUS Accounting information in ISE authorization rules.
If you were to allow MAB as a default for Guests or other non-authenticating devices - even to a Quarantine/Unknown state - that still qualifies as a successful authentication event so technically you would potentially allow anything that plugged in a second time full access to your network. Not a good policy.
What is your real problem or desired security policy that you want? Please be specific.