cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

485
Views
0
Helpful
1
Replies
CB90021204
Beginner

Authenticate and create policies based on last ISE authentication timestamp

Hello,

 

Not sure if this is possible. I'd like to create a ISE policy based on the last successful ISE authentication. Something like: If device has authenticated within the last 30 days send them to a full access VLAN, if not send them to limited access VLAN.

 

Has anyone done this before or know if its possible with base licenses? Could this be achieved with Plus licenses.

 

Thanks,

1 REPLY 1
thomas
Cisco Employee

In short, no. There is not a construct for using historical RADIUS Accounting information in ISE authorization rules.

If you were to allow MAB as a default for Guests or other non-authenticating devices - even to a Quarantine/Unknown state - that still qualifies as a successful authentication event so technically you would potentially allow anything that plugged in a second time full access to your network. Not a good policy.

What is your real problem or desired security policy that you want? Please be specific.

创建
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel