04-11-2016 09:31 AM - edited 03-10-2019 11:39 PM
Hi,
I want to avoid to have guest user connected to my network while their account are expired.
I know that if I disconnect the cable and connect again they will not be able to login again due to the expiration.
But I want to set some purge configurations so that they are bounce to the network if their account expired when they are connected.
Thanks for helping!
04-11-2016 01:46 PM
I am not aware of such option (delete endpoint from ISE when guest account expires.) I think what would work here nice here is for ISE to send CoA (Change of Authorization) when the guest account expires. I don't believe that this happens today. Perhaps someone else can chime in here.
In the meantime I would suggest using re-auth timers that will force the guest users to re-auth periodically (let's say once a day). That way if the guest account is expired, the guest user will no longer be able to authenticate.
I hope this helps!
Thank you for rating helpful posts!
04-12-2016 01:57 AM
04-25-2016 09:37 AM
Were you able to find a solution to this? Did you reach out to Cisco?
Thank you for rating helpful posts!
04-28-2016 09:28 AM
No solution till now.
04-28-2016 02:46 PM
Unless Cisco fix this, i don't see any other way, except using the Guest API to check for account expiration, however i'm not sure how you can see what mac address/sessionid is using the account, so you can delete the endpoint and kick the user. The Guest username might be stored with the endpoint data.
09-04-2017 12:41 AM
09-04-2017 01:39 AM
I haven't had a chance to verify, but try this...
Instead of the default out-of-the-box "Access accept" authorization profile result, define a custom one that is a copy of that one and use if for your time-limited guest accounts. In that custom result, change the option for reauthentication and set the timer consistent with the length of the guest account duration. When that time gets to zero, the guest session should get a CoA and user traffic will be rediected to the Guest portal for a new login.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide