Solved: Cisco ISE Time-based authorization

jinyuanbao · ‎06-02-2022

Hi guys,

How can i enforce different authorization policy at different time, like in the snapshot what attribute can i choose to accomplish the task below:

When the user logged in before 8am, he/she received the Policy A. When the same user logged in after 9am, he/she received Policy B.

georgehewittuk1 · ‎06-02-2022

I can think of two ways this could be approached:

(1) Through the ISE authorisation policy and add a condition to hitting a policy - Policy > Policy Elements > Conditions > Time and Date > Add.

(2) Time-Based DACLs.

Would recommend ensuring resilient NTP is setup on ISE and Network devices using same source.

georgehewittuk1 · ‎06-02-2022

I can think of two ways this could be approached:

(1) Through the ISE authorisation policy and add a condition to hitting a policy - Policy > Policy Elements > Conditions > Time and Date > Add.

(2) Time-Based DACLs.

Would recommend ensuring resilient NTP is setup on ISE and Network devices using same source.

jinyuanbao · ‎06-06-2022

Thanks a lot

I was wondering what time is the Conditions > Time and Date based on, the UTC time of the ISE server or the switch/AP time?

I'm testing this function and find it seem it's based on the UTC time, not the current time zone time, and it's confusing to me.

Do you have any information about this, thanks..