Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
1
Replies

Guest hotspot restrict 1hr then allow access again

Go to solution
Madura Malwatte
Level 4
Level 4

‎07-16-2019 07:35 AM - edited ‎07-16-2019 07:38 AM

I was going over the following two communities guide:

https://communities.cisco.com/message/276046#276046

https://community.cisco.com/t5/security-documents/guest-hotspot-with-max-2-hours-network-access-per-day/tac-p/3891027#M6430

I have some questions:

1. Is there a specific reason to use radius session timeout of 900 seconds while user is being permitted? I mean I could even use 600 seconds or less to block closer to 1hr mark right?

2. Is there a way to limit user access to 1 hr, but then allow them to be redirected to hotspot so they can go through aup and have 1 hr access again? So continuous 1 hr access if aup is accepted again? Similar to what is possible in self-register guest portal where the guest account can be restricted to 1hr, but allows user back to self-register portal allowing them access again.

3. For point 2, is there a way to do this without purging the endpoint - since shortest purge duration is 1 day and hourly purge option is not available? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-16-2019 11:23 AM

@Madura Malwatte wrote:

I was going over the following two communities guide:

https://communities.cisco.com/message/276046#276046

https://community.cisco.com/t5/security-documents/guest-hotspot-with-max-2-hours-network-access-per-day/tac-p/3891027#M6430

I have some questions:

1. Is there a specific reason to use radius session timeout of 900 seconds while user is being permitted? I mean I could even use 600 seconds or less to block closer to 1hr mark right?

JAK > would be good to separate and explain in more details

2. Is there a way to limit user access to 1 hr, but then allow them to be redirected to hotspot so they can go through aup and have 1 hr access again? So continuous 1 hr access if aup is accepted again? Similar to what is possible in self-register guest portal where the guest account can be restricted to 1hr, but allows user back to self-register portal allowing them access again.

 

JAK > Why not just redirect using LastAUPAcceptance every hour to the AUP?

https://www.google.com/search?q=lastaupacceptance+ise+2.4&oq=lastaupacceptance+ise+2.4&aqs=chrome..69i57.4376j0j7&sourceid=chrome&ie=UTF-8

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_new_chapter_0100010.html#task_B11E9389EBF24FFF98ED40C1501F6E8B

 

3. For point 2, is there a way to do this without purging the endpoint - since shortest purge duration is 1 day and hourly purge option is not available? 

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-16-2019 11:23 AM

@Madura Malwatte wrote:

I was going over the following two communities guide:

https://communities.cisco.com/message/276046#276046

https://community.cisco.com/t5/security-documents/guest-hotspot-with-max-2-hours-network-access-per-day/tac-p/3891027#M6430

I have some questions:

1. Is there a specific reason to use radius session timeout of 900 seconds while user is being permitted? I mean I could even use 600 seconds or less to block closer to 1hr mark right?

JAK > would be good to separate and explain in more details

2. Is there a way to limit user access to 1 hr, but then allow them to be redirected to hotspot so they can go through aup and have 1 hr access again? So continuous 1 hr access if aup is accepted again? Similar to what is possible in self-register guest portal where the guest account can be restricted to 1hr, but allows user back to self-register portal allowing them access again.

 

JAK > Why not just redirect using LastAUPAcceptance every hour to the AUP?

https://www.google.com/search?q=lastaupacceptance+ise+2.4&oq=lastaupacceptance+ise+2.4&aqs=chrome..69i57.4376j0j7&sourceid=chrome&ie=UTF-8

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_new_chapter_0100010.html#task_B11E9389EBF24FFF98ED40C1501F6E8B

 

3. For point 2, is there a way to do this without purging the endpoint - since shortest purge duration is 1 day and hourly purge option is not available? 

 

0 Helpful
Customers Also Viewed These Support Documents