cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5631
Views
6
Helpful
7
Replies
Highlighted
Cisco Employee

How to limit guest access to 1 hour within a 24 hour period

Hi,

We are looking to create a guest portal that provides user access for 1 hour - and only once during 24 hours. No possibility to create a new account.

Some time back I recall we could use the first-login parameter - and I have heard this is coming in ISE 2.1 again ?

Any hints will be appreciated.

Best regards

Tue Noergaard

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

From first login will not help as there is no way to restrict them creating an account again. Please do get the customer name and use case to the account team to communicate to the ISE-PM team so we can get baked into the product as a feature

See attached powerpoint i provided 2 ways to do this

For the LastAUPAcceptance option, this has been lowered to allow 1 hour under defect CSCuy24899 for ISE 1.4 patch 8 and should be included in 2.0 patch 4

View solution in original post

7 REPLIES 7
Highlighted
Cisco Employee

From first login will not help as there is no way to restrict them creating an account again. Please do get the customer name and use case to the account team to communicate to the ISE-PM team so we can get baked into the product as a feature

See attached powerpoint i provided 2 ways to do this

For the LastAUPAcceptance option, this has been lowered to allow 1 hour under defect CSCuy24899 for ISE 1.4 patch 8 and should be included in 2.0 patch 4

View solution in original post

Highlighted

Thank you so much

Highlighted

You're welcome, please send me email with customer name and I will add to the feature request

Highlighted

Hello Jason Kunst,

Thanks for the ppt file. We are using ISE 2.1. We have added patch no.2. We are using self registration for guest internet access. We are trying to restrict the guest internet usage to 30 minutes. After 30 minutes, guest is disconnected. However guest is able to relogin thru the captive portal and is able to get new user name and password thru SMS and is able to login. It can be observed from the following snapshot that the  user with the same mobile no has logged in 3 times on the same day. We do not want to allow guest to use internet after 30 minutes usage for next 24 hrs. In your ppt file and slide no 4, you have mentioned that BlockMessages should be added in a new profile. Whether this will prevent guest from accessing internet 2nd time on the same day? We tried to create a new profile for including BlockMessages. Please give us the procedure for creating profile for including BlockMessages or any other procedure to limit guest internet access to 30 minutes in a day.

Capture.PNG

Highlighted

For ISE 2.1 under this page there is a customization with hotspot as a message portal

ISE Guest & Web Authentication

Re: Support Information button in place of link?

To create a new authz profile navigate to Policy > Policy Elements > Results > Authorization > Authorization Profiles

See screenshot below

FOR ISE 2.2

you can either do that or create your own html file and upload it to custom portal files

ISE 2.2 Guest Enhancements

See slides 13-17 on how to make an authorization profile to use with your new HTML page as a message

Screen Shot 2017-11-22 at 10.46.30 AM.png

Highlighted

Thanks Jason for the inputs.

We tried and we are now able to limit guest internet access to 30 minutes in a day.

To achieve this user devices are detected as unknown device and after user logs in first time, user device profile is generated.  In the above case ( where in we are doing a POC for a bank ), as per bank's security concerns, we have to deny access to guest laptops ( windows or MAC or Linux ). We had earlier configured logical device profile to allow mobile devices (Android and Apple mobiles ).

Request you to give us some tips on blocking Laptops in addition to permission for 30 minutes internet access per day per mobile device. As mentioned earlier we are using ISE 2.1.0 with Patches 5 and 6 installed.

Highlighted

Please reach out to me directly via messaging

Content for Community-Ad