cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9745
Views
6
Helpful
10
Replies

How to limit guest access to 1 hour within a 24 hour period

tuenoerg
Cisco Employee
Cisco Employee

Hi,

We are looking to create a guest portal that provides user access for 1 hour - and only once during 24 hours. No possibility to create a new account.

Some time back I recall we could use the first-login parameter - and I have heard this is coming in ISE 2.1 again ?

Any hints will be appreciated.

Best regards

Tue Noergaard

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

From first login will not help as there is no way to restrict them creating an account again. Please do get the customer name and use case to the account team to communicate to the ISE-PM team so we can get baked into the product as a feature

See attached powerpoint i provided 2 ways to do this

For the LastAUPAcceptance option, this has been lowered to allow 1 hour under defect CSCuy24899 for ISE 1.4 patch 8 and should be included in 2.0 patch 4

View solution in original post

10 Replies 10

Jason Kunst
Cisco Employee
Cisco Employee

From first login will not help as there is no way to restrict them creating an account again. Please do get the customer name and use case to the account team to communicate to the ISE-PM team so we can get baked into the product as a feature

See attached powerpoint i provided 2 ways to do this

For the LastAUPAcceptance option, this has been lowered to allow 1 hour under defect CSCuy24899 for ISE 1.4 patch 8 and should be included in 2.0 patch 4

Thank you so much

You're welcome, please send me email with customer name and I will add to the feature request

Hi Jason,

 

Is this feature available now?

You can accomplish a similar goal using a hotspot portal. See the Guest Hotspot with max 2 hours network access per day example.

Hello Jason Kunst,

Thanks for the ppt file. We are using ISE 2.1. We have added patch no.2. We are using self registration for guest internet access. We are trying to restrict the guest internet usage to 30 minutes. After 30 minutes, guest is disconnected. However guest is able to relogin thru the captive portal and is able to get new user name and password thru SMS and is able to login. It can be observed from the following snapshot that the  user with the same mobile no has logged in 3 times on the same day. We do not want to allow guest to use internet after 30 minutes usage for next 24 hrs. In your ppt file and slide no 4, you have mentioned that BlockMessages should be added in a new profile. Whether this will prevent guest from accessing internet 2nd time on the same day? We tried to create a new profile for including BlockMessages. Please give us the procedure for creating profile for including BlockMessages or any other procedure to limit guest internet access to 30 minutes in a day.

Capture.PNG

For ISE 2.1 under this page there is a customization with hotspot as a message portal

ISE Guest & Web Authentication

Re: Support Information button in place of link?

To create a new authz profile navigate to Policy > Policy Elements > Results > Authorization > Authorization Profiles

See screenshot below

FOR ISE 2.2

you can either do that or create your own html file and upload it to custom portal files

ISE 2.2 Guest Enhancements

See slides 13-17 on how to make an authorization profile to use with your new HTML page as a message

Screen Shot 2017-11-22 at 10.46.30 AM.png

Thanks Jason for the inputs.

We tried and we are now able to limit guest internet access to 30 minutes in a day.

To achieve this user devices are detected as unknown device and after user logs in first time, user device profile is generated.  In the above case ( where in we are doing a POC for a bank ), as per bank's security concerns, we have to deny access to guest laptops ( windows or MAC or Linux ). We had earlier configured logical device profile to allow mobile devices (Android and Apple mobiles ).

Request you to give us some tips on blocking Laptops in addition to permission for 30 minutes internet access per day per mobile device. As mentioned earlier we are using ISE 2.1.0 with Patches 5 and 6 installed.

Please reach out to me directly via messaging

darronstambaugh3
Beginner
Beginner

Hi,

Creating a guest portal with limited user access for 1 hour and preventing the creation of new accounts sounds like a specific requirement. While I'm not familiar with the exact features of ISE 2.1, it's always a good idea to consult the documentation or reach out to the support team to dont waste your Hours for the product  accurate information and possible solutions. They will be able to provide you with the most up-to-date and relevant guidance for your specific needs.

Best regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers