Accepted Solutions
Unclear what the real issue is here and why you are being so restrictive but .... here you go:
You may create a 1_Hour_Guest type as shown below.
I assume you're talking about a HotSpot scenario since I cannot imagine such overhead for anyone taking the time to Register or be Sponsored. However, HotSpot tracks users by MAC address - not be a login username/password - and all modern mobile devices randomize their MAC address which would defeat your 1-hour policy immediately.
This means you would need to do a Self-Registered or Sponsored guest portal.
I don't think 1-hour of Internet access is worth the time of your Sponsoring employee(s) to approve [random] guests for a single hour of access every single day. If it truly is, this is your best option because you ultimately have a human sponsor approving them - or not - for every access request for every hour of every day. 8-/
This leaves you with Self-Registered where you can mitigate random MACs bypassing the HotSpot limitations by using a username/password for logins and use their mobile phone number as the username and SMS them their password. They might carry 2 phones but otherwise that should limit it. 8-)
Finally, if none of this is perfect for you, there is always the custom, API-based guest solution where you could even register them outside of ISE and put them in and out of Allow/Blocklists for enforcement by ISE.
Unclear what the real issue is here and why you are being so restrictive but .... here you go:
You may create a 1_Hour_Guest type as shown below.
I assume you're talking about a HotSpot scenario since I cannot imagine such overhead for anyone taking the time to Register or be Sponsored. However, HotSpot tracks users by MAC address - not be a login username/password - and all modern mobile devices randomize their MAC address which would defeat your 1-hour policy immediately.
This means you would need to do a Self-Registered or Sponsored guest portal.
I don't think 1-hour of Internet access is worth the time of your Sponsoring employee(s) to approve [random] guests for a single hour of access every single day. If it truly is, this is your best option because you ultimately have a human sponsor approving them - or not - for every access request for every hour of every day. 8-/
This leaves you with Self-Registered where you can mitigate random MACs bypassing the HotSpot limitations by using a username/password for logins and use their mobile phone number as the username and SMS them their password. They might carry 2 phones but otherwise that should limit it. 8-)
Finally, if none of this is perfect for you, there is always the custom, API-based guest solution where you could even register them outside of ISE and put them in and out of Allow/Blocklists for enforcement by ISE.
