09-21-2020 04:48 AM
We use a WLAN with PSK to allow configuring of Apple Devices and update to get on to corporate WLAN.
But people share this PSK around and add their own devices.
Currently this doesn't go via the ISE, but I'm looking at using iPSK with the ISE
Is it possible to force a time out and not allow a devices back on after a prefixed time?
Cheers
09-21-2020 08:39 AM
IMO you have a couple of options. One specific option includes the ability to limit/restrict access by utilizing a 'Time and Date' condition that then gets referenced in the authz policy. When using Time and Date conditions you have the ability to set specific hours, specific date ranges, etc. You just need to ensure devices hit your authz policy. HTH!
09-22-2020 07:52 AM
Limiting an endpoint's session by time and preventing personal devices are two separate issues with separate solutions. I understand why you may not want people to connect personal devices but using a pre-shared key does not give you user accountability so you need to do things differently. iPSK will only create more work for you and your users because you need to manually add each MAC with a unique pre-shared key.
Limiting an Endpoint by Session Time
This is a standard Guest feature where you may limit by the number of hours either by time of day (8am-5pm) or by a time limit from first connect (4 hour limit). This is not possible in ISE for non-guest users. See Configuring Guest Type Access Times, Location, and Time Zone.
Bring Your Own Device (BYOD)
Differentiating access for corporate vs personal devices is the purpose of BYOD. You typically provision corporate assets with certificates so you know they are managed. This may also be done with an MDM then authenticated with ISE. Personal devices could then simply use Guest access or the employee's username/password for authentication. You could also provision a separate certificate to personal devices as part of BYOD enrollment. See Cisco ISE BYOD Prescriptive Deployment Guide > Solution Deployment Considerations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide