Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1790
Views
0
Helpful
9
Replies

ISE 3.1 Guest Internet Access for 2 hours

Go to solution
llomjaria
Level 1
Level 1

‎06-13-2023 07:53 AM

Hello,

I am currently working on a project where I need to configure a Guest Self-Registration Portal and could use some advice.

The requirement is for the registered guests to have internet access for a period of 2 hours, after which they should be unable to connect to the WiFi for a period of 1 hour.

I have searched through the available documentation but have been unable to find a clear path for setting up such a configuration. I understand how to set up time-limited access for the guests, but am unsure of how to implement a cooling-off period during which they are unable to reconnect.

Has anyone had experience with setting up a similar system or could provide guidance on how to achieve this?

Any assistance or pointers would be greatly appreciated.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎06-13-2023 09:42 AM

I am not sure about the cooling-off period, however, you can configure maximum access time under Guest Types on ISE to allow access to guest users for maximum 2 hours.

NancySaini_0-1686674521654.png

 

View solution in original post

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to llomjaria

‎06-15-2023 04:55 AM

You may also consider one of the many cloud based guest wifi providers (CloudiFi, Eleven Wireless, etc) as I can’t think of a way to get what you are after with ISE without some sort of external API based automation

View solution in original post

0 Helpful
9 Replies 9

Go to solution
ahollifield
VIP
VIP

‎06-13-2023 08:01 AM

I can't think of a way this work without some sort of external automation to add/remove the MAC address to a specific block group based on time.  What about MAC randomization?  The user could force a new random mac on the device and get another 2 hours.  What is the use-case for this?  Sounds like an awful guest experience to me.

0 Helpful

Go to solution
llomjaria
Level 1
Level 1
In response to ahollifield

‎06-13-2023 08:10 AM

Hello,

Thank you for your response.

To provide a bit more context, the goal of this configuration is to time limit guest internet access in a controlled environment. When a guest self-registers and receives their password via email, they should be granted internet access for a period of 2 hours. After this time, we want to restrict their access, even if they attempt to change their MAC address and re-register.

The use case here is to prevent continuous usage by the same guest without a cooling-off period. The guest should be able to reconnect to the Wi-Fi network only after an hour has passed since their disconnection.

We're looking for an efficient way to manage this scenario while maintaining a secure and fair access policy for all guests. Any further insights would be highly appreciated.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to llomjaria

‎06-13-2023 08:44 AM

Buy why?  What is the purpose of the cool off period?  What stops a guest from changing their MAC address or just providing another email?

0 Helpful

Go to solution
llomjaria
Level 1
Level 1
In response to ahollifield

‎06-13-2023 11:35 PM

While I understand your concern about guests potentially bypassing the intended restrictions by changing their MAC address or using another email, the main goal here is to develop a system that enforces time-limited internet access for the majority of guests who would comply with these terms.

I'm aware this isn't a typical configuration and there might be some inherent challenges. Therefore, I'd be grateful if we could focus on potential solutions or workarounds that might help to achieve this goal, or perhaps suggest an alternate approach that might serve a similar purpose.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to llomjaria

‎06-14-2023 06:10 AM

Yeah like I posted before, I don't think there is a way to do this natively.  I think an external API based automation will be what is required to accomplish this.  

0 Helpful

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎06-13-2023 09:42 AM

I am not sure about the cooling-off period, however, you can configure maximum access time under Guest Types on ISE to allow access to guest users for maximum 2 hours.

NancySaini_0-1686674521654.png

 

0 Helpful

Go to solution
llomjaria
Level 1
Level 1
In response to Nancy Saini

‎06-15-2023 04:23 AM

Thank you, Nancy!

I would appreciate it if someone could share any best practices or proven solutions related to achieving my goal. Our objective is to ensure a fair allocation of internet resources for our guests, while at the same time discouraging prolonged usage by a single user.

Any tips or guidance in implementing a system that could regulate internet access duration, and ensure a 'cooling-off' period, would be greatly beneficial.

 

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to llomjaria

‎06-15-2023 04:55 AM

You may also consider one of the many cloud based guest wifi providers (CloudiFi, Eleven Wireless, etc) as I can’t think of a way to get what you are after with ISE without some sort of external API based automation
0 Helpful

Go to solution
llomjaria
Level 1
Level 1
In response to ahollifield

‎06-15-2023 05:21 AM

Thanks for your help and suggestion.

0 Helpful
Customers Also Viewed These Support Documents