Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2408
Views
10
Helpful
2
Replies

Ise: Multiple simultaneous guest logins

Giuliano Gerardi
Level 1
Level 1

‎10-03-2012 06:39 AM - edited ‎03-10-2019 07:37 PM

we have noticed that when someone gains access with webauthentication as a guest the system does not take care of avoiding multiple authentications by the same user...

this is really bad as the credentials can be easily passed between malicious guests

the right process should be

login > store mac address > permit only that one > allow access until the guest authorization expires with mac+Usercredentials

this is not acceptable on an access control solution like this

by now I'm looking for a workaround... and your help

A second question arises when thinking about the way the dhcp release / renew on COA happens

it doesn't work as it should... most of the times the ip is not renewed according to the authorizated network...

AND (this is very bad)

it needs administrative rights on the pc where it is meant to happen..... what if our guest have not that privileges?

thanks for your replies

G

Labels:
0 Helpful
2 Replies 2

Eduardo Aliaga
Level 4
Level 4

‎10-04-2012 05:41 PM

Hello. I asked the same question to a Cisco engineer during an ISE webinar. He told me that this feature is not available at current time. The exact question was :

Q : the feature "limit concurrent logins" for guest users is it in roadmap for what ISE version ?   

A : Current target is ISE 1.3, Q3CY13.  Note that ISE 1.3 feature list is not committed at this time.

This question should appear in the Q&A of the webinar"Voice of the Engineer - TrustSec & Identity Services Engine" in Cisco communities web.

Please rate if it helps

Eduardo Aliaga
Level 4
Level 4
In response to Eduardo Aliaga

‎10-04-2012 05:47 PM

About the second question you have, I have a workaround. What I do is , when the guest user still isn't authorized, I configure a DHCP timer of only 2 minutes in the DHCP pool from  Cisco WLC. That gives enough time for the guest user to be authenticated. After the user gets authenticated I change the vlan (where there is another DHCP server). Hopefully the original 2 minutes of the first DHCP pool have expired by now and the PC should ask a new IP from a new DHCP server.

Please rate if it helps

Customers Also Viewed These Support Documents