Solved: Re: ISE timeout

wmeier · ‎04-12-2016

Hello,

customer wants to use ISE Guest Portal to authenticate contractors. They want to use the feature

'automatically register guest devices' to not run into the timeout when the notebook gets closed, which they are seeing today on the WLC Guest Portal doing the same thing.

Backend directory is ldap with account deactivation after a day or also after an week.

How does the authorization takes place on ISE when the MAC Address is not purged for a month, is the deactivated account on ldap considered by any means.

Fact is, they don't want to reauthenticate on the guest portal but they don't want to let the contractor in once the contractor credentials got deactivated on ldap.

Any comments are welcome.

Regards

Wolfgang

Jason Kunst · ‎04-12-2016

Once you register and base authorization off mac address you have lost visibility of the ldap account

the only way to tie an expiration of an account to a MAC address is to use guest accounts as when the guest account expires the portal user id is removed from the endpoint which is also removed from the endpoint group and would be the required to go back through the web auth portal

View solution in original post

Jason Kunst · ‎04-12-2016

Once you register and base authorization off mac address you have lost visibility of the ldap account

the only way to tie an expiration of an account to a MAC address is to use guest accounts as when the guest account expires the portal user id is removed from the endpoint which is also removed from the endpoint group and would be the required to go back through the web auth portal