cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1045
Views
0
Helpful
1
Replies

ISE timeout

wmeier
Cisco Employee
Cisco Employee

Hello,

customer wants to use ISE Guest Portal to authenticate contractors. They want to use the feature

'automatically register guest devices' to not run into the timeout when the notebook gets closed, which they are seeing today on the WLC Guest Portal doing the same thing.

Backend directory is ldap with account deactivation after a day or also after an week.

How does the authorization takes place on ISE when the MAC Address is not purged for a month, is the deactivated account on ldap considered by any means.

Fact is, they don't want to reauthenticate on the guest portal but they don't want to let the contractor in once the contractor credentials got deactivated on ldap.

Any comments are welcome.

Regards

Wolfgang

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Once you register and base authorization off mac address you have lost visibility of the ldap account

the only way to tie an expiration of an account to a MAC address is to use guest accounts as when the guest account expires the portal user id is removed from the endpoint which is also removed from the endpoint group and would be the required to go back through the web auth portal

View solution in original post

1 Reply 1

Jason Kunst
Cisco Employee
Cisco Employee

Once you register and base authorization off mac address you have lost visibility of the ldap account

the only way to tie an expiration of an account to a MAC address is to use guest accounts as when the guest account expires the portal user id is removed from the endpoint which is also removed from the endpoint group and would be the required to go back through the web auth portal