cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2302
Views
1
Helpful
7
Replies
Highlighted
Cisco Employee

Periodic AUP Acceptance - less than 8 hours?

Hello,

I understand that I can use the Endpoint:LastAUPAcceptanceHours authorization condition to create a rule redirecting Guest users to a portal to re-sign an AUP when the AUP period has expired.  The Cisco ISE Administrator Guide, Release 2.1, gives the usable range of this AUP period as 8 to 999 hours.  Is it possible to reduce this time in order to require Guest users to re-establish their session as often as every 30 minutes?

Documentation source: Cisco Identity Services Engine Administrator Guide, Release 2.1  - Configure Guest Access [Cisco Identity Services Engin…

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

View solution in original post

7 REPLIES 7
Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Daniel,

I don't believe so but maybe jakunst knows of a trick around it.

Regards,

-Tim

Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

View solution in original post

Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Hi Jason,

I have a customer who wants to limit hotspot guest access to 30 minutes per session, and when the session expires, have the guests re-authenticate through the hotspot AUP page.

Highlighted
Contributor

Re: Periodic AUP Acceptance - less than 8 hours?

Why not require AUP on every login then and set session timeout via authz profile to 30 minutes? Would that work?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Not sure how that would work as endpoint is still registered and authorization is based off endpoint group and not hitting a portal until removed from that page.. Don't see this working

Highlighted
Contributor

Re: Periodic AUP Acceptance - less than 8 hours?

Of course you are right for a hotspot portal Jason. But, could they use a traditional guest portal, hide the username and password fields (prepopulate via script) and then require the AUP to be accepted?

George

Highlighted
Cisco Employee

Re: Periodic AUP Acceptance - less than 8 hours?

Yes but then you're contemplating things, if 1 hour will work I would rather not get into that