cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3349
Views
1
Helpful
7
Replies
danbates
Cisco Employee

Periodic AUP Acceptance - less than 8 hours?

Hello,

I understand that I can use the Endpoint:LastAUPAcceptanceHours authorization condition to create a rule redirecting Guest users to a portal to re-sign an AUP when the AUP period has expired.  The Cisco ISE Administrator Guide, Release 2.1, gives the usable range of this AUP period as 8 to 999 hours.  Is it possible to reduce this time in order to require Guest users to re-establish their session as often as every 30 minutes?

Documentation source: Cisco Identity Services Engine Administrator Guide, Release 2.1  - Configure Guest Access [Cisco Identity Services Engin…

1 ACCEPTED SOLUTION

Accepted Solutions
Jason Kunst
Cisco Employee

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

View solution in original post

7 REPLIES 7
Timothy Abbott
Cisco Employee

Daniel,

I don't believe so but maybe jakunst knows of a trick around it.

Regards,

-Tim

Jason Kunst
Cisco Employee

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

Hi Jason,

I have a customer who wants to limit hotspot guest access to 30 minutes per session, and when the session expires, have the guests re-authenticate through the hotspot AUP page.

Why not require AUP on every login then and set session timeout via authz profile to 30 minutes? Would that work?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Not sure how that would work as endpoint is still registered and authorization is based off endpoint group and not hitting a portal until removed from that page.. Don't see this working

Of course you are right for a hotspot portal Jason. But, could they use a traditional guest portal, hide the username and password fields (prepopulate via script) and then require the AUP to be accepted?

George

Yes but then you're contemplating things, if 1 hour will work I would rather not get into that

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube