cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3646
Views
1
Helpful
7
Replies

Periodic AUP Acceptance - less than 8 hours?

danbates
Cisco Employee
Cisco Employee

Hello,

I understand that I can use the Endpoint:LastAUPAcceptanceHours authorization condition to create a rule redirecting Guest users to a portal to re-sign an AUP when the AUP period has expired.  The Cisco ISE Administrator Guide, Release 2.1, gives the usable range of this AUP period as 8 to 999 hours.  Is it possible to reduce this time in order to require Guest users to re-establish their session as often as every 30 minutes?

Documentation source: Cisco Identity Services Engine Administrator Guide, Release 2.1  - Configure Guest Access [Cisco Identity Services Engin…

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

View solution in original post

7 Replies 7

Timothy Abbott
Cisco Employee
Cisco Employee

Daniel,

I don't believe so but maybe jakunst knows of a trick around it.

Regards,

-Tim

Jason Kunst
Cisco Employee
Cisco Employee

Please explain your use case and what you need want to do

Enhancement open to allow as low as 1 hour.


CSCuy24899 - Decrease the minimum value for LastAUPAcceptance check

ISE 1.4 Patch8

ISE 2.0 Patch4

ISE 2.0.1 Patch1

ISE 2.1 Patch2

Hi Jason,

I have a customer who wants to limit hotspot guest access to 30 minutes per session, and when the session expires, have the guests re-authenticate through the hotspot AUP page.

Why not require AUP on every login then and set session timeout via authz profile to 30 minutes? Would that work?

Warning: I either dictated this to my device, or typed it with my thumbs. Erroneous words are a feature, not a typo.

Not sure how that would work as endpoint is still registered and authorization is based off endpoint group and not hitting a portal until removed from that page.. Don't see this working

Of course you are right for a hotspot portal Jason. But, could they use a traditional guest portal, hide the username and password fields (prepopulate via script) and then require the AUP to be accepted?

George

Yes but then you're contemplating things, if 1 hour will work I would rather not get into that

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers