05-21-2020 04:36 AM
Hi experts,
I have been looking at implement ISE guest wireless with short account life times, ideally 2 hours, based on self-registered portal.
To achieve this, I would need to use NetworkAccess:Usecase GuestFlow in the authorization rules for such short time periods, because when using GuestEndpoints identity group and relaying on endpoint purge, the purge job would only run once a day at night, which means the endpoint would stay in the GuestEndpoints for the whole day and the guest endpoint would have Internet access for much longer than two hours.
Just wanted to check if this logic is correct and if there is maybe another way how to achieve this with GuestEndpoints identity group? (which provides better user experience, as users don't need to log on to the network more than once).
Thank you
Solved! Go to Solution.
05-21-2020 07:25 AM
You don't rely solely on the identity group in your rules for this and you don't need the guest flow condition at all for guest setups. You have a couple things you need to do to make this work:
05-21-2020 07:25 AM
You don't rely solely on the identity group in your rules for this and you don't need the guest flow condition at all for guest setups. You have a couple things you need to do to make this work:
05-22-2020 05:31 AM
Thanks very much for the suggestion, this worked nicely.
It would be great if there was an option just to purge the associated guest endpoint from GuestEndpoints group automatically when the self-registered guest account expires.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide