cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1020
Views
0
Helpful
4
Replies

Time of Day per User Application Restriction

Jason Tyler
Cisco Employee
Cisco Employee

For Customer RFP response - A customer would like to authenticate wireless users - which may be on laptops or smart devices (ipad/iphone and similar) and apply an AVC profile to a flexconnect wireless client.

But for certain times of the day, then restrict the users only to certain applications.

The example being schools.

During lesson time they want to allow to application for classroom use and block internet, but during breaks, potentially allow internet and other applications, but then restrict when back in class sessions again.

Is there an easy method within ISE to achieve this?

If you authenticate and have AAA override with AVC profiles pushed to clients, then would you need to force a re-auth, in-order for any new avc profiles to be pushed for different times of day?

Or, would you need to have a constant posture assessment on to evaluate client devices an allow apps?

Or, could you allow applications on a per location basis - therefore, if in classroom, allow app's x,y,z or if not in classroom allow apps a,b,c ? - assume you would need pretty good location capability for this?

open to any suggestions of a good approach.

Many thanks,

Jason