11-13-2017 01:54 PM
Hi team, this question is for a public wifi deployment project. In this case users will be authenticated using a guest portal, in this order of ideas please your help with the following questions:
- May I able to define policies using lifetime radius parameters ? for example, wifi users can only have internet access two hours per day.
- Using guest portal for authentication, what options we have for users database ? (active directory, local database, external radius server ?)
Best regards,
Robert
Solved! Go to Solution.
11-14-2017 09:47 AM
ISE allows to create guest users good for a duration but not limiting them the number of hours on the network during the allotted interval. For example, we may create an ISE guest account that is good for a day from the first login, ISE does not track how many hours that guest user has been on the network since first login, and, at the end of the day, the user is knocked off the network if still on or not allowed to log back onto the network.
ISE guest portal allows a variety of ID stores -- ISE guest users, ISE internal users, AD/LDAP, RADIUS token servers, ODBC, SAML IdP, and Facebook.
11-14-2017 09:47 AM
ISE allows to create guest users good for a duration but not limiting them the number of hours on the network during the allotted interval. For example, we may create an ISE guest account that is good for a day from the first login, ISE does not track how many hours that guest user has been on the network since first login, and, at the end of the day, the user is knocked off the network if still on or not allowed to log back onto the network.
ISE guest portal allows a variety of ID stores -- ISE guest users, ISE internal users, AD/LDAP, RADIUS token servers, ODBC, SAML IdP, and Facebook.
11-14-2017 10:52 AM
Thanks Hsing.
11-14-2017 11:50 AM
To add to Hsing’s response, there are things you can do to enforce time limits. I know we have this discussion a couple of years ago in the community somewhere but I can’t find it right now :). Basically, you can have the AuthZ policy return a session timeout (like maybe 8 hours) to ensure the user can’t stay logged in much beyond the time when their account expires.
11-14-2017 12:47 PM
Check this out - https://communities.cisco.com/thread/83759
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide