Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
1
Helpful
4
Replies

User life time policy with ISE

Go to solution
rlandire
Cisco Employee
Cisco Employee

‎11-13-2017 01:54 PM

Hi team, this question is for a public wifi deployment project. In this case users will be authenticated using a guest portal, in this order of ideas please your help with the following questions:

- May I able to define policies using lifetime radius parameters ? for example, wifi users can only have internet access two hours per day.

- Using guest portal for authentication, what options we have for users database ? (active directory, local database, external radius server ?)

Best regards,

Robert

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-14-2017 09:47 AM

ISE allows to create guest users good for a duration but not limiting them the number of hours on the network during the allotted interval. For example, we may create an ISE guest account that is good for a day from the first login, ISE does not track how many hours that guest user has been on the network since first login, and, at the end of the day, the user is knocked off the network if still on or not allowed to log back onto the network.

ISE guest portal allows a variety of ID stores -- ISE guest users, ISE internal users, AD/LDAP, RADIUS token servers, ODBC, SAML IdP, and Facebook.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-14-2017 09:47 AM

ISE allows to create guest users good for a duration but not limiting them the number of hours on the network during the allotted interval. For example, we may create an ISE guest account that is good for a day from the first login, ISE does not track how many hours that guest user has been on the network since first login, and, at the end of the day, the user is knocked off the network if still on or not allowed to log back onto the network.

ISE guest portal allows a variety of ID stores -- ISE guest users, ISE internal users, AD/LDAP, RADIUS token servers, ODBC, SAML IdP, and Facebook.

0 Helpful

Go to solution
rlandire
Cisco Employee
Cisco Employee
In response to hslai

‎11-14-2017 10:52 AM

Thanks Hsing.

0 Helpful

Go to solution
gbekmezi-DD
Level 5
Level 5
In response to hslai

‎11-14-2017 11:50 AM

To add to Hsing’s response, there are things you can do to enforce time limits. I know we have this discussion a couple of years ago in the community somewhere but I can’t find it right now :). Basically, you can have the AuthZ policy return a session timeout (like maybe 8 hours) to ensure the user can’t stay logged in much beyond the time when their account expires.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to gbekmezi-DD

‎11-14-2017 12:47 PM

Check this out - https://communities.cisco.com/thread/83759

0 Helpful
Customers Also Viewed These Support Documents