Guest Re-Authentication

Mike Elliott · ‎02-27-2015

I have setup a Sponsored Guest Wifi on a 2504 with ISE 1.3. I can create Guests, they can associate, and get re-directed to a Web Auth. It all works great.

I have a few guest types, one of which is a 5 day guest. With the 5 day guest with access hours between 8am - 6pm, I'd like to have the end user login to the network every morning. As it works now, the guest can login once during, and they are good for the entire 5 days.

I have two Auth Profiles setup. The first one is to do the CWA to get the user to sign on to the network. The 2nd Profile is to allow guest endpoints access to the network. I set the Reauthentication timer in the "Access" policy to 6000 seconds, however I am not sure that is working as expected.

Any hints on pushing Guest users back to the portal for authentication periodically?

mlovellette · ‎03-19-2015

Not sure if this will apply to wireless but this is how I did it for wired devices. On my system, ISE adds the guest users mac address to the appropriate endpoint identity group based on the Guest Type profile. I setup a re-authentication timer on the Authorization Profile and created a Endpoint Purge rule to remove any devices in the endpoint identity group. This was the only thing I could think of to make sure guest users where kicked off daily and login again the next day.