Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Expire account in Cisco ISE1.2

               Hello,

We are having a Cisco ISE with latest patches and version 1.2. We are doing wireless Dot1x with guestaccounts. And the role for the accounts is "Activatedguest". We are a bit puzzled by the fact that even if accounts have expired we are able to login with them. Seems like a bug. Somebody else that have run in to this?

5 REPLIES

ActivatedGuest: Users can

ActivatedGuest: Users can bypass the Guest portal and access the network by providing credentials to the native supplicant on their device (such as with IEEE 802.1X (dot1x) authentication.)

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html

New Member

Hi,This would normally mean

Hi,

This would normally mean that you are only authenticating users, and not authorizing them. Check your authorization rules and that you have correctly configured your WLC with "Enable AAA Override".

Radu

Cisco Employee

have you tried deleting or

have you tried deleting or suspending the account from sponsor portal ?

Silver

Do verify which policy is

Do verify which policy is allowing the user to be logging in it will help you narrow down the issue also delete the account and recreate it as suggested in the last post

Cisco Employee

 ActivatedGuestUsers can

 

ActivatedGuest

Users can bypass the Guest portal and access the network by providing credentials to the native supplicant on their device (such as with IEEE 802.1X (dot1x) authentication.
Some users might make a first connection via another method as the Central Web interface, for example, via 802.1X authentication or via VPN sessions. This would not work if the user is created as “Guest” user. When a user is created as “ActivatedGuest”, its status is immediately set to “Active” and users can immediately logon with other methods as CWA.
 [1] “Password Change at first logon” is not possible for “ActivatedGuests” and

[2] an AUP (Acceptable Use Policy) can’t be shown to “ActivatedGuests”. It is assumed “ActivatedGuests” users inherently agree with the AUP when account is created.

199
Views
0
Helpful
5
Replies
CreatePlease login to create content