I have a guest portal on ISE configured for central web authentication for our wireless network. I only purchased the basic licensing because I am not interested in the product for profiling, mobile device management, etc.
Is there a way that I can have ISE grant a user access for several months (a semester) without having to login to the web portal again?
It might help to mention that I don't mind if the students cannot manage their connected devices.
On the surface of it I can't see a way for you to grant access without logging back into the portal - especially with mobile devices. What you could do as another option is use ISE "activated guest" credentials for a PEAP connection on your SSID.
Basically you would create the accounts via the sponsor portal as per usual but instead of "guest" use "activated guest". You would then need to reconfigure your SSID to support EAP and create associated ISE policies to support PEAP and checking users are part of the activated guest group. What this then means is that once credentials are entered they can be remembered by the client device.
The only real drawback to this method is the lack of AUP which get via the portal. I always get around this by providing the AUP (or links to) on the instructions provided to the client upon receipt of the credentials.
Activated Guest role which can be used for those customers who want to grant access to a more secure network (dot1x/VPN for remote users) without needing to login to the Guest Portal to activate the user account. This also gives the guest a way to connect and cache their credentials via their dot1x supplicant instead of having them login to the guest portal via redirection every time they connect to the network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...