Showing results for 
Search instead for 
Did you mean: 


Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


Restrict wireless internet access on certain periods of time


We need help on setting up a network with some restrictions for the attached clients.

We're quite new at setting up a network at this size.

Used devices:

1x SRP 540 router

1x SG 300-10P managed switch

4x AP 541N accesspoint

What we want to do:

1. Around 100 laptops and desktop computers need wireless internet access, but some of them on limited times during the day.

2. Not all wireless devices are allowed on using the wireless network.

3. There are also wired desktops that don't need restrictions.

4. We need the possibility to restrict most of the wireless devices to access certain websites or use certain applications on those computers to use internet access during the times that the computers are allowed to access the internet.

5. We want to restrict the clients for using torrents or other possibilities of downloading illegal content.

What we were able to do:

1. The accesspoints (AP 541N) are clustered to achieve 1 large wireless network.

2. Only mac-adresses that are listed in the accesspoints are capable of using the wireless network. Other mac-adresses are not allowed to use the accesspoints.

What we tried already:

1. adding the mac-adresses for the accesspoints to the list of "internet access policy" in the router. Internet access seemed still possible during periods the access wasn't supposed to be possible.

2. adding the mac-adresses from all clients in this internet access policy seemed useless. Only 10 Internet Access Policies seem to be possible to program. 8 mac-adresses per policy. Knowing there are (at least) two policies needed to restrict a group of 8 macs to access the internet in 24 hours (because blocking the internet from f.e. 22u in the evening to 6 in the morning is not possible because 6 is smaller than 22 - or 10PM).

Besides, after blocking internet access, we need also to write policies in blocking some websites or keywords.

Thanks already for your guidelines.



what about the thoughts of radius for authentication which is connected to active directory for your wireless users. Then have those people you must limit access too during the day in their own security group that's only allowed to login to the domain during certain times of the day.

To limit sites or what they can do on the Internet will require a separate solution for content/URL filtering. Then you can make policies and apply to your security groups in active directory block by category, keyword, and so on.

This is all great assuming you can get these clients into AD.

Just a quick thought, hope it helps.


Sent from Cisco Technical Support iPad App

Thanks for your reply, dschlicht.

Excuse my ignorance, but for active directory I need a server, am I right? It isn't possible with the devices that are already in the network, is it?

If it is possible by using just those devices, can you guide me in configuring them? I can surely use some guidance.

Thanks for teaching me.



Doesn't seam very easy to do...

Can there be a solution in creating v-lans? So let's say I want to create 3 v-lans using the mac-addresses of the clients divided in 3 usergroups (each v-lan, one group).

Can anyone help me in setting up just that?

I'm using this switch: Sg300-10p

And 4 accesspoints clustered: Ap541n

And this router: srp541w-e-k9

Thanks already for your guidance.