03-15-2019 03:18 AM - edited 07-05-2021 10:03 AM
Hi,
Is it possible to apply a time based restriction for a user MAC to access a SSID?
We are using Cisco 5500, Prime 3.5
03-15-2019 03:52 AM
How is your User authenticating ?
May be possible exmaple : (may be this not give time based, but check on the user authentication times)
03-15-2019 05:07 AM
Hi Balaji,
We are authentication method is PSK. we have a special requirement where we have to whitelist one MAC for a SSID with time based access. other user connecting that SSID can have full time access. is that possible?
03-15-2019 06:01 AM
Yes. As I've have said earlier, you can deploy a recurring job like daily e.g. at 8AM to allow a certain MAC access a WLAN then create another one at 5PM so it will be blocked. It doesn't matter what security method you use as you're blocking a MAC address.
Configuration / Templates / Features and Technologies / Controller / CLI
You can use a CLI as well something like this:
(create a job to deploy at 8AM daily) (1-is the WLAN id, you can do "show wlan summary")(0-interface"i just chose none")
config macfilter delete aa:aa:bb:bb:cc:cc 1 0
(create a job to deploy at 5PM daily)
config macfilter add aa:aa:bb:bb:cc:cc 1 0
03-15-2019 07:11 AM
Hi superego,
Thanks for your response. Could you please eloborate how to create a job and schedule to a specific time in gui r CLI?
The CLI commands you have provided only do the MAC filtering right? how to run that job periodically?
03-15-2019 07:44 AM
Thanks for your response. Could you please eloborate how to create a job and schedule to a specific time in gui r CLI?
On the GUI, go to Configuration>Features & Technologies>Controller>CLI>General-CLI
*Name - Disable Client Accessing WLAN (You can put any description)
Commands
paste the CLI command here, like:
config macfilter add aa:aa:bb:bb:cc:cc 1 0
Check the checkbox "Save Config to Flash after apply"
Click "Save as New Template" then Save in CLI
------------------------------
Create another Template to allow:
Configuration>Features & Technologies>Controller>CLI>General-CLI
*Name - Enable Client Accessing WLAN (You can put any description)
Commands
paste the CLI command here, like:
config macfilter delete aa:aa:bb:bb:cc:cc 1 0
Check the checkbox "Save Config to Flash after apply"
Click "Save as New Template" then Save in CLI
------------------------------
The CLI commands you have provided only do the MAC filtering right? how to run that job periodically?
Yes, MAC filtering.
You can run it periodically by going to Configuration>Features & Technologies>My Templates>Features and Technologies>Controller>CLI
Click on the template then click Deploy. Apply it to the device "WLC" then scroll down below under Schedule, Start time "choose what time you want to run the job" then go to Recurrence, you can choose like Daily. Create one job to enable and another job to disable the client.
***Please mark helpful post or tag it as a solution***
03-15-2019 03:58 AM
For a certain user, you can prevent a MAC address accessing the WLAN by blocking it. Create 2 schedules/deployment, allow and disable.
Configuration / Templates / Features & Technologies
Controller / Security / Manually Disabled Clients
Deploy - Schedule Deployment - Daily
03-15-2019 05:09 AM
Hi Superego,
Yes I am aware whitelisting user based on MAC. here my requirement is to provide access for a MAC to accesss that SSID during specific time of the day
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: