cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
777
Views
0
Helpful
7
Replies

Time based SSID access for a user MAC

kumar.krishna1
Level 1
Level 1

Hi,

 

Is it possible to apply a time based restriction for a user MAC to access a SSID?

We are using Cisco 5500, Prime 3.5

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

How is your User authenticating ? 

 

May be possible exmaple :  (may be this not give time based, but check on the user authentication times)

 

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71811-wlan-ssid-wlc-acs.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

 

We are authentication method is PSK. we have a special requirement where we have to whitelist one MAC for a SSID with time based access. other user connecting that SSID can have full time access. is that possible?

Yes.  As I've have said earlier, you can deploy a recurring job like daily e.g. at 8AM to allow a certain MAC access a WLAN then  create another one at 5PM so it will be blocked.   It doesn't matter what security method you use as you're blocking a MAC address.

 

Configuration / Templates / Features and Technologies / Controller / CLI

 

You can use a CLI as well something like this:

(create a job to deploy at 8AM daily) (1-is the WLAN id, you can do "show wlan summary")(0-interface"i just chose none")

config macfilter delete aa:aa:bb:bb:cc:cc 1 0  

 

(create a job to deploy at 5PM daily)

config macfilter add aa:aa:bb:bb:cc:cc 1 0

 

 

Hi superego,

 

Thanks for your response. Could you please eloborate how to create a job and schedule to a specific time in gui r CLI?

The CLI commands you have provided only do the MAC filtering right? how to run that job periodically?

Thanks for your response. Could you please eloborate how to create a job and schedule to a specific time in gui r CLI?

 

On the GUI, go to Configuration>Features & Technologies>Controller>CLI>General-CLI

*Name - Disable Client Accessing WLAN (You can put any description)

Commands

paste the CLI command here, like:

config macfilter add aa:aa:bb:bb:cc:cc 1 0  

 

Check the checkbox "Save Config to Flash after apply"

Click "Save as New Template" then Save in CLI

------------------------------

 

Create another Template to allow:

 

Configuration>Features & Technologies>Controller>CLI>General-CLI

*Name - Enable Client Accessing WLAN (You can put any description)

Commands

paste the CLI command here, like:

config macfilter delete aa:aa:bb:bb:cc:cc 1 0  

 

Check the checkbox "Save Config to Flash after apply"

Click "Save as New Template" then Save in CLI

 

------------------------------

 

The CLI commands you have provided only do the MAC filtering right? how to run that job periodically?

 

Yes, MAC filtering.

 

You can run it periodically by going to Configuration>Features & Technologies>My Templates>Features and Technologies>Controller>CLI

 

Click on the template then click Deploy.  Apply it to the device "WLC" then scroll down below under Schedule, Start time "choose what time you want to run the job" then go to Recurrence, you can choose like Daily.  Create one job to enable and another job to disable the client.

 

***Please mark helpful post or tag it as a solution***

 

superego
Level 1
Level 1

For a certain user, you can prevent a MAC address accessing the WLAN by blocking it.  Create 2 schedules/deployment, allow and disable.

 

Configuration / Templates / Features & Technologies
Controller / Security / Manually Disabled Clients
Deploy - Schedule Deployment - Daily

Hi Superego,

 

Yes I am aware whitelisting user based on MAC. here my requirement is to provide access for a MAC to accesss that SSID during specific time of the day

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: