Showing results for 
Search instead for 
Did you mean: 

Association time limit

Is it possible to limit the association time for one user/mac address over a 24 hour period? Client has a hot-spot and wants to make sure it is not abused.

Current system:

wlc 4402,

Thanks in advance for the help.


Re: Association time limit

Configure a guest SSID and guest users. Once you dont want to give them access, remove the guest user from the WLC.

If you have a WCS, it will do that automatically for you.


Re: Association time limit

Thanks for the reply.

These users are not 'guest' users. This ssid / vlan is used for a wireless hotspot. Users do not have to register but they would like to limit them to 3 hours or wifi.

Association time limit

hi,  ressurecting an old un-answered post here as this is exactly the feature I'm looking for.

The ability to limit assoc time per client on an un-authenticated public service.

Is it possible on the WLC? Or is it in Guest NAC or something else?

Thanks in advance for any pointers.


Re: Association time limit

OK,  a bright colleague has this idea.

Configure L2 Security MAC Filtering via RADIUS

The RADIUS server keeps a simple table of unique macaddr requests for the day. For each request:

if macaddr not found

    insert macaddr

    send radius accept with attribute 27 session-timeout set to x seconds


    send radius reject



at midnight clear the table ready for the next day

I need to work it through.

Hopefully I can combine the L3 passthru page to force a branded Acceptable Use Policy. Also would be nice to gracefully disassociate when the session timer expires. Need to look into session logout page -  I'm not that confident that a graceful/polite exit will be possible but will see whats there. Would also be nice if the auth reject could somehow be made informative with a polite message saying the meter has run out.

Anyone have any ideas to add, I'd be most grateful for the post.

Thanks, Graeme

EDIT:  I wonder if RADIUS Attribute 18 Reply-Message "Text that the user will see" can be used to send back informative reject reasons. Then again the client is on an open network and anyway it probably depends heavily on the functionality of the client wifi driver/stack.

"Edited to try and fix whacky text formatting"

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards