Is it possible to limit the association time for one user/mac address over a 24 hour period? Client has a hot-spot and wants to make sure it is not abused.
wlc 4402, 126.96.36.199
Thanks in advance for the help.
Configure a guest SSID and guest users. Once you dont want to give them access, remove the guest user from the WLC.
If you have a WCS, it will do that automatically for you.
Thanks for the reply.
These users are not 'guest' users. This ssid / vlan is used for a wireless hotspot. Users do not have to register but they would like to limit them to 3 hours or wifi.
hi, ressurecting an old un-answered post here as this is exactly the feature I'm looking for.
The ability to limit assoc time per client on an un-authenticated public service.
Is it possible on the WLC? Or is it in Guest NAC or something else?
Thanks in advance for any pointers.
OK, a bright colleague has this idea.
Configure L2 Security MAC Filtering via RADIUS
The RADIUS server keeps a simple table of unique macaddr requests for the day. For each request:
if macaddr not found
send radius accept with attribute 27 session-timeout set to x seconds
send radius reject
at midnight clear the table ready for the next day
I need to work it through.
Hopefully I can combine the L3 passthru page to force a branded Acceptable Use Policy. Also would be nice to gracefully disassociate when the session timer expires. Need to look into session logout page - I'm not that confident that a graceful/polite exit will be possible but will see whats there. Would also be nice if the auth reject could somehow be made informative with a polite message saying the meter has run out.
Anyone have any ideas to add, I'd be most grateful for the post.
EDIT: I wonder if RADIUS Attribute 18 Reply-Message "Text that the user will see" can be used to send back informative reject reasons. Then again the client is on an open network and anyway it probably depends heavily on the functionality of the client wifi driver/stack.
"Edited to try and fix whacky text formatting"