10-28-2009 01:17 PM - edited 07-03-2021 06:12 PM
Is it possible to limit the association time for one user/mac address over a 24 hour period? Client has a hot-spot and wants to make sure it is not abused.
Current system:
wlc 4402, 5.2.193.0
Thanks in advance for the help.
10-28-2009 01:20 PM
Configure a guest SSID and guest users. Once you dont want to give them access, remove the guest user from the WLC.
If you have a WCS, it will do that automatically for you.
10-28-2009 05:17 PM
Thanks for the reply.
These users are not 'guest' users. This ssid / vlan is used for a wireless hotspot. Users do not have to register but they would like to limit them to 3 hours or wifi.
10-27-2011 02:00 PM
hi, ressurecting an old un-answered post here as this is exactly the feature I'm looking for.
The ability to limit assoc time per client on an un-authenticated public service.
Is it possible on the WLC? Or is it in Guest NAC or something else?
Thanks in advance for any pointers.
10-28-2011 05:10 AM
OK, a bright colleague has this idea.
Configure L2 Security MAC Filtering via RADIUS
The RADIUS server keeps a simple table of unique macaddr requests for the day. For each request:
if macaddr not found
insert macaddr
send radius accept with attribute 27 session-timeout set to x seconds
else
send radius reject
fi
;
at midnight clear the table ready for the next day
I need to work it through.
Hopefully I can combine the L3 passthru page to force a branded Acceptable Use Policy. Also would be nice to gracefully disassociate when the session timer expires. Need to look into session logout page - I'm not that confident that a graceful/polite exit will be possible but will see whats there. Would also be nice if the auth reject could somehow be made informative with a polite message saying the meter has run out.
Anyone have any ideas to add, I'd be most grateful for the post.
Thanks, Graeme
EDIT: I wonder if RADIUS Attribute 18 Reply-Message "Text that the user will see" can be used to send back informative reject reasons. Then again the client is on an open network and anyway it probably depends heavily on the functionality of the client wifi driver/stack.
"Edited to try and fix whacky text formatting"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide