ExtremeWireless (Identifi)

 View Only
  • 1.  Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:00
    After a potential hacking attempt I've been asked to look into reducing or disabling the coverage area of AP's after business hours.

    The AP's are all on power bricks, so that rules out doing anything with the switch I guess. This is not a function I remember or can find on the Controller, but wondered if anybody had any bright ideas?

    Obviously they would need to extend their coverage in the morning.

    Thanks in advance.


  • 2.  RE: Is it possible to limit or kill the output from AP's after hours?



  • 3.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:07
    A touch more direct, but slightly less user friendly as you have to look up the OID yourself:
    /usr/bin/snmpset -v2c -c secret ewc.example.com .1.3.6.1.4.1.4329.15.3.3.4.4.1.7.101 i: 1[/code]Change the 1 at the end to 2 to disable instead of enable. And the 101 is the VNS id.


  • 4.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:07
    Thanks James!


  • 5.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:30
    If you use RADIUS authentication you'd also add a restriction so access during the night is not allowed.
    i.e. for Windows NPS add a date/time restriction in the network policy....



    -Ron


  • 6.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    I would do this with policy and NAC. This would assume you have both available. The policy would be a deny all or could be deny some, allow other. The NAC would have a time group and location group defined. The time group would be the off hours/days you wish to restrict or deny access. The location group would define the access points/SSIDs or combination that you want to restrict or deny. A rule would be created in the NAC that would call the deny policy when the location and time groups condition are met. This not only accomplishes your immediate goal, but allows flexibility should your goals change, such as how much restriction to impose or different restrictions for different APs or SSIDs.


  • 7.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    I have been looking for a guide on how to deploy exactly what you are talking about Charlie. Can you or perhaps anyone in the community point me to one or link to one?
    Appreciated,


  • 8.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    Hi Dewald, It looks like you found your answer in the "How to disable/enable wireless services during specific times" article, which was shared in this thread. Just want to make sure.


  • 9.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    HI Drew,

    That link will work for the interim and I will certainly use it. However for the long term the client does want guest (walk in) registration. I did see that it is totally possible with NAC - but I am finding it hard to successfully create it myself.


  • 10.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    Can I ask you to create a new topic so the community can help you out with that?


  • 11.  RE: Is it possible to limit or kill the output from AP's after hours?

    Posted 08-19-2015 11:34
    Will do. Thanks.