Is it possible to limit or kill the output from AP's after hours?

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered
After a potential hacking attempt I've been asked to look into reducing or disabling the coverage area of AP's after business hours.

The AP's are all on power bricks, so that rules out doing anything with the switch I guess. This is not a function I remember or can find on the Controller, but wondered if anybody had any bright ideas?

Obviously they would need to extend their coverage in the morning.

Thanks in advance.
Photo of Simon Read

Simon Read

  • 136 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,514 Points 20k badge 2x thumb
Photo of James A

James A, Embassador

  • 7,002 Points 5k badge 2x thumb
A touch more direct, but slightly less user friendly as you have to look up the OID yourself:
/usr/bin/snmpset -v2c -c secret ewc.example.com .1.3.6.1.4.1.4329.15.3.3.4.4.1.7.101 i: 1
Change the 1 at the end to 2 to disable instead of enable. And the 101 is the VNS id.
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,514 Points 20k badge 2x thumb
Thanks James! 
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,924 Points 20k badge 2x thumb
If you use RADIUS authentication you'd also add a restriction so access during the night is not allowed.
i.e. for Windows NPS add a date/time restriction in the network policy....



-Ron
Photo of Charlie Altherr

Charlie Altherr

  • 400 Points 250 badge 2x thumb
I would do this with policy and NAC.  This would assume you have both available.  The policy would be a deny all or could be deny some, allow other.  The NAC would have a time group and location group defined.  The time group would be the off hours/days you wish to restrict or deny access.  The location group would define the access points/SSIDs or combination that you want to restrict or deny.  A rule would be created in the NAC that would call the deny policy when the location and time groups condition are met.  This not only accomplishes your immediate goal, but allows flexibility should your goals change, such as how much restriction to impose or different restrictions for different APs or SSIDs.
Photo of Dewald Botha

Dewald Botha

  • 674 Points 500 badge 2x thumb
I have been looking for a guide on how to deploy exactly what you are talking about Charlie.  Can you or perhaps anyone in the community point me to one or link to one? 
Appreciated,
Photo of Drew C.

Drew C., Community Manager

  • 39,444 Points 20k badge 2x thumb
Hi Dewald, It looks like you found your answer in the "How to disable/enable wireless services during specific times" article, which was shared in this thread.  Just want to make sure.
Photo of Dewald Botha

Dewald Botha

  • 674 Points 500 badge 2x thumb
HI Drew, 

That link will work for the interim and I will certainly use it.  However for the long term the client does want guest (walk in) registration.  I did see that it is totally possible with NAC - but I am finding it hard to successfully create it myself.
Photo of Drew C.

Drew C., Community Manager

  • 39,444 Points 20k badge 2x thumb
Can I ask you to create a new topic so the community can help you out with that?
Photo of Dewald Botha

Dewald Botha

  • 674 Points 500 badge 2x thumb
Will do.  Thanks.