Scheduling user access to AP's with NAC

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I have created a rule in which the goal is to block access to the SSID during certain hours on a certain SSID

I created a Time Group

I created a Location Group

I created a Profile in which I want to Reject all traffic on this SSID. At first I had the Reject Authentication Requests. It didn’t work.

This SSID is unauthenticated and wide open, per customer request. Now I’m testing unticking the box for Reject Authentication and changing the Accept Policy to Deny Access.

 

Is this the right move?
Is there a better option?

Photo of rhaviland

rhaviland

  • 244 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,332 Points 5k badge 2x thumb
Hello,

If the SSID has MAC authentication enabled I would suggest using an accept policy for "Deny Access". Check the "Deny Access" role on the EWC to make sure that the role is configured to not allow any access.

Also, in 7.0 there is a script called "Wireless WLAN Scheduler" that can be used to schedule the enabling/disable of the SSID if you want to prevent access by disabling the SSID instead of providing a deny access accept policy through NAC.

Thanks
-Ryan
Photo of rhaviland

rhaviland

  • 244 Points 100 badge 2x thumb
Well, the NAC has been bought so I need to use it to Deny Access based on a schedule. The SSID is wide open, no authentication at all, per customer request. I'm not really concerned with hiding the SSID because it doesn't really do much for keeping people off the SSID at night.

Thanks for the ideas that will be greatly useful in another situation.