Scheduling user access to AP's with NAC

I have created a rule in which the goal is to block access to the SSID during certain hours on a certain SSID

I created a Time Group

I created a Location Group

I created a Profile in which I want to Reject all traffic on this SSID. At first I had the Reject Authentication Requests. It didn’t work.

This SSID is unauthenticated and wide open, per customer request. Now I’m testing unticking the box for Reject Authentication and changing the Accept Policy to Deny Access.

Is this the right move?
Is there a better option?

2 replies

Userlevel 6

If the SSID has MAC authentication enabled I would suggest using an accept policy for "Deny Access". Check the "Deny Access" role on the EWC to make sure that the role is configured to not allow any access.

Also, in 7.0 there is a script called "Wireless WLAN Scheduler" that can be used to schedule the enabling/disable of the SSID if you want to prevent access by disabling the SSID instead of providing a deny access accept policy through NAC.

Well, the NAC has been bought so I need to use it to Deny Access based on a schedule. The SSID is wide open, no authentication at all, per customer request. I'm not really concerned with hiding the SSID because it doesn't really do much for keeping people off the SSID at night.

Thanks for the ideas that will be greatly useful in another situation.