Aironet AP - Trouble with time-based ACL

Unanswered Question
Jun 26th, 2008
User Badges:

Hi, I am trying to set up a time-range ACL on my Aironet 1130AG Access Point so that users can only access the network during a certain time.


The following ACL is applied inbound on dot11radio0:


Extended IP access list 101

10 permit ip host 10.10.10.89 any

20 deny ip any any time-range NOWIRELESS (inactive)



The problem is that users are not able to connect to the network no matter what time it is with this ACL in place. When I take off the ACL it works fine. I would think access would only be blocked during the time period I have defined in NOWIRELESS.


The clock is currently:


18:04:32.366 UTC Thu Jun 26 2008


And the NOWIRELESS is:


time-range NOWIRELESS

periodic daily 16:44 to 17:00


But users are not able to connect to the wireless network no matter what time it is, with the above ACL in place. I thought this was the correct configuration to block users only during the time period above.


Not sure what the problem is here and was wondering if someone could help me out.


Thanks a ton.


Regards,

-c0ldshadow

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rob Huffman Thu, 06/26/2008 - 15:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Coldshadow,


At first glance (I am not an expert with these :) I would think that the users would only be able to connect during this 16 minute period (16:44 to 17:00) Just curious if this is when you tried?


Access Point ACL Filter Configuration Example


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058ed26.shtml


Hope this helps!

Rob


c0ldshadow Thu, 06/26/2008 - 16:45
User Badges:

Hi Rob,


Thanks for pointing me to that link. I looked at the examples for time-based ACLs but I am a bit confused still.


Shouldn't my access list be blocking everything except one host from 16:44 to 17:00? That is what I am trying to accomplish.


Please let me know if you have any idea how I can correct this.


Thanks for your help, Rob.


Regards,

-c0ldshadow


c0ldshadow Fri, 06/27/2008 - 05:53
User Badges:

I got it fixed by making the ACL permit during a time-range rather than denying during a time-range.


Thanks for your help, Rob!


-c0ldshadow

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode