04-17-2009 03:29 AM - edited 03-09-2019 10:13 PM
Hi,
Is there a way in order to enforce the authentication (telnet, shh) on switches and/or routers local or via RADIUS only on business hours?
Thank you.
Best regards.
Massimiliano.
04-17-2009 05:31 AM
What RADIUS are you using?
You can edit the Profile, if using MS IAS and edit the option 'Allow access only on these days and at these times'
HTH
Steve
04-20-2009 12:45 AM
Hi,
I'm using FreeRADIUS...
Thank you.
Best regards.
Massimiliano.
04-20-2009 04:02 AM
Hi,
I've resolved.
In FreeRADIUS the attribute is "Login-Time"...
For examople in order to permit the login to one user only on interval range 8:00-24:00 on all days of the week we use Login-Time:='Al800-2400'
Best regards.
Massimiliano.
04-17-2009 05:34 AM
In theory, you should be able to create an access list that's time based and then apply it to your line.
router(config)# time-range TEST
router(config-time-range)# periodic weekdays 08:00 to 17:00
router(config-time-range)# ip access-list ext ALLOWEDTELNET
router(config-ext-nacl)# permit tcp any any eq 23 time-range TEST
router(config-ext-nacl)# line vty 0 4
router(config-line)# access-class ALLOWEDTELNET
I've never tried this, but it should work.
HTH,
John
04-17-2009 05:37 AM
John,
A very useful post!
Thanks
Steve
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: