Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS - Cannot get Time-of-Day Access Settings to work

I have set up ACS to control access to my local LAN users who connect to the network via c2950 switches.

I have configured the default Time-of-day setting to stop local LAN users logging in before 7am, I have followed the instructions in Cisco documentation but it still fails to deny access before this time. Can this be achieved or am I doing something wrong?

Thanks

5 REPLIES
New Member

Re: ACS - Cannot get Time-of-Day Access Settings to work

Yep, certainly is possible and should work. Although its a feature that is not used that often.

A couple of questions

1) Where are you defining it, at the group or user ?

2) Can you supply a tiny screen shot of the configuration.

New Member

Re: ACS - Cannot get Time-of-Day Access Settings to work

TOD settings are configured at Group Level (Screen show attached)

New Member

Re: ACS - Cannot get Time-of-Day Access Settings to work

The time config looks good,

1) You are absolutly sure the users who are logging in are in this group

2) The server is running in the same time zone as the switch

3) Are you using RADIUS or T+

New Member

Re: ACS - Cannot get Time-of-Day Access Settings to work

1) User is a member of Basic User Group

2) Server is set to GMT and switch is locally set to GMT timezone with matching time.

3) I'm using Tacacs+

Many thanks Rob

New Member

Re: ACS - Cannot get Time-of-Day Access Settings to work

Ive tried to reproduce this on 3.3 and I can't.

Try disabling all hours, ( Clear All button ), If that does manage to stop access then it certainly looks like a timezone issue.

If the previous test does cause users to be denied accsss?

Reset the Time restriction to what you want and

Enable Passed Authentication log via System Configuration Logging

Then to an authentication prior to 07:00 and check the time stamp in the passed authentication log.

125
Views
0
Helpful
5
Replies
CreatePlease login to create content