ACS - Cannot get Time-of-Day Access Settings to work

dodsonrs · ‎10-18-2005

I have set up ACS to control access to my local LAN users who connect to the network via c2950 switches.

I have configured the default Time-of-day setting to stop local LAN users logging in before 7am, I have followed the instructions in Cisco documentation but it still fails to deny access before this time. Can this be achieved or am I doing something wrong?

Thanks

andrewclymer · ‎10-18-2005

Yep, certainly is possible and should work. Although its a feature that is not used that often.

A couple of questions

1) Where are you defining it, at the group or user ?

2) Can you supply a tiny screen shot of the configuration.

dodsonrs · ‎10-19-2005

TOD settings are configured at Group Level (Screen show attached)

andrewclymer · ‎10-19-2005

The time config looks good,

1) You are absolutly sure the users who are logging in are in this group

2) The server is running in the same time zone as the switch

3) Are you using RADIUS or T+

dodsonrs · ‎10-19-2005

1) User is a member of Basic User Group

2) Server is set to GMT and switch is locally set to GMT timezone with matching time.

3) I'm using Tacacs+

Many thanks Rob

andrewclymer · ‎10-19-2005

Ive tried to reproduce this on 3.3 and I can't.

Try disabling all hours, ( Clear All button ), If that does manage to stop access then it certainly looks like a timezone issue.

If the previous test does cause users to be denied accsss?

Reset the Time restriction to what you want and

Enable Passed Authentication log via System Configuration Logging

Then to an authentication prior to 07:00 and check the time stamp in the passed authentication log.