10-18-2005 07:35 AM - edited 03-10-2019 02:20 PM
I have set up ACS to control access to my local LAN users who connect to the network via c2950 switches.
I have configured the default Time-of-day setting to stop local LAN users logging in before 7am, I have followed the instructions in Cisco documentation but it still fails to deny access before this time. Can this be achieved or am I doing something wrong?
Thanks
10-18-2005 09:58 AM
Yep, certainly is possible and should work. Although its a feature that is not used that often.
A couple of questions
1) Where are you defining it, at the group or user ?
2) Can you supply a tiny screen shot of the configuration.
10-19-2005 01:07 AM
10-19-2005 02:11 AM
The time config looks good,
1) You are absolutly sure the users who are logging in are in this group
2) The server is running in the same time zone as the switch
3) Are you using RADIUS or T+
10-19-2005 03:42 AM
1) User is a member of Basic User Group
2) Server is set to GMT and switch is locally set to GMT timezone with matching time.
3) I'm using Tacacs+
Many thanks Rob
10-19-2005 05:18 AM
Ive tried to reproduce this on 3.3 and I can't.
Try disabling all hours, ( Clear All button ), If that does manage to stop access then it certainly looks like a timezone issue.
If the previous test does cause users to be denied accsss?
Reset the Time restriction to what you want and
Enable Passed Authentication log via System Configuration Logging
Then to an authentication prior to 07:00 and check the time stamp in the passed authentication log.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide