Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Association time limit

Is it possible to limit the association time for one user/mac address over a 24 hour period? Client has a hot-spot and wants to make sure it is not abused.

Current system:

wlc 4402, 5.2.193.0

Thanks in advance for the help.

4 REPLIES

Re: Association time limit

Configure a guest SSID and guest users. Once you dont want to give them access, remove the guest user from the WLC.

If you have a WCS, it will do that automatically for you.

New Member

Re: Association time limit

Thanks for the reply.

These users are not 'guest' users. This ssid / vlan is used for a wireless hotspot. Users do not have to register but they would like to limit them to 3 hours or wifi.

New Member

Association time limit

hi,  ressurecting an old un-answered post here as this is exactly the feature I'm looking for.

The ability to limit assoc time per client on an un-authenticated public service.

Is it possible on the WLC? Or is it in Guest NAC or something else?

Thanks in advance for any pointers.

New Member

Re: Association time limit

OK,  a bright colleague has this idea.

Configure L2 Security MAC Filtering via RADIUS

The RADIUS server keeps a simple table of unique macaddr requests for the day. For each request:

if macaddr not found

    insert macaddr

    send radius accept with attribute 27 session-timeout set to x seconds

else

    send radius reject

fi

;

at midnight clear the table ready for the next day

I need to work it through.

Hopefully I can combine the L3 passthru page to force a branded Acceptable Use Policy. Also would be nice to gracefully disassociate when the session timer expires. Need to look into session logout page -  I'm not that confident that a graceful/polite exit will be possible but will see whats there. Would also be nice if the auth reject could somehow be made informative with a polite message saying the meter has run out.

Anyone have any ideas to add, I'd be most grateful for the post.

Thanks, Graeme

EDIT:  I wonder if RADIUS Attribute 18 Reply-Message "Text that the user will see" can be used to send back informative reject reasons. Then again the client is on an open network and anyway it probably depends heavily on the functionality of the client wifi driver/stack.

"Edited to try and fix whacky text formatting"

320
Views
0
Helpful
4
Replies
CreatePlease login to create content