Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

How to restrict or limit Enterprise WLAN Access with time schedules?

Hi! Can anyone help to share the info for below?

Question: How to restrict or limit Enterprise WLAN Access with schedules??
We have Cisco WLC, ISE, Prime and MSE. Is there anyway to provide the WLAN access during office hour only for the remote branch network.
We are using the same SSID with the same IP range, 802.1X and EAP-TLS with external AD & CA server.

So far I only know below things;
- can schedule a reboot of the controller and access points, either after a specified amount of time or at a specific date and time.
- The Lobby Ambassador Guest Management > Guest Users List > Lifetime
- schedule backup and download schedule
- config template for WLC can deploy with schedule from Prime

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

There are several methods to

There are several methods to do this and this will depend entirely on how complex your network is.  

 

1.  Easiest method is to configure PI to enable/disable the SSID. 

2.  Time-based ACL will allow you to enable/disable the dynamic VLAN interface.  The ACL is applied where the default-gateway of the WLC dynamic VLAN interface is found. 

3.  EnergyWise can schedule when the AP can be powered off and on.

6 REPLIES
VIP Purple

Hi,Cisco prime can do this

Hi,

Cisco prime can do this task easily.

 

Check this post:

https://supportforums.cisco.com/document/58081/managing-wireless-lan-status-schedules-automatic-enabledisable-feature

 

Regards

Dont forget to rate helpful posts

Community Member

Thanks Leo. Thanks Sandeep

Thanks Leo. Thanks Sandeep.

But the problem is there is only one SSID and we can't enable/disable and can't apply ACL on it.

Is is possible to schedule based on the AP Group?

Hall of Fame Super Silver

You can set time-based ACL in

You can set time-based ACL in radius, since you are using 802.1x and ISE.  Most radius servers have this setting already, its when you are doing psk, that you would not be able to use a radius time based acl.... even for guest you can set that on radius if the credentials are looked up by radius.

Scott

-Scott
*** Please rate helpful posts ***
Community Member

Thanks Scott.What we want to

Thanks Scott.

What we want to achieve is not to allow WLAN access for any users at some remote location after office hour. If these users are at central site after office hour, they still should have access.

Again all Cisco LWAPs are connecting to PoE enabled SRX firewalls and not possible to use EnergyWise schedule.

Hall of Fame Super Blue

There are several methods to

There are several methods to do this and this will depend entirely on how complex your network is.  

 

1.  Easiest method is to configure PI to enable/disable the SSID. 

2.  Time-based ACL will allow you to enable/disable the dynamic VLAN interface.  The ACL is applied where the default-gateway of the WLC dynamic VLAN interface is found. 

3.  EnergyWise can schedule when the AP can be powered off and on.

Community Member

Thanks, we can use time based

Thanks, we can use time based ACL but my client may choose EnergyWise by removing all SRX firewalls (with PoE enable).

Time based ACL schedule job on Prime >> ACL on particular dynamic interface of WLC

1033
Views
0
Helpful
6
Replies
CreatePlease to create content