After doing some research I have gotten it working and here's how to pull this off. Pretty simple really. Make sure before you do this that the time on the APs is set correctly. I have the two I configured in this example setup to use NTP to pool.ntp.org and verified the time is set correctly.
1. Create a time range:
time-range BusinessHours
periodic weekdays 6:00 to 23:00
2. Create an ACL
ip access-list extended 101
permit ip any any time-range BusinessHours
3. Apply the ACL to the appropriate interface
interface Dot11Radio0.1 (.1 is the only VLAN configured on these APs on interface 0)
ip access-group 101 out
end
4. Check the work
show time-range BusinessHours
show access-list 101 (this is how it determines the toggle between active and inactive)
show running-config (verify the ACL is applied to the correct interface)
One thing to make sure of is that you do no apply this config to the Ethernet interface on the AP because then you will lose internal communication from the LAN as well. By applying it to the Radio interface this only stops traffic coming in via the wireless Radio.
Hope this helps with security on your network OR if you happen to use these at home and have teenagers that don't want to obey bedtime for school. Works for both.
Good luck.
No comments:
Post a Comment