Omada Contoller Client based Time Range Profiles
It would be great to be able to assign time range profiles to individual clients, currently time profiles need to be assigned to WLAN's or ports. This means for each client individual WLAN must be created.
example of application is parental controls of kids, have a fourteen year old teenage girl and seven year old boy, the boys bed time is 8pm while the girl's is 9.30pm, so I created a separate kids Wi-Fi WLAN with time profile on for 7am to 9.30pm. However the boy can still be on iPad in bed.
if we were able to create client based time profiles the boys devices could be disconnected at 8pm and girls at 9.30pm and we would only need to have one main WLAN and second Quest WLAN.
furthermore would not have to assign time profiles to ports which means no issues to cables are swapped, the time profile would follow the client.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @mstamp,
The switch ACL can be set based on the Time Range, and the MAC address is the identification of each client device, you may choose the MAC Group when you set the Switch ACL. Like the below image:
- Copy Link
- Report Inappropriate Content
@Hank21 , thank you
I have created an ACL and will test it tonight.
Unfortunately, you can only use a time range for when the ACL rule is "ENABLED" and can only have a time range per day if using custom for individual days.
Hence I need to create two rules, first a permit rule using the time range, then a deny rule below it with no time range.
I created the MAC group with all kid's devices as the source and used the default IPGroup_Any to block all destinations.
It would be good to have the option to disable the ACL during the time range, so we would only need to create a single ACL.
Also, noticed that my kids devices were still connected to Wifi SSID last night after time range turned of the SSID Radio. I used the reconnect button through clients page to disconnect them. Appears current connections to SSID are not disconnected when the time range expires and SSID is turned off. I confirmed the SSID was of with my Phone before which it was, yet kids were still connected.
- Copy Link
- Report Inappropriate Content
Confirm after testing using ACL with time range, I was able to create rules to block kids devices at night
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Sergiow57, you need to add two ACL rules, first a deny for Mac group with no time range, then above it add a permit for Mac group with the time range applied.
this is required as ACL rules with time ranges are only active during the time range.
For my two kids, I created individual Mac groups and time ranges for each kid, I have one deny rule with both Mac groups allowing active and two permit rules with the time ranges.
This works great and means I no longer need a separate wifi SSID for the kids as I can manage it through the switches using ACL.
hope this helps
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Create a group with all devices using MAC Address. (Note if using Apple devices you need to turn "Private Wi-Fi Address" off in wifi settings or MAC address will change
.
Create time profile for when you want devices to be able to access network.
First create the "Deny" policy for group.
Then create the "Permit" policy for the group and time policy.
Finally, ensure that the permit policy is above the deny policy.
This has worked well for me, however, I've find sometimes devices are not blocked when permit policy should have turned off. either reboot devices or disable/enable the ACL rules has worked. you will also may need to create group/time range/ACL per child or person based on your requirements, for me as my kids are 8 and 15, I had to make 2.
good luck
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 898
Replies: 8