Scheduled access to LAN and WiFI Resources for various users.

NateM1
Conversationalist

Scheduled access to LAN and WiFI Resources for various users.

Hi everyone.  I need to enable scheduled access to both Wired and Wireless resources during a specific time.  The complication is that different users have different schedule of access. 

 

For example. 

 VLAN 2 - most users are allowed access Mon - Fri 9am - 5pm.  However a subset of users need access Mon - Fri 9am - 11:45pm on the same VLAN and possibly a third set of users 24/7.  

 

Ideally I would like to use internal Meraki users and be able to sign in via a splash page and based upon the schedule that is associated with that user (group of users) they are granted the appropriate access. 

 

Can anyone suggest a possible solution?  I would also entertain a cloud radius server that they could authenticate against but the server would have to be able to take a login-time attribute to calculate the session-timeout to be passed.  The other issue with this is that once the session does time out, i.e. at 5pm, users want to be able to simply join the network the next morning at 9am and not have to re-authenticate (some type of Mac based authentication once they have authenticated once.)

 

Thank you! 

 

7 Replies 7
NateM1
Conversationalist

Or is there a way to set a group policy by user that is logged in.  For example a user logs into a wifi network and based upon user name a group policy is defined with a schedule.  A user logs into a wired computer and a group policy is defined directing to a vlan etc based upon the user. 

CptnCrnch
Kind of a big deal
Kind of a big deal
NateM1
Conversationalist

Thank you @CptnCrnch Unfortunately they don't have an AD but would jumpcloud work for this? Or another cloud LDAP or AD service? What would you recommend? 

PhilipDAth
Kind of a big deal
Kind of a big deal

All traffic would have to flow through an MX.  The VLAN(s) the users are on will need to be configured to do splash page authentication.  You will need to use group policy with a schedule in it to change the firewall rules.

 

Now you need something that can authenticate the users and apply a specific group policy.  I believe Splash Access has something that can do this:

https://www.splashaccess.com/ 

 

I don't know if Jump Cloud can assign group policy based on users, but you would check them out as well:

https://jumpcloud.com/ 

 

 

NateM1
Conversationalist

Thanks @PhilipDAth.. I would love to use jumpcloud, but it appears that they can only apply a group policy through the filter-id on wifi.  On the MX when configuring radius, I don't have an option for group policy through the filter-id attribute.  Does anyone know if this will work? 

 

 I have been in touch with spashaccess and although they advertise something similar to this, they are saying it is a bespoke solution. Still waiting to hear back to see if they can for sure do this.  

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

>On the MX when configuring radius, I don't have an option for group policy through the filter-id attribute. 

 

That is wrong.  It will work.

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Configuring_RADIUS_A... 

NateM1
Conversationalist

Yes, that is for MR (Access Points) but doesn't apply to MX Access Control at the Security Appliance level.  As far as I can tell and have tried.  

Get notified when there are additional replies to this discussion.