cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Scheduled access to LAN and WiFI Resources for various users.

Highlighted
Comes here often

Scheduled access to LAN and WiFI Resources for various users.

Hi everyone.  I need to enable scheduled access to both Wired and Wireless resources during a specific time.  The complication is that different users have different schedule of access. 

 

For example. 

 VLAN 2 - most users are allowed access Mon - Fri 9am - 5pm.  However a subset of users need access Mon - Fri 9am - 11:45pm on the same VLAN and possibly a third set of users 24/7.  

 

Ideally I would like to use internal Meraki users and be able to sign in via a splash page and based upon the schedule that is associated with that user (group of users) they are granted the appropriate access. 

 

Can anyone suggest a possible solution?  I would also entertain a cloud radius server that they could authenticate against but the server would have to be able to take a login-time attribute to calculate the session-timeout to be passed.  The other issue with this is that once the session does time out, i.e. at 5pm, users want to be able to simply join the network the next morning at 9am and not have to re-authenticate (some type of Mac based authentication once they have authenticated once.)

 

Thank you! 

 

7 REPLIES 7
Highlighted
Comes here often

Re: Scheduled access to LAN and WiFI Resources for various users.

Or is there a way to set a group policy by user that is logged in.  For example a user logs into a wifi network and based upon user name a group policy is defined with a schedule.  A user logs into a wired computer and a group policy is defined directing to a vlan etc based upon the user. 

Highlighted
Kind of a big deal

Re: Scheduled access to LAN and WiFI Resources for various users.

Highlighted
Comes here often

Re: Scheduled access to LAN and WiFI Resources for various users.

Thank you @CptnCrnch Unfortunately they don't have an AD but would jumpcloud work for this? Or another cloud LDAP or AD service? What would you recommend? 

Highlighted
Kind of a big deal

Re: Scheduled access to LAN and WiFI Resources for various users.

All traffic would have to flow through an MX.  The VLAN(s) the users are on will need to be configured to do splash page authentication.  You will need to use group policy with a schedule in it to change the firewall rules.

 

Now you need something that can authenticate the users and apply a specific group policy.  I believe Splash Access has something that can do this:

https://www.splashaccess.com/ 

 

I don't know if Jump Cloud can assign group policy based on users, but you would check them out as well:

https://jumpcloud.com/ 

 

 

Highlighted
Comes here often

Re: Scheduled access to LAN and WiFI Resources for various users.

Thanks @PhilipDAth.. I would love to use jumpcloud, but it appears that they can only apply a group policy through the filter-id on wifi.  On the MX when configuring radius, I don't have an option for group policy through the filter-id attribute.  Does anyone know if this will work? 

 

 I have been in touch with spashaccess and although they advertise something similar to this, they are saying it is a bespoke solution. Still waiting to hear back to see if they can for sure do this.  

 

 

Highlighted
Kind of a big deal

Re: Scheduled access to LAN and WiFI Resources for various users.

>On the MX when configuring radius, I don't have an option for group policy through the filter-id attribute. 

 

That is wrong.  It will work.

 

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Configuring_RADIUS_A... 

Highlighted
Comes here often

Re: Scheduled access to LAN and WiFI Resources for various users.

Yes, that is for MR (Access Points) but doesn't apply to MX Access Control at the Security Appliance level.  As far as I can tell and have tried.  

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.