Wireless Access

I'm trying to set a time range on our "student" user role. Wifi is supposed to be off for students at 11:15 PM and on at 5:30 AM for students. Since we're a boarding school with resident faculty, I thought applying the time spec to the student user role was best. What I currently have is a Permit rule for the student role with a custom "student-time" time range of 5:30AM to 23:15PM daily.

It seems like this isn't working, students are able to stay online past the shutoff time.

I've got clearpass for authentication (against an AD RAIDUS server, where the role is set and passed to Clearpass) and a Conductor/controller environment managing the APs. The role policy is set at the hardware-controller level, so it will pass down to the controllers.

When I set an active "Deny" rule with the time set to start at 23:15 and end at 05:30 the next morning, it kicked all of the kids off of the network; so it appears that the time range is just being ignored?

Does anyone have any insight?

Thanks.

What exactly are you configuring to attempt this?

I'm trying to set a time range on our "student" user role. Wifi is supposed to be off for students at 11:15 PM and on at 5:30 AM for students. Since we're a boarding school with resident faculty, I thought applying the time spec to the student user role was best. What I currently have is a Permit rule for the student role with a custom "student-time" time range of 5:30AM to 23:15PM daily.

It seems like this isn't working, students are able to stay online past the shutoff time.

I've got clearpass for authentication (against an AD RAIDUS server, where the role is set and passed to Clearpass) and a Conductor/controller environment managing the APs. The role policy is set at the hardware-controller level, so it will pass down to the controllers.

When I set an active "Deny" rule with the time set to start at 23:15 and end at 05:30 the next morning, it kicked all of the kids off of the network; so it appears that the time range is just being ignored?

Does anyone have any insight?

Thanks.

I'm setting a policy on the Aruba Conductor for the student role:

What exactly are you configuring to attempt this?

I'm trying to set a time range on our "student" user role. Wifi is supposed to be off for students at 11:15 PM and on at 5:30 AM for students. Since we're a boarding school with resident faculty, I thought applying the time spec to the student user role was best. What I currently have is a Permit rule for the student role with a custom "student-time" time range of 5:30AM to 23:15PM daily.

It seems like this isn't working, students are able to stay online past the shutoff time.

I've got clearpass for authentication (against an AD RAIDUS server, where the role is set and passed to Clearpass) and a Conductor/controller environment managing the APs. The role policy is set at the hardware-controller level, so it will pass down to the controllers.

When I set an active "Deny" rule with the time set to start at 23:15 and end at 05:30 the next morning, it kicked all of the kids off of the network; so it appears that the time range is just being ignored?

Does anyone have any insight?

Thanks.

Is the any/any allow rule the only policy on the user role?

Generally we'd recommend you accomplish this using AAA policy, and since you have ClearPass that is a relatively easy thing to do.  Just set the session to expire at the desired time and make sure that authentications are only allowed during the time period.

I'm setting a policy on the Aruba Conductor for the student role:

What exactly are you configuring to attempt this?

I'm trying to set a time range on our "student" user role. Wifi is supposed to be off for students at 11:15 PM and on at 5:30 AM for students. Since we're a boarding school with resident faculty, I thought applying the time spec to the student user role was best. What I currently have is a Permit rule for the student role with a custom "student-time" time range of 5:30AM to 23:15PM daily.

It seems like this isn't working, students are able to stay online past the shutoff time.

I've got clearpass for authentication (against an AD RAIDUS server, where the role is set and passed to Clearpass) and a Conductor/controller environment managing the APs. The role policy is set at the hardware-controller level, so it will pass down to the controllers.

When I set an active "Deny" rule with the time set to start at 23:15 and end at 05:30 the next morning, it kicked all of the kids off of the network; so it appears that the time range is just being ignored?

Does anyone have any insight?

Thanks.