If you use the role mapping in clearpass you can allow the devices you would want on after hours with a role like "after-hours-capable". The other devices can get a default role mapping of something like "not-after-hours-capable".
Then in your enforcement profile, set a condition where it says something along the lines of "if the device is not-after-hours-capable, AND the current time is between 5pm-6am, deny access".
For the allow devices something like "if the device is after-hours-capable, AND the current time is between 5pm-6am, allow access
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
------------------------------
Original Message:
Sent: Sep 30, 2024 05:21 AM
From: arobson94
Subject: Device Timed Access
Hi,
I have a query from a site we have an instant 505 cluster using the virtual controller setup. I have been asked if there's a possibility of blocking access per device. I know there is time access which will disable the whole SSID on set time/date parameters but this won't do as they still want other devices connected to the SSID to work.
The authentication is clearpass for this network as it is guest. Maybe an enforcement policy could work here if anyone has any experience as it doesn't look like the virtual controller can do this.
Thanks in advance!