Hi,
I use, like lot of person, capsman to purpose wireless networks.
For security reasons I’m asked to stop them at closed hours. And the policy is different for each ssid.
I planned to create scripts, scheduled and run on capsman to disable or enable the wifi config.
Is it a good idea? Is it the best way?
Maybe a feature request?
I think the only working approach is to use “create-enabled” instead of “create-dynamic” provisioning rules. Then use scheduler on each device to toggle wifi interfaces.
Maybe it is also possible to use the scheduler on caps an device to enable/disable specific caps an provisioning rules and then call provision for specific radios explicitly.
Please let us know how your final solution worked. IIRC there is already another topic on this question here on the forum but without a clear resolution.
Not sure (haven’t tried it), but it sounds like something you should be able to do with VLAN’s, simple queues and scheduler. But it depends on your use case. What policies should be in place?
Hi,
The goal is simple : totally shutdown wireless AND wired network access when not working hours ; with a easier way to enable/disable wireless AND wired “parts” when needed.
For the wired, it’s easier , i shut the access port on distribution switches (not mikoritk here).
But wireless is managed in capsman, an old 4011 doing this job only and AP are brand new CAPax.
I’ve a similar setup in an other sites running cisco from floor to ceiling and have this function (not used).
At this time, i’m working on the wireless case to find the better way to do that and no solution is defined.
I loved to have, in remote-ap a option to “un-provision”… like the “provision” exist.
How I see it:
You should be able to enable or disable a provisioning rule ( or switch rules).
As long as there is no " catch all" rule active, radios should become silent when there is no provisioning rule active.
But I think enabling/disabling the cap interface on controller might be easier and more clean if you have multiple ssid on the same radio ( provision rule needs to change then and it will result in disconnects).
Name your interfaces something.
Make a script that disables them. Another to enable them. Then a scheduler to match.
I used to get fancy and use a between type of language… Where it would check the status of the interface against a time range. This was in case someone rebooted the system.
Then I decided to run that check 5 minutes after boot. Let me cut out a bunch of schedules.
Haven’t looked at that in maybe 10 years.
Edit
Example of how I turn off the SSIDs on the caps Downstairs
[admin@MikroTik] > /interface set [find name~"Downstairs"] disabled=yes
[admin@MikroTik] > /interface set [find name~"Downstairs"] disabled=no
That was using create enable. Otherwise I can’t name interfaces for identification and so scripts can find them.