Sorry if this has been asked before, I did search before posting.
I want to create a setup on my network where:
1. Anyone who connects doesn't have access to anything, either via WiFi or directly via cable.
2. I have to manually approve them, putting them either in a list that has full access, or a list that has access only during specific hours of the day (like 10AM-20PM).
I am aware that this can be easily done via the firewall, likely putting a "block all" rule on top and then whitelisting people manually moving them above that rule. But this will likely lead to tens or hundreds of firewall rules eventually, and it could become hard to manage.
Could this be done more cleanly, like with vlans ? For example a default vlan that has no access to anything, a time restricted vlan and a full access vlan ? How do I do this ?