Community discussions

just joined
Topic Author
Posts: 13
Joined: Sat Dec 08, 2018 10:11 am

Access control via whitelist with time restrictions

Sat Dec 08, 2018 10:16 am


Sorry if this has been asked before, I did search before posting.

I want to create a setup on my network where:

1. Anyone who connects doesn't have access to anything, either via WiFi or directly via cable.

2. I have to manually approve them, putting them either in a list that has full access, or a list that has access only during specific hours of the day (like 10AM-20PM).

I am aware that this can be easily done via the firewall, likely putting a "block all" rule on top and then whitelisting people manually moving them above that rule. But this will likely lead to tens or hundreds of firewall rules eventually, and it could become hard to manage.

Could this be done more cleanly, like with vlans ? For example a default vlan that has no access to anything, a time restricted vlan and a full access vlan ? How do I do this ?

Thank you
User avatar
Forum Guru
Forum Guru
Posts: 1430
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Access control via whitelist with time restrictions

Sat Dec 08, 2018 4:00 pm


A lot of options:
* vlans as you mentioned: could be a nice solution for wireless only. Have different ssid-vlan configurations. For wired, would be more difficult as it would require reconfiguring access port, or have all ports trunk and require client to select vlan (but how secure would that be?)
* address-lists: mac based lists that would filter access to given subnet. based on that control access.
* hotspot: require users to authenticate, and apply policies where needed
* 802.1X
Member Candidate
Member Candidate
Posts: 133
Joined: Thu Sep 27, 2018 4:11 pm

Re: Access control via whitelist with time restrictions

Tue Dec 11, 2018 1:59 pm

Also for those who don't know anything a simple way is KID CONTROL (web fig -> IP -> kid control) which uses firewall rules.
Allows to assign users (with specific access time) as well as devices per user allowed to use etc.
(this assumes the device/user can actually connect to your router via Wifi/Ethernet already).

hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!

Who is online

Users browsing this forum: No registered users and 25 guests