Hello,

Sorry if this has been asked before, I did search before posting.

I want to create a setup on my network where:

1. Anyone who connects doesn't have access to anything, either via WiFi or directly via cable.

2. I have to manually approve them, putting them either in a list that has full access, or a list that has access only during specific hours of the day (like 10AM-20PM).

I am aware that this can be easily done via the firewall, likely putting a "block all" rule on top and then whitelisting people manually moving them above that rule. But this will likely lead to tens or hundreds of firewall rules eventually, and it could become hard to manage.

Could this be done more cleanly, like with vlans ? For example a default vlan that has no access to anything, a time restricted vlan and a full access vlan ? How do I do this ?

Thank you

Hello

A lot of options:
* vlans as you mentioned: could be a nice solution for wireless only. Have different ssid-vlan configurations. For wired, would be more difficult as it would require reconfiguring access port, or have all ports trunk and require client to select vlan (but how secure would that be?)
* address-lists: mac based lists that would filter access to given subnet. based on that control access.
* hotspot: require users to authenticate, and apply policies where needed
* 802.1X

Also for those who don't know anything a simple way is KID CONTROL (web fig -> IP -> kid control) which uses firewall rules.
Allows to assign users (with specific access time) as well as devices per user allowed to use etc.
(this assumes the device/user can actually connect to your router via Wifi/Ethernet already).