Time of Day Access for Guest SSID on a Cisco WLC

II have been trying to solve a problem for a customer, they want their guest WiFi SSID to block traffic based on the time of day.   Typically the easiest way to do this is to setup a Time-of-day and attach it to the access control list on the vlan attached to the SSID. The issue was the network equipment attached to the WLC was an old Cisco 4500 that did not support time-of-day.

So to setup Time of Day access on the WLC you need to ensure the WLC is 7.6 or later.

• Create an Access Control List (ACL): Go to Security > Access Control Lists > Access Control Lists.  Create an Allow ACL and a Deny ACL:

• Create a Local Policy: Security > Local Policies:

Create an allow policy and attach it to the Allow ACL created above. On the Allow policy add the Active hours needed for the time of day.

• Create another policy for the Deny ACL and times.
• The last step is attaching the policies in the proper order to the SSID you want to block. This is done on the WLAN tab. Pick the WLAN that you want to modify and go to the Policy-Mapping tab. Add the policies you created in order, the allow policy should be the priority 1 policy and the deny policy should be the priority 2 policy.
• Test and validate that access is both allowed and blocked as needed.

Jason Howe, PEI