I'm pleased that my first crack at radius setup and authorisation is working well between Windows Active Directory and my Cambium AP's.
However, I can't seem to get "time of day" working well. What I am looking for is to drop clients when they are on the network outside hours.
This currently works okay if they try to authenticate outside hours, but if they've already authenticated access continues to times outside hours.
I've tried using "Sync Accounting" and have set the accounting mode to "Start-Interim-Stop" and the interim upadte interval to 60 seconds.
Any tips for a solution ?
There is a scheduled access configuration under WLAN where you can define the working hours of that WLAN. During the enabled hours the WLAN will be enabled and clients can connect. If you ar trying to selectively do this for specific clients then better would be to send a session time from RADIUS server which ends by the time working hours finishes. "Sync Accounting" configuration is used for supporting same accounting session for roaming clients and is specially usefull for guest access clients and if you are fine with having new accounting session for a roamed client then you can disable this configuration.
After writing the question I knew I should have clarified the schduled times. I need to do this selectively for individual users.
Send a session time? Do you mean a Session Timeout ? I thought of that, but I didn't want to have WiFi connections dropped repeatedly.
Thanks for explaining the Sync Accounting function.
your first issue which you had mentioned was that client continue to have access beyond working hours and for that session-timeout is a good solution. But later to that your RADIUS server has to reject authentication for the clients which are trying to get access beyond working hours. There is no way on the AP where you can kind of simily drop these clients which are trying to access beyond their supported working hours. Does all these specific clients share the same working hours or each can have a different working hours? Just wanted to understand the use case here. Can you use two different WLAN's one for these specific clients which is enabled with scheduled access.