Remotely switch off a group of access points?

// Expert user has replied.
A Andrew Michael Robinson 3 years 6 months ago
2 3 0

Hi, I have a customer who wishes to install access points (AP5181) may go with AP300 and a switch at remote sites. A maintenance crew will turn up at the site every month for a day and the customer wants them call the operations centre and have them switch on the access points at the site and then when they leave the crew call operations centre again and the access points are switched off. They don't want the AP's on when their is no one at the site. Has anyone experienced this before? Can it be done remotely? "If" they go with a switch at each site the maintenance crew could switch it on and then call ops to shut it down remotely. Any suggestions  / advice greatly appreaciated. Andy

Please Register or Login to post a reply

3 Replies

M Mark Mann

Hi Andy, This sounds like a Grip as this would be a cool feature to have where you can set the date/time of access to the WLAN.  My only thought at the moment is that you have Operations just disable all WLANs and when the site needs access they must call Operations and they must enable the WLAN/Index for user access. Cheers, Mark

K Kevin Marshall

There are a few ways I can see this being done: 1) Disable PoE on the Ethernet switch supplying power to the APs. This could be done manually, with an expect script or via SNMP. 2) Leverage groups and policies supported today on the RF Switch. When no users are going to be at the site, simply disable access at the group level by modifing the Start / End access policies or Day of Week policies. The ESSIDs would still be advetised, but no access would be permitted. 3) If centralised RADIUS is used for authentication, you could craft a policy on the RADIUS server which permits or denies access based on match conditions recieved in the RADIUS access request. For example the RF Switch will forward specific information beyond credentials such as such as ESSID or Radio number etc which RADIUS can filter on. If users attempt to access the site the policy would be matched and the RADIUS server could grant or deny access depending on the flag in the policy. 4) The role based firewall (WiNG 4.1) could be used to apply specific firewall rules based on Location, ESSID, Group, MAC which cou;d drop all traffic. It wouldn't disable association or authentication, but it could be configured to deny all traffic. Regards, Kevin

K Kevin Marshall

One other thought, you could also leverage varible configuration templates in RFMS to simply disable the radios? You could create two variable templates where one enables the radios and one disables the radios and apply each template depending on if access is required or not. Regards, Kevin

CONTACT
Can’t find what you’re looking for?