George Persian Logout

02-Time-Based Access Control

Download Book

Time-Based Access Control

To view this video, click the download link.

 

Software Version Used

This video was recorded based on the following versions:

l          iMC: iMC PLAT 3.20-E2403, iMC UAM 3.20-E0402

l          iNode: iNode 2.40-C0341

Web interfaces of different versions may vary.

 

Application Scenario

A network administrator may wish to restrict users to access the network during a specific time period. iMC allows for configuring time period policies to implement time-based access control.

 

Recommended Configuration Flow

 

Step1   Add Access Device.

Add an access device that supports 802.1X and AAA to the iMC system, so that the access device can cooperate with the iMC system to deliver 802.1X and AAA features.

Step2   Add Access Period Policy

Add an access period policy. Users can access the network during only the time period permitted by the policy.

Step3   Add Service

A service is a set of policies for user authentication and authorization.

The service configured in this step includes the access period policy that is added at Step 2. Users using this service will be restricted by the period policy.

Step4   Add Account

Each user accessing the network must have an account configured in the iMC. It contains such information as account name and password.

This step shows how to add an account and apply for the service configured at Step 3.

Step5   Configure Access Device

An access device is used to controls access of users. It allows authenticated users and denies unauthorized users.

In this step, a RADIUS scheme, an ISP domain and the 802.1X feature are configured on the device.

Step6   Verify Configuration

iNode refers to an authentication client installed on the terminal users' PCs to work with iMC.

This step will show:

1)        A user passes authentication during the period permitted by the policy and successfully accesses the network.

2)        The user fails to pass the authentication at a time point beyond the permitted time period and thus, and cannot access the network.