About Me
MikroTik Certified User Management Engineer (MTCUME)
1 Introduction to MikroTik
1-1 Overview of MikroTik products
1-2 MikroTik RouterOS basics
1-3 MikroTik hardware overview
1-4 MikroTik software overview
2 User Management Fundamentals
2-1 Understanding user roles and permissions
2-2 Creating and managing users
2-3 User groups and their usage
2-4 Password policies and security
3 Advanced User Management
3-1 Implementing role-based access control (RBAC)
3-2 Customizing user profiles
3-3 User authentication methods
3-4 Integrating external authentication sources
4 User Access Control
4-1 Configuring access lists (ACLs)
4-2 Managing user access to resources
4-3 Time-based access control
4-4 Monitoring and logging user activities
5 User Management in Network Services
5-1 User management in DHCP
5-2 User management in VPN
5-3 User management in firewall
5-4 User management in hotspot
6 User Management in Cloud
6-1 Introduction to MikroTik Cloud
6-2 Managing users in MikroTik Cloud
6-3 Integrating Cloud services with user management
6-4 Security considerations in Cloud user management
7 Troubleshooting User Management
7-1 Common user management issues
7-2 Debugging user authentication problems
7-3 Resolving access control issues
7-4 Performance optimization in user management
8 Best Practices and Compliance
8-1 Best practices in user management
8-2 Compliance with industry standards
8-3 Auditing user management configurations
8-4 Continuous improvement in user management
Time-based Access Control

Time-based Access Control

Time-based access control in MikroTik RouterOS allows administrators to restrict user access to network resources based on specific time periods. This feature is particularly useful for managing access during business hours, after-hours, or for scheduled maintenance periods. This webpage will delve into the key concepts of time-based access control, providing detailed explanations and practical examples.

Key Concepts

1. Time Schedules

Time schedules define the specific periods during which access is allowed or denied. These schedules can be set to repeat daily, weekly, or on specific dates. Time schedules are the foundation of time-based access control, allowing administrators to create flexible and precise access rules.

Imagine a school where students have access to the library only during certain hours. Just as the library has specific opening and closing times, time schedules in MikroTik RouterOS define when users can access network resources.

2. User Profiles

User profiles in MikroTik RouterOS are collections of settings and permissions that can be applied to individual users or groups. Time-based access control can be integrated into user profiles, allowing administrators to enforce time restrictions for specific users or groups.

Consider a company where employees have different access levels based on their roles. Just as each employee has a specific job description, user profiles in MikroTik RouterOS can be tailored to include time-based access restrictions.

3. Access Lists

Access lists are rules that determine which users can access specific network resources. Time-based access control can be applied to access lists, allowing administrators to create rules that are active only during certain time periods. This ensures that access to critical resources is restricted outside of business hours.

Think of access lists as security checkpoints at an airport. Just as the checkpoints are active during specific hours, access lists in MikroTik RouterOS can be configured to enforce time-based restrictions.

Examples and Analogies

Example 1: Creating a Time Schedule

To create a time schedule that allows access from 9 AM to 5 PM on weekdays, you would use the following command:

        /system scheduler add name=WeekdayAccess on-event="/ip service set telnet disabled=no" start-time=09:00:00 stop-time=17:00:00 days=mon,tue,wed,thu,fri

In this example, the "WeekdayAccess" schedule enables access to the Telnet service during weekdays from 9 AM to 5 PM.

Example 2: Applying Time-based Access to User Profiles

To apply a time schedule to a user profile, you would configure the profile to use the schedule. For example, to create a user profile named "OfficeHours" that restricts access to the "WeekdayAccess" schedule, you would use the following command:

        /user profile add name=OfficeHours schedule=WeekdayAccess

In this example, the "OfficeHours" profile ensures that users assigned to this profile can only access the network during the specified weekday hours.

Example 3: Configuring Time-based Access Lists

To create an access list that restricts access to the internet from 5 PM to 9 AM on weekdays, you would use the following command:

        /ip firewall filter add chain=forward action=drop src-address=192.168.1.0/24 dst-address=0.0.0.0/0 time=WeekdayAccess

In this example, the access list drops all traffic from the specified source address to the internet during the specified time period, ensuring that users cannot access the internet outside of business hours.

By understanding and implementing time-based access control, administrators can create a more secure and efficient network environment. This approach allows for fine-grained control over user access, ensuring that network resources are only available during appropriate times.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.