Public access administration and security with Cisco equipment?

Unanswered Question
Apr 28th, 2007

Hello,

I was just wondering if any of the experts here could advice me on this.

We have a small library in our municipality that wants to give its customers access to the Internet using thin clients. They want to be able to control the time a customer is allowed to use the Internet. Of course they have a limited budget. As the rest of our network is 100% Cisco I am wondering if there is a Cisco solution for this scenario too? I know about the NAC appliance, but it is a bit expensive. How about buying a smaller router with firewall feature and use authentication proxy?

I should mention that Cisco ACS and a AD/EDIR/LDAP directory is in place.

Kind regards,

Rutger

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
med_ddevlin Fri, 05/04/2007 - 07:36

Here's one way to do it...

Place all thin client machines in a seperate VLAN.

Create a DHCP scope for the thin-clients. For this example, let's use 10.0.1.0 /24.

On your internal router, create a Time-based ACL:

time-range Inet_Time_ACL

periodic daily 10:00 to 13:00

This will allow access from 10:00am to 1:00pm

Now create the ACL based off this time range

access-l extended Inet-TIME_ACL

10 permit tcp 10.0.1.0 0.0.0.255 any eq 80 time-range TIME_ACL

20 permit tcp 10.0.1.0 0.0.0.255 any eq 443 time-range TIME_ACL

30 permit udp 10.0.1.0 0.0.0.255 {DNS Server IP} eq 53 time-range TIME_ACL

40 deny ip any any

Now apply this ACL to the Thin Client VLAN

int vlan50

ip access-group Inet-TIME_ACL in

Please rate if this helps

vliegen Fri, 05/04/2007 - 12:26

Hi Rutger,

Thanks for your question. Unfortunately, Your question is not related to the topic being covered, which is Physical Securtiy & Video Surveillance.

Now, Cisco provides solutions for Subscriber Edge Management (SESM) and your Cisco Wireless Reseller should be able to provide you with the appropriate advice. You could try the following website on this subject, although it may quickly become somewhat overwellming: http://www.cisco.com/en/US/netsol/ns673/networking_solutions_solution_category.

Lastly, you could check with Cisco Support: [email protected].

Best regards,

Hugo

Actions

This Discussion