04-28-2007 01:43 AM - edited 03-09-2019 05:53 PM
Hello,
I was just wondering if any of the experts here could advice me on this.
We have a small library in our municipality that wants to give its customers access to the Internet using thin clients. They want to be able to control the time a customer is allowed to use the Internet. Of course they have a limited budget. As the rest of our network is 100% Cisco I am wondering if there is a Cisco solution for this scenario too? I know about the NAC appliance, but it is a bit expensive. How about buying a smaller router with firewall feature and use authentication proxy?
I should mention that Cisco ACS and a AD/EDIR/LDAP directory is in place.
Kind regards,
Rutger
05-04-2007 07:36 AM
Here's one way to do it...
Place all thin client machines in a seperate VLAN.
Create a DHCP scope for the thin-clients. For this example, let's use 10.0.1.0 /24.
On your internal router, create a Time-based ACL:
time-range Inet_Time_ACL
periodic daily 10:00 to 13:00
This will allow access from 10:00am to 1:00pm
Now create the ACL based off this time range
access-l extended Inet-TIME_ACL
10 permit tcp 10.0.1.0 0.0.0.255 any eq 80 time-range TIME_ACL
20 permit tcp 10.0.1.0 0.0.0.255 any eq 443 time-range TIME_ACL
30 permit udp 10.0.1.0 0.0.0.255 {DNS Server IP} eq 53 time-range TIME_ACL
40 deny ip any any
Now apply this ACL to the Thin Client VLAN
int vlan50
ip access-group Inet-TIME_ACL in
Please rate if this helps
05-04-2007 12:26 PM
Hi Rutger,
Thanks for your question. Unfortunately, Your question is not related to the topic being covered, which is Physical Securtiy & Video Surveillance.
Now, Cisco provides solutions for Subscriber Edge Management (SESM) and your Cisco Wireless Reseller should be able to provide you with the appropriate advice. You could try the following website on this subject, although it may quickly become somewhat overwellming: http://www.cisco.com/en/US/netsol/ns673/networking_solutions_solution_category.
Lastly, you could check with Cisco Support: tac@cisco.com.
Best regards,
Hugo
05-04-2007 12:29 PM
Hugo, this is the thread you are looking for.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: