Restricting internet access for staff

Unanswered Question
Sep 13th, 2011
User Badges:

Hi Experts,

We had implemented  internet access for the students in college campus. Perhaps, recently we've noted the college staffs bring up their laptops and connect to Wifi and get internet access. Consuming the bandwith for non-business purposes.

Summary for Network Scenario:

We had cisco router 857,connected to cisco switch 3560 and wireless aironet access points connected to this switch and  distributed over the floor.


please kindly help me in restricting the internet access for staffs.


Regard's

Samir

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 09/13/2011 - 06:27
User Badges:
  • Purple, 4500 points or more

You can also do the restriction on the APs/controllers. I too would create a non-approved device vlan and police it down.

Abdul Samir Shaikh Tue, 09/13/2011 - 12:28
User Badges:

Thank you experts for your responses.

However, creating vlans would not solve my issues ? How do I only  make sure our staff use thi internet service as it is dedicated only  for students.

Is there can be mac-address restriction ?


Samir

Collin Clark Tue, 09/13/2011 - 12:35
User Badges:
  • Purple, 4500 points or more

Port Security is your best option, but it can get expensive. How many approved wireless devices do you have?

Collin Clark Tue, 09/13/2011 - 12:48
User Badges:
  • Purple, 4500 points or more

I should have clarified. How many devices; laptops, tablets, phones do you have on the network that are trusted by IT?

Abdul Samir Shaikh Tue, 09/13/2011 - 12:53
User Badges:

We have no trusted IT devices.

Why? because the students bring up there lappy and mobile phones to get access.

But our staff are taking advantage of this service by bringing there peronal devices This what I want to retrict.


Thank for your help.

Collin Clark Tue, 09/13/2011 - 12:56
User Badges:
  • Purple, 4500 points or more

There is no way to determine what is student and what is staff devices then right?

Abdul Samir Shaikh Tue, 09/13/2011 - 13:06
User Badges:

However, one idea has came to my mind.

I'll run the third party utility called as Angry IP Scanner. For a week I'll montior and record the mac & computer. later block those mac.


It can be ??

Collin Clark Tue, 09/13/2011 - 13:07
User Badges:
  • Purple, 4500 points or more

I don't think there is. About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict. Even then though the staff could select student and have full bandwidth.

Collin Clark Tue, 09/13/2011 - 13:08
User Badges:
  • Purple, 4500 points or more

How would you determine if a laptop is a student's or staff's?

Abdul Samir Shaikh Tue, 09/13/2011 - 13:11
User Badges:

Yes. But that was just a thought.

"About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict." How could I achieve this ? can you provide me config guide.


Thanx

lonix1977 Mon, 10/03/2011 - 02:13
User Badges:

hi shamir, mac address blocking or whitelisting may not be scalable as the network grows or as the number of unauthorized terminals increase. It would be better to do it in layer 3 as suggested above. You may either blocklist VLAN assigned for uncontrolled terminals (wi-fi and classroom/library ports), or whitelist a VLAN for your authorized devices, whichever is more convenient for you.

Actions

This Discussion