cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1974
Views
0
Helpful
17
Replies

Restricting internet access for staff

samirshaikh52
Level 2
Level 2

Hi Experts,

We had implemented  internet access for the students in college campus. Perhaps, recently we've noted the college staffs bring up their laptops and connect to Wifi and get internet access. Consuming the bandwith for non-business purposes.

Summary for Network Scenario:

We had cisco router 857,connected to cisco switch 3560 and wireless aironet access points connected to this switch and  distributed over the floor.

please kindly help me in restricting the internet access for staffs.

Regard's

Samir

17 Replies 17

cadet alain
VIP Alumni
VIP Alumni

Hi,

You could police the http/https traffic for the Staff VLAN/subnet using MQC.

Here is a video explaining the configuration  http://www.actionpacked.com/node/306

Regards.

Alain.

Don't forget to rate helpful posts.

You can also do the restriction on the APs/controllers. I too would create a non-approved device vlan and police it down.

Thank you experts for your responses.

However, creating vlans would not solve my issues ? How do I only  make sure our staff use thi internet service as it is dedicated only  for students.

Is there can be mac-address restriction ?

Samir

Port Security is your best option, but it can get expensive. How many approved wireless devices do you have?

Hello,

We've got 20 WAP.

I should have clarified. How many devices; laptops, tablets, phones do you have on the network that are trusted by IT?

We have no trusted IT devices.

Why? because the students bring up there lappy and mobile phones to get access.

But our staff are taking advantage of this service by bringing there peronal devices This what I want to retrict.

Thank for your help.

There is no way to determine what is student and what is staff devices then right?

Exactly. But there shoul be any way.

However, one idea has came to my mind.

I'll run the third party utility called as Angry IP Scanner. For a week I'll montior and record the mac & computer. later block those mac.

It can be ??

I don't think there is. About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict. Even then though the staff could select student and have full bandwidth.

How would you determine if a laptop is a student's or staff's?

Yes. But that was just a thought.

"About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict." How could I achieve this ? can you provide me config guide.

Thanx

You would need a product like the ISE.

http://www.cisco.com/en/US/products/ps11640/index.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: