09-13-2011 01:18 AM - edited 03-07-2019 02:11 AM
Hi Experts,
We had implemented internet access for the students in college campus. Perhaps, recently we've noted the college staffs bring up their laptops and connect to Wifi and get internet access. Consuming the bandwith for non-business purposes.
Summary for Network Scenario:
We had cisco router 857,connected to cisco switch 3560 and wireless aironet access points connected to this switch and distributed over the floor.
please kindly help me in restricting the internet access for staffs.
Regard's
Samir
09-13-2011 02:13 AM
Hi,
You could police the http/https traffic for the Staff VLAN/subnet using MQC.
Here is a video explaining the configuration http://www.actionpacked.com/node/306
Regards.
Alain.
09-13-2011 06:27 AM
You can also do the restriction on the APs/controllers. I too would create a non-approved device vlan and police it down.
09-13-2011 12:28 PM
Thank you experts for your responses.
However, creating vlans would not solve my issues ? How do I only make sure our staff use thi internet service as it is dedicated only for students.
Is there can be mac-address restriction ?
Samir
09-13-2011 12:35 PM
Port Security is your best option, but it can get expensive. How many approved wireless devices do you have?
09-13-2011 12:45 PM
Hello,
We've got 20 WAP.
09-13-2011 12:48 PM
I should have clarified. How many devices; laptops, tablets, phones do you have on the network that are trusted by IT?
09-13-2011 12:53 PM
We have no trusted IT devices.
Why? because the students bring up there lappy and mobile phones to get access.
But our staff are taking advantage of this service by bringing there peronal devices This what I want to retrict.
Thank for your help.
09-13-2011 12:56 PM
There is no way to determine what is student and what is staff devices then right?
09-13-2011 12:57 PM
Exactly. But there shoul be any way.
09-13-2011 01:06 PM
However, one idea has came to my mind.
I'll run the third party utility called as Angry IP Scanner. For a week I'll montior and record the mac & computer. later block those mac.
It can be ??
09-13-2011 01:07 PM
I don't think there is. About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict. Even then though the staff could select student and have full bandwidth.
09-13-2011 01:08 PM
How would you determine if a laptop is a student's or staff's?
09-13-2011 01:11 PM
Yes. But that was just a thought.
"About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict." How could I achieve this ? can you provide me config guide.
Thanx
09-13-2011 01:24 PM
You would need a product like the ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide