We had implemented internet access for the students in college campus. Perhaps, recently we've noted the college staffs bring up their laptops and connect to Wifi and get internet access. Consuming the bandwith for non-business purposes.
Summary for Network Scenario:
We had cisco router 857,connected to cisco switch 3560 and wireless aironet access points connected to this switch and distributed over the floor.
please kindly help me in restricting the internet access for staffs.
You could police the http/https traffic for the Staff VLAN/subnet using MQC.
Here is a video explaining the configuration http://www.actionpacked.com/node/306
Thank you experts for your responses.
However, creating vlans would not solve my issues ? How do I only make sure our staff use thi internet service as it is dedicated only for students.
Is there can be mac-address restriction ?
We have no trusted IT devices.
Why? because the students bring up there lappy and mobile phones to get access.
But our staff are taking advantage of this service by bringing there peronal devices This what I want to retrict.
Thank for your help.
However, one idea has came to my mind.
I'll run the third party utility called as Angry IP Scanner. For a week I'll montior and record the mac & computer. later block those mac.
It can be ??
I don't think there is. About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict. Even then though the staff could select student and have full bandwidth.
Yes. But that was just a thought.
"About the only thing I can think of is if you require them to "login" and you have them specify student or staff, then restrict." How could I achieve this ? can you provide me config guide.
hi shamir, mac address blocking or whitelisting may not be scalable as the network grows or as the number of unauthorized terminals increase. It would be better to do it in layer 3 as suggested above. You may either blocklist VLAN assigned for uncontrolled terminals (wi-fi and classroom/library ports), or whitelist a VLAN for your authorized devices, whichever is more convenient for you.