Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Public access administration and security with Cisco equipment?

Hello,

I was just wondering if any of the experts here could advice me on this.

We have a small library in our municipality that wants to give its customers access to the Internet using thin clients. They want to be able to control the time a customer is allowed to use the Internet. Of course they have a limited budget. As the rest of our network is 100% Cisco I am wondering if there is a Cisco solution for this scenario too? I know about the NAC appliance, but it is a bit expensive. How about buying a smaller router with firewall feature and use authentication proxy?

I should mention that Cisco ACS and a AD/EDIR/LDAP directory is in place.

Kind regards,

Rutger

  • Other Security Subjects
3 REPLIES
New Member

Re: Public access administration and security with Cisco equipme

Here's one way to do it...

Place all thin client machines in a seperate VLAN.

Create a DHCP scope for the thin-clients. For this example, let's use 10.0.1.0 /24.

On your internal router, create a Time-based ACL:

time-range Inet_Time_ACL

periodic daily 10:00 to 13:00

This will allow access from 10:00am to 1:00pm

Now create the ACL based off this time range

access-l extended Inet-TIME_ACL

10 permit tcp 10.0.1.0 0.0.0.255 any eq 80 time-range TIME_ACL

20 permit tcp 10.0.1.0 0.0.0.255 any eq 443 time-range TIME_ACL

30 permit udp 10.0.1.0 0.0.0.255 {DNS Server IP} eq 53 time-range TIME_ACL

40 deny ip any any

Now apply this ACL to the Thin Client VLAN

int vlan50

ip access-group Inet-TIME_ACL in

Please rate if this helps

Cisco Employee

Re: Public access administration and security with Cisco equipme

Hi Rutger,

Thanks for your question. Unfortunately, Your question is not related to the topic being covered, which is Physical Securtiy & Video Surveillance.

Now, Cisco provides solutions for Subscriber Edge Management (SESM) and your Cisco Wireless Reseller should be able to provide you with the appropriate advice. You could try the following website on this subject, although it may quickly become somewhat overwellming: http://www.cisco.com/en/US/netsol/ns673/networking_solutions_solution_category.

Lastly, you could check with Cisco Support: tac@cisco.com.

Best regards,

Hugo

Green

Re: Public access administration and security with Cisco equipme

119
Views
0
Helpful
3
Replies
This widget could not be displayed.