Restricting Wireless Access on Campus? 89
Diety_in_A_Minor asks: "How would one set up a wireless network on a campus such that restrictions can occur by classroom? My back of the napkin solution would be to relate MAC addresses to class schedules, and have the DHCP server allow access to student-registered MAC addresses only during specific times. Although possible, this solution requires tremendous maintenance. What other solutions are there? One class in a building will require restrictions, while both classrooms adjacent to it need open access."
NoCatNet! (Score:3, Informative)
It creates a splash-screen authentication at first connection. Either that or mandatory VPN.
802.1x + RADIUS (Score:5, Informative)
Use a simple solution. (Score:4, Informative)
All your students should register their MAC address in order to get a working IP. Use whatever your vender provdes for making sure someone isn't getting on without that.
Make a policy stating that you can't do , then audit occasionally. When you find an invalid MAC, send them a warning letter.
Besides, it's impossible to enforce. If someone borrows a laptop, they suddenly get locked-out of the online lecture? What do you want them to do, whip out a cellphone in the back of the hall and call tech support?
2 examples (Score:4, Informative)
1) Register your MAC address electronically, print out a form stating you will abide to the terms of usage, sign it, hand it in, and your MAC addess will receive an IP from DHCP the next day. VPN required (with group passwords). Connections are filtered through a firewall.
2) No registration required, but you need to install a VPN client with a certificate which can be generated on a website which is only available from a computer with a campus-IP. Again, a firewall restricts connections, depending on the type of user (students have more restrictive filters than employees).
Of course each solution requires you to have an account at the university (LDAP check).
As we are also using PDAs, VPN is a bit of a burden, but so far the various devices (iPAQ & Palm 5xx) can handle it, more or less. A major annoyance is the fact that you tend to turn off the PDA to save power. This cuts the VPN connection, so you need to log in again and again and.....
Depends on the Wireless System (Score:4, Informative)
Disclaimer: I'm guilty of rolling my own as much as anyone, but there is such a thing as using the right tool for the job and I have decided this is the way to go in regards to wireless.
Re:802.1x + RADIUS (Score:4, Informative)
Re:802.1x + RADIUS (Score:2, Informative)
Mac filtering ? Ar you even serious ?
ifconfig wi0 lladdr 01:02:03:04:05:06
Radius and good acces policy, some centralised CMSlike management console and your set.
Spend $$$ (Score:4, Informative)
Location tracking - it can be done! (Score:2, Informative)
Re:Yeah, go off MAC addresses, (Score:2, Informative)
(And if they do, what's to stop the kids from creating an ad-hoc network and sharing answers? There's no real way to stop that. Or maybe downloading the info earlier and just going off of it during the exam?)
If they must have computers for a final exams, then that's what computer labs are for.
You want to spend money (Score:2, Informative)