Restricting Wireless Access on Campus?

Diety_in_A_Minor asks: "How would one set up a wireless network on a campus such that restrictions can occur by classroom? My back of the napkin solution would be to relate MAC addresses to class schedules, and have the DHCP server allow access to student-registered MAC addresses only during specific times. Although possible, this solution requires tremendous maintenance. What other solutions are there? One class in a building will require restrictions, while both classrooms adjacent to it need open access."

Weaken signal strength

[SpaFF]

Asside from changing the password (or WEP key) constantly and having the professor tell the students what it is each class, you could shield the classroom so that the signal doesn't travel outside of it. This of course assumes that the access point is in the classroom and that the room is small enough to electromagnetically shield economically. Depending on the size of the room (big lecture halls) you might be able to just turn the signal strength of the AP down low enough so that it can't be reached outside of the room.

Why?

[SecretFire]

I think we need a lot more information about the circumstances here. Is there some sort of test that requires students to have a laptop but not access the internet?

Or is it some old teacher that thinks that it'll somehow force people listen to their boring, pointless lectures, when the students will likely just find something else to entertain themselves with.

mac address

[jbolden]

The problem with most of these mac address based solutions is they assume:

1) You don't have large numbers of people openly subverting the system

2) People don't have administrative access to their own boxes

Neither of which is true in a college environment. You can tell an ethernet card to change its effective mac address to anything and students will share with information with each other.

Security requires that:
a) the people with access want to protect the information from the people without access
b) The people with access cannot communicate to the people without access

You don't have either situation. Rather what you have is a 3rd party creating a security policy (which classrooms have access) which does not enjoy student support. I agree with the poster who commented on a wired solution, this seems 100x easier.

Yeah, go off MAC addresses,

[La Camiseta]

and see how long before that I use something like Knoppix STD [knoppix-std.org] to change my MAC address and get my ass into the network.

Come on, if you're a University, then you've already got fat pipes, and probably let the kids in dorms and the library have unlimited access, so why treat your other students like crap just because they're in the wrong location.

And if you limit their internet access, what kind of education do you think that you're providing them with by limiting the information that they can access?

Hell, and even if you try to, odds are that anybody with half a brain will hack it, or the user with access is going to set up their system as an IP masquerading AP.

quit counting beans

[Game Genie]

If a student decides to sit and screw around on the internet during class rather than listen that is their own problem, they have the right to fail. At worst this may be a minor disruption to the class, in which it is always within the prof's disgression to give them the boot. This is college, not high school.

That being said, no mac filtering or proxy solutions are going too be fool proof (or, more accuratly, geek proof). It is easy enough to setup NAT on a laptop to give access to the next room, or spoof your MAC. As I see it, there are two possible solutions that would virtually gaurentee that you accieve what you are trying to accomplish:

Magneticly seal each classroom: difficult, expensive, effective.

Jam 2.4 GHz in classrooms that you don't want access in: Cheaper, but may cause unwanted interference. Leaves 802.11a wide open for repeaters. Questionable legality?

Best of all, both of these solutions have the added benifit of blocking those &*$#!@#%$*% cell phones!

Keep it open!

[beej_55]

We'll never get anywhere by building fences. You've heard the Linux quote, "In a world without windows and gates, who needs walls and fences." My sipmle solution is to just let the people on the network, use a public/private hotspot, D-Link makes some nice ones. Simple, but effective.