Restrict wireless internet access on certain periods of time
We need help on setting up a network with some restrictions for the attached clients.
We're quite new at setting up a network at this size.
1x SRP 540 router
1x SG 300-10P managed switch
4x AP 541N accesspoint
What we want to do:
1. Around 100 laptops and desktop computers need wireless internet access, but some of them on limited times during the day.
2. Not all wireless devices are allowed on using the wireless network.
3. There are also wired desktops that don't need restrictions.
4. We need the possibility to restrict most of the wireless devices to access certain websites or use certain applications on those computers to use internet access during the times that the computers are allowed to access the internet.
5. We want to restrict the clients for using torrents or other possibilities of downloading illegal content.
What we were able to do:
1. The accesspoints (AP 541N) are clustered to achieve 1 large wireless network.
2. Only mac-adresses that are listed in the accesspoints are capable of using the wireless network. Other mac-adresses are not allowed to use the accesspoints.
What we tried already:
1. adding the mac-adresses for the accesspoints to the list of "internet access policy" in the router. Internet access seemed still possible during periods the access wasn't supposed to be possible.
2. adding the mac-adresses from all clients in this internet access policy seemed useless. Only 10 Internet Access Policies seem to be possible to program. 8 mac-adresses per policy. Knowing there are (at least) two policies needed to restrict a group of 8 macs to access the internet in 24 hours (because blocking the internet from f.e. 22u in the evening to 6 in the morning is not possible because 6 is smaller than 22 - or 10PM).
Besides, after blocking internet access, we need also to write policies in blocking some websites or keywords.
what about the thoughts of radius for authentication which is connected to active directory for your wireless users. Then have those people you must limit access too during the day in their own security group that's only allowed to login to the domain during certain times of the day.
To limit sites or what they can do on the Internet will require a separate solution for content/URL filtering. Then you can make policies and apply to your security groups in active directory block by category, keyword, and so on.
This is all great assuming you can get these clients into AD.
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion
Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa...
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.
David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig...
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work.
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l...