Network Management Strategies for the CIOI want to restrict the application (port) usage on their laptops to just what they need in stand-up colleges. Blocking ports on a L3/L2 switch is not sufficient at all, while they can roam into the network via an Access point in the office up stairs or in a classroom next door. So I need something like a VLAN access list control to application ports, but restricted to the *PHYSICAL* contours of a classroom. Does this functionality already exist in network management products? I want that functionality to be distributed to me, the class manager, without having to be dependent on the availability of network management staff.
Requires Free Membership to View
Unfortunately no. Given the nature of RF signals, it becomes much harder to control the 'physical' nature of the network. The only thing I can suggest is to design the Wireless (RF) network so that there are only one or two access points available from within the classroom. That way you can be sure that if the students are on the wireless network then they are using the access point in that classroom.
Once done, you are free to place the Access Points onto a separate VLAN or block ports, etc. I highly recommend using a wireless gateway (e.g. Bluesocket or Reefedge) for managing the wireless network access however if your college already uses VPNs or something similar that may be sufficient.
50% of my time is spent designing wireless networks with the CORRECT physical attributes (right signal in the right place for the right applications and the right number of people). It's a complex job but WELL worth the time to get it right the first time.
This was first published in February 2004