Forum

  • Hello's
    A brief desc. of the scenario, and what is being attempted.
    The wireless System in Place is 3com but is actually Trapeze. 3com OEM from Trapeze, backend RADIUS server is MSFT Windows 2003 and Windows 2003 AD servers.

    Scenario 1: Students log in, their credentials are passed to the radius server by the wireless switch. After successful authentication users are placed in a VLAN with no restrictions. Up to this point everything works fine.

    Scenrario 2: Students are taking a class where the instructor requires restrictions. E.g. Access allowed only to Chemistry Server. Their credentials are passed to the radius server by the wireless switch. After successful authentication users are placed in a VLAN which restricts access to only the chemistry servers. Up to this point everything works fine.

    The Challenge: Assume the student is currently in a class where no restrictions are required. The next class right after this class is a class where restrictions are required. To enforce Scenrario 2 i have to either Forcefully log the user off the network, OR find a way to Disassociate them from the wireless network such that when they associate next, they will be placed in the restricted VLAN. I would prefer a way to disassociate the user from the network. Is this possible from a RADIUS server standpoint?
    I'm trying to automate this process as much as possible and i'm thus looking for ways to disassociate the user from a RADIUS / AD perspective.

    Thanks much for your time
    Blue.

  • Hi Incognito,

    WLANs comes with various Radius VSAs that should restrict user authentication based on SSID, VLAN. IAS should support most VSA. You might want to check if this is available on 3com.

    The more simpler ineffective way would be to use MAC authentication.

    thanks,
    Vinu

  • Since you are using Microsoft ISA with AD, this is really more of a group policy question.

    Just create a group policy that logs off x users after n minutes.

  • If I understood the challenge correctly: The professor doesn't want the students to get distracted by Internet during his class :)
    There is something missing in your explanation. Do the users target a different SSID in each scenario?

Page 1 of 1
  • 1