you can block kazaa, etc with a simple access list.. all those fast track network front end clients (kazaa, grokster, etc) work on tcp/1214
so for me it would be access-list 101 deny tcp any any eq 1214 access-list 101 permit ip any any keep adding access-list 101 deny * * eq XXXX as you find new programs or services the students run to. I would also put the students in a different ip range (private, public whatever) than the staff, and deploy traffic shaping.. then i would limit the students to a fair amount of bandwidth maximum per second, say 786Kbps, or you can use car which will make sure the teachers' ip block always get through. research QOS on cisco's site for this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51673&t=51661 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]