We use a guest rule that may work for you. All guests are
created for 3 days. When that time expires, a small addition to
the node expire code sets a 30-day guest expired violation on
the MAC address. The end result is that any device gets guest
access for three days out of 30 (or roughly 3 days out of every
month) before having to spend 30 days in the penalty box with no
access.
For the most part, the above formula works well with our pattern
of guests -- visiting professors, families of students, sales people,
and guest lecturers. If anyone needs to stay longer, they are told
to contact their campus sponsor and request that their access be
extended before it expires.
Our "permanent" guests that we want to keep off the network are
residents/neighbors, outside service contractors' staff, and anyone
else looking for free Internet access. The 30-day penalty box is
great for discouraging these abuses, but flexible enough to accommodate
monthly/quarterly visits by legitimate guests who need access without
burdening our helpdesk staff with too many "un-violate me" requests
if we permanently locked them out...
-Arthur
-------------------------------------------------------------------------
Arthur Emerson III Email:
[email protected]<mailto:[email protected]>
Network Administrator InterNIC: AE81
Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave. Fax: (845) 562-6762
Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11
From: <Brown>, Dennis <[email protected]<mailto:[email protected]>>
Reply-To:
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Date: Friday, February 13, 2015 at 11:35 AM
To:
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: [PacketFence-users] Guest Device Profiling
All,
Have unique scenario trying to solve for.
Our network is Hub spoke design and we back haul all traffic to a center MPLS
internet head circuit.
Most of our sites are T1 or bounded T1s, and to provide guest wireless to our
customers.
So my issue is employees are abusing the guest wireless, starving the pipe for
customers.
I am looking for a way to trend a connected device on my GUEST SSID, and if the
device meets certain set thresholds blacklist it.
IE: Device has been seen on the guest network 3 days or more and for a duration
over 10hrs.
Can I do this with PacketFence do this, if so ideas are welcome.
Dennis Brown | IT Operations Manager |
________________________________
This e-mail and any files transmitted with it are confidential and solely for
the use of the individual or entity to which they are addressed and intended.
If you have received this e-mail in error, please notify the sender by return
e-mail. If you are not the intended recipient, you may not read, copy, retain,
print, disclose, or distribute this message or its contents to any other
individual, for such actions may be unlawful.
WARNING: We take certain precautions to prevent viruses, but we are not
responsible for loss or damage arising from the use of this e-mail or
attachments.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
