I’d chat with your Cicso SE to see what they have cooking on the location-aware front.
If you want the hammer, I suspect you could use radius and AAA override to place the student into a more restrictive network during those hours. You’d need something that could hand out the override based on time of day. It would also require authentication of some sort. Once you get them there, instead of using something cumbersome like firewalling, I’d use something like Cisco’s OpenDNS Umbrella - it does content filtering via DNS requests e.g. Click the “streaming services” filter, and it will send users to a “this site is blocked” page. But I do agree with others that this is really just an academic exercise as the student(s) will simply move to their cellular connection. Jeff On 2/10/16, 5:51 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Case, Brandon J" <[email protected] on behalf of [email protected]> wrote: >Thanks everyone for the great responses and discussion about this. It's still >unclear how we'll end up proceeding but all of the feedback from this group >has been really valuable! > >-Brandon > >-----Original Message----- >From: Case, Brandon J >Sent: Monday, February 8, 2016 2:28 PM >To: The EDUCAUSE Wireless Issues Constituent Group Listserv >([email protected]) >Subject: User and/or Location-based Content Restriction > >Is anyone exploring or able to suggest good options for rate limiting or >preventing access to random content services? This idea was posed to me today >from up the chain with the goal of limiting certain students' ability to >access certain services for a certain time, potentially only from a certain >location. Yep. > >As an example: Student A has a class in room 2 of building Z from 8:30 to 9:20 >M, W and F. The goal would be to prevent (or severely hinder the ability of) >student A watching Netflix from 8:30 to 9:20 M, W and F while they're in room >2 of building Z. Outright blocking of access to Netflix during that timeframe >for student A regardless of location has also been discussed. I've already >provided a plethora of possible pitfalls to any of these types of approaches >and the associated administrative overhead they could incur but am being asked >for answers all the same. > >Yes, this does definitely wade into the treacherous waters of technological >solutions to what are really social problems (and I know has been discussed on >this list in the past) however, I'm charged with providing some form of an >answer up the chain and so I turn to you all for comments, insight and >cautionary tales. > >We're an all-Cisco shop with a healthy ISE deployment so my focus is there >with AAA override for ACLs, dynamic VLAN assignments, AVC profiles and QoS >profiles. Any solution I've thought of so far feels too much like a blunt >object though. > >Thanks, >-- >Brandon Case >Senior Network Engineer >IT Infrastructure Services >Purdue University >[email protected] >Office: (765) 49-67096 >Mobile: (765) 421-6259 >Fax: (765) 49-46620 > >PGP Fingerprint: >99CB 02D6 983C 1E2A 015F 205C C7AA E985 A11A 1251 > >********** >Participation and subscription information for this EDUCAUSE Constituent Group >discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
