Danielle,

I tend to agree.  You are wresting with a policy issue not a technology
issue.  At the very least, guest access should be limited to a connectivity
level that cannot harm your campus infrastructure.
-- 
Ryan Dorman, CCNP
Network Engineering Specialist
Millersville University
717.871.5883



On 3/10/06 11:16 AM, "LDGarner" <[log in to unmask]> wrote:

> Danielle,
> 
> It depends on what your goal is.  If your goal is to protect the campus,
> then you set the system up for port 80 and 443 (http and https traffic)
> and let them use it if they want.  I've been assured that will keep any
> problems from hitting us.  After all, you do not know how 'clean' the
> guest machine is going to be.
> 
> If your goal is student's computers are infection free, then I don't
> think there is any way it would work.  We have students using Windows XP
> using the role we setup for Windows 98 and ME -- they don't want to deal
> with our rules.  As long as they don't want instant messaging, email
> clients other than web based, etc., we don't try to stop them.
> 
> Libby Garner
> Kenyon College
> 
> 
> Danielle Morse wrote:
>> Aaron,
>> 
>> How do you prevent your students from logging in as guest?  I know it
>> won't be attractive to them since it's limited but students we kick off
>> for violations might start using this to get around fixing their
>> computers for us to give them access again.
>> 
>> Thanks,
>> Dnaielle
>> 
>> Aaron Havens wrote:
>> 
>>> We use the guest access provided by the Clean Access login page. Users
>>> logging in with the Guest Access button are limited on what ports they
>>> are allowed to use and blocked from internal ip ranges. Just make sure
>>> to not require the Clean Access agent for this role.
>>>