University of Waterloo
ISTNS > CNAGCnagResources? > ComputerLabLockdownTool
TWiki webs: Main | TWiki | Sandbox?   Log In or Register

Changes | Index | Search | Go

Computer Lab Network Lockdown Tool

The Computer Lab Network Lockdown Tool is available at


This tool provides a way for computer lab administrators to lock down network access during exams, via a web based interface. The tool can be made available to specific userids, and/or specific IP names (e.g. a podium machine used by multiple instructors)

The tool requires pre-configuration for the given lab, and the degree of network lockdown (e.g. deny all traffic in/out of lab, or deny traffic in/out of UW). Once configured, lab administrators need only choose between "Lockdown" and "Open", and the pre-configured access control lists are applied, or removed, respectively.


Network staff create an ACL on the switch, with the desired rules. The ACL can either be applied on an upstream router, or on a switch uplink, or even on all edge ports (for devices that support that).

Example ACL:

ip access-list extended "DENY_EXT" 
   20 remark "Allow on campus access" 
   22 permit ip 
   24 permit ip 
   26 permit ip 
   30 remark "Deny off campus access" 
   32 deny ip 
   34 deny ip 
   36 deny ip 
   40 remark "Allow the rest" 
   42 permit ip 

The configuration tool at is then used to edit the lockdowns table and give a name and description to the lab lockdown entry, and supply details about the switch and interface the ACL is applied on.

Configuration Tool:


Users of the lab lockdown web interface do not need to be added to the ona admins table, but they, or the fully qualified domain name of the desired podium computer, need to be authorized through use of Administrator Group Memberships table in ona.

When a lab administrator uses the tool, it applies the ACL to the pre-configured interface.

If needed, multiple ACLs can be applied to multiple vlans, interfaces, and switches, for a given lab lockdown. This is done by adding multiple entries to the ona lockdowns table, all with the same name. However, it is recommended to keep things as simple as possible.

I Attachment Action Size Date Who Comment
jpgJPG lockdown.JPG manage 14.0 K 29 Jul 2010 - 17:19 BruceCampbell  
jpgJPG lockdowns.JPG manage 32.1 K 29 Jul 2010 - 17:19 BruceCampbell  
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions

Parents: CNAGCnagResources? ISTNS.ComputerLabLockdownTool moved from CNAG.ComputerLabLockdownTool on 30 Nov 2013 - 14:53 by BruceCampbell - put it back
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback