IP filtering in router (help? )

I was wondering if someone would tell me if/how this would work:

Basically I work at a school w/ a student laptop program. As it is
now, students have laptops with wireless access, and can access
anything on the WAN. (We just have access points set up throughout
the school that are bridged with the LAN). So basically, students and
faculty all have the same access.

What I want to do is basically use DHCP from a Win 2003 machine to
assign them an IP address, and then block ALL traffic to/from that
range of ip addresses except what sites I allow. I know this will be
very restrictive, but this is how I want it.

for faculty (and lab machines), I want to give them a static IP addy
w/ full access.

Can anyone give me any information as to how this will work/what
routers will do this? What features do I need to look for in a
router? Or anyone have a better idea to restrict access ?

Any other information will be greatly appreciated !

Thanks

Hawk

What kind of authentication are you using currently in your network?
Are users (both students and faculty) required to log in to a domain?
Or is the access completely unrestricted; meaning that any Joe Blow
could walk in with a laptop and wifi card and browse your network? It
sounds like your network security is pretty much non-existant.

Controlling access to shares within your network can be done by share
passwords, group policies (if you are using a domain) or ip
restriction (not necessarily the best idea)

Controlling access to external (ie, internet) sites would all be done
through a firewall.

A domain with group policies would be the best way to go about this,
but is also the most expensive (at least with an MS network as you
have to pay for CALs for each user). You could maybe look into setting
up a linux domain controller for authentication, but this might be a
pain to set up. Other than that, share passwords would be the next
best thing.

You can email me if you wish, as I check that more often than these
groups.

ksdfj sdf <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> I was wondering if someone would tell me if/how this would work:
>
> Basically I work at a school w/ a student laptop program. As it is
> now, students have laptops with wireless access, and can access
> anything on the WAN. (We just have access points set up throughout
> the school that are bridged with the LAN). So basically, students and
> faculty all have the same access.
>
> What I want to do is basically use DHCP from a Win 2003 machine to
> assign them an IP address, and then block ALL traffic to/from that
> range of ip addresses except what sites I allow. I know this will be
> very restrictive, but this is how I want it.
>
> for faculty (and lab machines), I want to give them a static IP addy
> w/ full access.
>
> Can anyone give me any information as to how this will work/what
> routers will do this? What features do I need to look for in a
> router? Or anyone have a better idea to restrict access ?
>
> Any other information will be greatly appreciated !
>
> Thanks
>
> Hawk