Minecraft for Education and Wireless Client Isolation (Ruckus)
114 views
Skip to first unread message
Nick Steenson
May 5, 2021, 8:34:56 PM5/5/21
to techies-f...@googlegroups.com
Hi Folks,
--
The Problem:
Teachers are starting to use Minecraft for Education in Class. Great, happy to help. Students and teachers want to be able to join each other's "worlds". Also great, happy to help.We have client isolation turned on on our main SSID (which filters after 802.1x Auth to appropriate VLANs), so clients can't see each other. I'd be happy if I could use L3/ports as a filter as I could then just allow Minecraft traffic, but I can't, L2 only.
My Current Workaround:
A 2nd SSID that is a clone of the first with client isolation turned off, that only turns on in the rooms that require it when they require it (on a schedule communicated by the teachers). This isn't ideal as I'd rather keep clients isolation for a number of other reasons and just allow the minecraft traffic through.
My Hope:
That there is some way I can create a firewall or helper rule that re-directs traffic (though I doubt this as the client isolation happens at the AP, so any directed request won't reach my L2 switches, let alone the L3 ones or router).Alternatively I guess I could look at hosting a dedicated server, or even paying for cloud servers that could be shared, but these would need to be set up dynamically and I presume managed somehow. *sigh*
Anyone facing the same or a similar issue?
Thanks,
Nick SteensonIT Manager |  |
Mount Aspiring College | |
T +64 (0) 3 443 0463 (Ext 222) | A 101 Plantation Rd, Wanaka, NZ, 9305 |
Alistair Baird
May 5, 2021, 8:53:46 PM5/5/21
to techies-f...@googlegroups.com
Hi Nick,
Are you using a Zonedirector ?
In ours, I can set up the block rules under Configure->Access Control->L3/4/IP Access Control - be sure to click the Advanced Options at teh bottom right of the window, you get the client isolation rules. You can set up the port/protocol to allow.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CA%2B9sU%3DQRTT9z0gYbGVgXQgtuh2NSad2Ci69WMteB8O82_ZiJuA%40mail.gmail.com.
Nick Steenson
May 5, 2021, 9:10:02 PM5/5/21
to techies-f...@googlegroups.com
That does look like what I'm interested in, but no I'm using the SmartZone rather than ZD, and in the access control part all I see is:
The client isolation whitelist section just lists my existing whitelist rules that require MAC and IP addresses as exceptions.
Nick
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAKQ0vHo4i1o7VhtjZUxLBurh87tCkKTOQKgL6-a_WmjWf71aHQ%40mail.gmail.com.
Andrew Godfrey
May 5, 2021, 10:11:18 PM5/5/21
to techies-f...@googlegroups.com
You might find Access Control under Advanced options for the wireless LAN config. Don't know if this will overwrite the isolation but it may allow the limiting of ports open for you Minecraft WLAN which may reduce any attack vector.
Andrew Godfrey | Network Manager
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CA%2B9sU%3DThwO2hq3LbR7-ZDcgHCwKF481gmB0f5xDeUKBMcwtL7A%40mail.gmail.com.
Nick Steenson
May 5, 2021, 10:22:35 PM5/5/21
to techies-f...@googlegroups.com
No mention of L3 anywhere on the config page. As the AP's themselves handle a lot of these settings I wonder if they might not have hardware acceleration/L3 access control features. I remember having those options with the ZD onsite... Might be time for another call to N4L with an open ended "how would you fix this issue" question.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CANUAgAePHo-t4G3s%2BL-HY0AYqnkzPq_7N-PLWRRypPqdjM3NhA%40mail.gmail.com.
Julian Davison
May 5, 2021, 10:24:42 PM5/5/21
to techies-f...@googlegroups.com
On Thu, 6 May 2021 at 14:22, 'Nick Steenson' via Techies for schools <techies-f...@googlegroups.com> wrote:
No mention of L3 anywhere on the config page. As the AP's themselves handle a lot of these settings I wonder if they might not have hardware acceleration/L3 access control features. I remember having those options with the ZD onsite... Might be time for another call to N4L with an open ended "how would you fix this issue" question.
N4L:
We would deploy a ZD instance so that you could have those options back onsite...
Sam McNeill
May 6, 2021, 4:53:27 PM5/6/21
to Techies for schools
Watching with interest.... a cloud/realm version of M:EE is something I've been pushing with the product team for quite some time.
Two years ago (almost to the day) we did announce a cloud-ish version of M:EE at MS Build - I blogged about it here:
Some schools in NZ took advantage of this and it was awesome.
It was a bit half baked and quietly discontinued. I'm continuing to advocate with the internal team to rectify this.
I guess my question would be: would schools be prepared to pay for a cloud hosted M:EE realm(s)? The licensing as it stands is included in the MOE Schools Agreement and therefore no cost to teh school. Would there be appetite to give cloud access to teachers/students?
I have seen work arounds where some schools run their own VM of win10 and just broadcast the join code to the relevant students who are wanting to join.... again, bit of a cludge, but at least it's "free" to the school for now.,
Cheers
Sam
Jeffrey B
May 6, 2021, 8:17:25 PM5/6/21
to techies-f...@googlegroups.com
Looks like a UTP (user traffic profile) may do the trick for level 3 traffic.
Assuming your student wifi is on a separate ip range.
Jeffrey.
From: techies-f...@googlegroups.com <techies-f...@googlegroups.com> on behalf of Sam McNeill <s...@mcneill.co.nz>
Sent: Friday, May 7, 2021 8:53:26 AM
To: Techies for schools <techies-f...@googlegroups.com>
Subject: Re: [techies-for-schools] Minecraft for Education and Wireless Client Isolation (Ruckus)
Sent: Friday, May 7, 2021 8:53:26 AM
To: Techies for schools <techies-f...@googlegroups.com>
Subject: Re: [techies-for-schools] Minecraft for Education and Wireless Client Isolation (Ruckus)
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/techies-for-schools/ef57eadf-b1d4-423e-8dda-2df5bbb6b55bn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages