Its not even that complicated. Just apply an allowlist firewall that only allows the elites access, or in a full blown outage, power off the core switches at the fiber ingress points.
With SDN, you could even just wipe the configs to disable the internet, and then reapply the config to bring them back up later. Could literally be setup as a “push button” if anyone wanted it configured that way.
Its not even that complicated. Just apply an allowlist firewall that only allows the elites access, or in a full blown outage, power off the core switches at the fiber ingress points.
With SDN, you could even just wipe the configs to disable the internet, and then reapply the config to bring them back up later. Could literally be setup as a “push button” if anyone wanted it configured that way.
A layer 3 firewall whitelist can be bypassed with MAC spoofing or duplication, ARP table poisoning, DHCP lease timestamp forging?
Maybe If you can get to it. Power down all the trunk ports but the palace/military/etc.