From owner-freebsd-questions Thu Feb 14 11:54:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from locust.minder.net (locust.minder.net [216.254.113.229]) by hub.freebsd.org (Postfix) with ESMTP id 8A56137B416 for ; Thu, 14 Feb 2002 11:54:23 -0800 (PST) Received: from waste.minder.net (daemon@waste [216.254.113.23]) by locust.minder.net (8.11.6/8.11.6) with ESMTP id g1EJsLT02374; Thu, 14 Feb 2002 14:54:22 -0500 (EST) (envelope-from bmm@minder.net) Received: (from bmm@localhost) by waste.minder.net (8.11.6/8.11.6) id g1EJsKU32134; Thu, 14 Feb 2002 14:54:20 -0500 Date: Thu, 14 Feb 2002 14:54:20 -0500 From: Brian Minder To: Jaime Kikpole Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Limiting access to DHCP leases Message-ID: <20020214195420.GA16470@waste.minder.net> References: <20020214142736.Q65517-100000@zeus> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline In-Reply-To: <20020214142736.Q65517-100000@zeus> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 14, 2002 at 02:32:57PM -0500, Jaime Kikpole wrote: > > Is there a way to prevent unauthorized computers from accessing > our network? I'm not refering to password protecting a file server. I > mean locking out unknown MAC addresses. I know that I could try to > collect the MAC addresses of our 550+ workstations and start handing out > only static IPs and only handing them to those known MAC addresses. But > what about people smart enough to configure an IP stack on their own > laptop? Is there some way to prevent access, maybe through an arp proxy > of some kind? I've had success providing this kind of access control with a few flavors of switches, most recently with Extreme Networks gear. With ExtremeWare, you can assign MAC addresses to specific VLAN's, and choose whether to assign unknown devices to the default VLAN or to ignore them altogether. Thanks, -Brian -- bmm@minder.net 1024/8C7C4DE9 --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iQCVAwUBPGwV7BekvEeMfE3pAQEwOwP7Bbaw9UTz/pA4hiKB19oEDEeNXRsJPh4j LRqGM9LCZQlchs8lcaJh7ufuKnqSdWF6w21qi6eGHQHJtcKTDdExK0/Snw4L9Jya eDe9OqO1wH5WWkrDb5Xo8txaGQz7A/LQDX9b93+SEKNjBSQMemcCnLU3xblJtGcc qyYLU8UoFr8= =fZNO -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message