Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Apr 2004 10:09:44 -0300
From:      =?iso-8859-1?Q?Hernan_Nu=F1ez?= <hnunez@vianetworks.com.ar>
To:        <freebsd-security@freebsd.org>
Subject:   Re: Controlling access at the Ethernet level
Message-ID:  <01b501c41bd8$71df1df0$330c3dc8@ms.vianetworks.net.ar>
References:  <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro>
next in thread | previous in thread | raw e-mail | index | archive | help 

Adrian,

    ipfw2 enables you to control access from ether_demux() and ether_output_frame() [ipfw(8)]. Some ipfw2 options are dst-mac src-mac mac-type.

Regards,
Hernan

----- Original Message ----- 
From: "Adrian Penisoara" <ady@freebsd.ady.ro>
To: <freebsd-security@freebsd.org>
Cc: <freebsd-isp@freebsd.org>
Sent: Sunday, April 04, 2004 3:22 PM
Subject: Q: Controlling access at the Ethernet level


> Hi,
> 
>     I am searching for a solution that will enable me to control the 
> access of clients to a Ethernet network that spans over about an entire 
> quorter; most of the connected stations are running MS Windows.
> 
>     We are facing service theft through impersonation, either solely IP 
> or both IP and Ethernet MAC address. Securing IP access was solved 
> using a static ARP scheme (we used "staticarp" for the internal gateway 
> interface and tied to it a fixed list of IP/MAC tuples), but some of 
> the clients learnt how to change both the IP and the MAC.
> 
>    We have thought about using static MAC entries per port on managed 
> switches installed at the client endpoints, but that would require a 
> overwhelming budget. We are also thinking about L2TP and PPPoE, but I 
> am uncertain about compatibility.
> 
>    What would you recommand ? Are there any other elegant solutions ?
> 
>    I also heard about 802.1x technology and seems to be an interesting 
> and professional alternative; I just don't know how well supported is 
> on the server side, namely FreeBSD.
> 
>   Thank you.
> 
> --
> Ady (@freebsd.ady.ro)
> 
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01b501c41bd8$71df1df0$330c3dc8>