Date: Tue, 06 Apr 2004 02:29:05 -0700 From: Ryan Merrick <wrmine@heronetwork.com> To: Adrian Penisoara <ady@freebsd.ady.ro> Cc: freebsd-isp@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level Message-ID: <40727861.6060905@heronetwork.com> In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Adrian Penisoara wrote: > Hi, > > I am searching for a solution that will enable me to control the > access of clients to a Ethernet network that spans over about an entire > quorter; most of the connected stations are running MS Windows. > > We are facing service theft through impersonation, either solely IP > or both IP and Ethernet MAC address. Securing IP access was solved using > a static ARP scheme (we used "staticarp" for the internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of the > clients learnt how to change both the IP and the MAC. > > We have thought about using static MAC entries per port on managed > switches installed at the client endpoints, but that would require a > overwhelming budget. We are also thinking about L2TP and PPPoE, but I am > uncertain about compatibility. > > What would you recommand ? Are there any other elegant solutions ? > > I also heard about 802.1x technology and seems to be an interesting > and professional alternative; I just don't know how well supported is on > the server side, namely FreeBSD. > > Thank you. > > -- > Ady (@freebsd.ady.ro) > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > Hi, Take a look at www.netreg.org/ -- Ryan Merrick rmerrick@heronetwork.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40727861.6060905>