From owner-freebsd-isp@FreeBSD.ORG Tue Apr 6 02:30:19 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C3D916A4CE for ; Tue, 6 Apr 2004 02:30:19 -0700 (PDT) Received: from mx1.heronetwork.com (mail.heronetwork.com [216.254.62.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E0E243D58 for ; Tue, 6 Apr 2004 02:30:19 -0700 (PDT) (envelope-from wrmine@heronetwork.com) Received: from localhost (localhost [127.0.0.1]) by mx1.heronetwork.com (Postfix) with ESMTP id 17847A6A24; Tue, 6 Apr 2004 02:29:14 -0700 (PDT) Received: from mx1.heronetwork.com ([127.0.0.1]) by localhost (nott.heronetwork.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 56163-01; Tue, 6 Apr 2004 02:29:12 -0700 (PDT) Received: from heronetwork.com (c-24-19-3-98.client.comcast.net [24.19.3.98]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.heronetwork.com (Postfix) with ESMTP id 72B7DA6A2B; Tue, 6 Apr 2004 02:29:11 -0700 (PDT) Message-ID: <40727861.6060905@heronetwork.com> Date: Tue, 06 Apr 2004 02:29:05 -0700 From: Ryan Merrick Organization: Hero Network LLC User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031218 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adrian Penisoara References: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> In-Reply-To: <0A87E4EB-8665-11D8-9004-000A95776E22@freebsd.ady.ro> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at heronetwork.com cc: freebsd-isp@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Apr 2004 09:30:19 -0000 Adrian Penisoara wrote: > Hi, > > I am searching for a solution that will enable me to control the > access of clients to a Ethernet network that spans over about an entire > quorter; most of the connected stations are running MS Windows. > > We are facing service theft through impersonation, either solely IP > or both IP and Ethernet MAC address. Securing IP access was solved using > a static ARP scheme (we used "staticarp" for the internal gateway > interface and tied to it a fixed list of IP/MAC tuples), but some of the > clients learnt how to change both the IP and the MAC. > > We have thought about using static MAC entries per port on managed > switches installed at the client endpoints, but that would require a > overwhelming budget. We are also thinking about L2TP and PPPoE, but I am > uncertain about compatibility. > > What would you recommand ? Are there any other elegant solutions ? > > I also heard about 802.1x technology and seems to be an interesting > and professional alternative; I just don't know how well supported is on > the server side, namely FreeBSD. > > Thank you. > > -- > Ady (@freebsd.ady.ro) > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > Hi, Take a look at www.netreg.org/ -- Ryan Merrick rmerrick@heronetwork.com