From owner-freebsd-security@FreeBSD.ORG  Mon Apr  5 09:08:57 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2EA4716A4CE
	for <freebsd-security@freebsd.org>;
	Mon,  5 Apr 2004 09:08:57 -0700 (PDT)
Received: from smtp.wan.no (smtp.wan.no [80.86.128.91])
	by mx1.FreeBSD.org (Postfix) with SMTP id 102BC43D46
	for <freebsd-security@freebsd.org>;
	Mon,  5 Apr 2004 09:08:56 -0700 (PDT)
	(envelope-from sten.daniel.sorsdal@wan.no)
Received: (qmail 581 invoked from network); 5 Apr 2004 16:23:25 -0000
Received: from unknown (HELO exchange.wan.no) (10.30.1.52)
  by smtp.wan.no with SMTP; 5 Apr 2004 16:23:25 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Date: Mon, 5 Apr 2004 18:08:49 +0200
Message-ID: <E3AE90582399B14EB7D037B53B9B17E94E01@exchange.wanglobal.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Controlling access at the Ethernet level
thread-index: AcQaciZ1G29JmJftQrKOK6VZ7nBzCgAtN7kg
From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no>
To: "Adrian Penisoara" <ady@freebsd.ady.ro>,
	<freebsd-security@freebsd.org>
cc: freebsd-isp@freebsd.org
Subject: RE: Controlling access at the Ethernet level
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2004 16:08:57 -0000

=20
>    What would you recommand ? Are there any other elegant solutions ?
>=20
How about using 802.1Q vlan's and dedicate a vlan to each port.
If more than 4000 users then add more gateways.

Just be sure to go for switches that allow you to deny incoming already=20
tagged packets on the user side as some switches passes already tagged =
packets.

For a wireless environment i would suggest PPPoE and VLANs (separating =
them).

>    I also heard about 802.1x technology and seems to be an=20
> interesting and professional alternative; I just don't know=20
> how well supported is on the server side, namely FreeBSD.
>=20

802.1x is fairly new and not very well supported yet, expect bugs.

_// Sten Daniel S=F8rsdal