Q: Controlling access at the Ethernet level
Ryan Merrick
wrmine at heronetwork.com
Tue Apr 6 02:30:19 PDT 2004
Adrian Penisoara wrote:
> Hi,
>
> I am searching for a solution that will enable me to control the
> access of clients to a Ethernet network that spans over about an entire
> quorter; most of the connected stations are running MS Windows.
>
> We are facing service theft through impersonation, either solely IP
> or both IP and Ethernet MAC address. Securing IP access was solved using
> a static ARP scheme (we used "staticarp" for the internal gateway
> interface and tied to it a fixed list of IP/MAC tuples), but some of the
> clients learnt how to change both the IP and the MAC.
>
> We have thought about using static MAC entries per port on managed
> switches installed at the client endpoints, but that would require a
> overwhelming budget. We are also thinking about L2TP and PPPoE, but I am
> uncertain about compatibility.
>
> What would you recommand ? Are there any other elegant solutions ?
>
> I also heard about 802.1x technology and seems to be an interesting
> and professional alternative; I just don't know how well supported is on
> the server side, namely FreeBSD.
>
> Thank you.
>
> --
> Ady (@freebsd.ady.ro)
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
Hi,
Take a look at www.netreg.org/
--
Ryan Merrick
rmerrick at heronetwork.com
More information about the freebsd-isp
mailing list