Q: Controlling access at the Ethernet level

[wrmine at heronetwork.com (Ryan Merrick)]

Adrian Penisoara wrote:
> Hi,
> 
>    I am searching for a solution that will enable me to control the 
> access of clients to a Ethernet network that spans over about an entire 
> quorter; most of the connected stations are running MS Windows.
> 
>    We are facing service theft through impersonation, either solely IP 
> or both IP and Ethernet MAC address. Securing IP access was solved using 
> a static ARP scheme (we used "staticarp" for the internal gateway 
> interface and tied to it a fixed list of IP/MAC tuples), but some of the 
> clients learnt how to change both the IP and the MAC.
> 
>   We have thought about using static MAC entries per port on managed 
> switches installed at the client endpoints, but that would require a 
> overwhelming budget. We are also thinking about L2TP and PPPoE, but I am 
> uncertain about compatibility.
> 
>   What would you recommand ? Are there any other elegant solutions ?
> 
>   I also heard about 802.1x technology and seems to be an interesting 
> and professional alternative; I just don't know how well supported is on 
> the server side, namely FreeBSD.
> 
>  Thank you.
> 
> -- 
> Ady (@freebsd.ady.ro)
> 
> _______________________________________________
> freebsd-isp_(_at_)_freebsd_(_dot_)_org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe_(_at_)_freebsd_(_dot_)_org"
> 
Hi,

Take a look at www.netreg.org/

-- 
Ryan Merrick
rmerrick_(_at_)_heronetwork_(_dot_)_com