Re: Q: Controlling access at the Ethernet level
> We have thought about using static MAC entries per port on managed
> switches installed at the client endpoints, but that would require a
> overwhelming budget. We are also thinking about L2TP and PPPoE, but I
> am uncertain about compatibility.
>
> What would you recommand ? Are there any other elegant solutions ?
>
> I also heard about 802.1x technology and seems to be an interesting
> and professional alternative; I just don't know how well supported is
> on the server side, namely FreeBSD.
802.1x needs switch support. A switch supporting 802.1x will probably
support MAC address filtering at the port level. The same can be said
about using VLANs; you would need a switch with multi-VLAN port
support, something quite variable between manufacturers.
Anyway, stackable switches in the $600 - $1000 price range would do
it. Look at Cisco Catalyst or HP ProCurve. (Look at the low end of
both, not the high-end models)
Borja.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 5 篇):