Re: prohibiting visitors from connecting to network

[Mark Leonard <mark () mjleonard com>]

Most managed switches can be configured to allow connections only from a
pre-specified list of MAC addresses.  This is probably the way to go.
In Ciscoland I think it's called "Port Security".  Keep in mind there is
a fair amount of overhead required to keep the list of allowed MAC
addresses up to date.

Hope that helps,
Mark Leonard

Cesar Diaz wrote:
> List:
>
> My company is looking for a way to prohibit visitors
> to our offices from connecting a laptop to a network
> port and gaining access to our network.  We have
> policies in place prohibiting employees from allowing
> this, and have network jacks in our conference
> roomsthat are on a seperate VLAN that allows only
> access to the Interent.  We still have problems with
> visitors connecting to the network.  In one case an
> infected laptop started spreading a virus in the
> network.
>
> Our network is W2K based and uses DHCP running on a
> W2K server.  We do have some Unix and Linux boxes.
>
> What I'm looking for is a way to secure DHCP so that
> only our laptops/workstations can get a DHCP address. 
> I was thinking of something like EAP used for remote
> access with certificates to keep computers without a
> certificate from receiving an IP address, but I can
> find any information on implementing this.
>
>
> Any ideas, resources or comments are welcome.
>
> Thanks,
>
> Cesar
>
>
>               
> __________________________________ 
> Yahoo! Music Unlimited 
> Access over 1 million songs. Try it free.
> http://music.yahoo.com/unlimited/