Date: Fri, 9 Apr 2004 18:29:58 +0200 From: Borja Marcos <borjamar@sarenet.es> To: freebsd-security@freebsd.org Subject: Re: Q: Controlling access at the Ethernet level Message-ID: <241D3934-8A43-11D8-863D-000393C94468@sarenet.es> In-Reply-To: <611C2010-86E9-11D8-A962-000A95776E22@freebsd.ady.ro> References: <611C2010-86E9-11D8-A962-000A95776E22@freebsd.ady.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
> We have thought about using static MAC entries per port on managed > switches installed at the client endpoints, but that would require a > overwhelming budget. We are also thinking about L2TP and PPPoE, but I > am uncertain about compatibility. > > What would you recommand ? Are there any other elegant solutions ? > > I also heard about 802.1x technology and seems to be an interesting > and professional alternative; I just don't know how well supported is > on the server side, namely FreeBSD. 802.1x needs switch support. A switch supporting 802.1x will probably support MAC address filtering at the port level. The same can be said about using VLANs; you would need a switch with multi-VLAN port support, something quite variable between manufacturers. Anyway, stackable switches in the $600 - $1000 price range would do it. Look at Cisco Catalyst or HP ProCurve. (Look at the low end of both, not the high-end models) Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?241D3934-8A43-11D8-863D-000393C94468>