Q: Controlling access at the Ethernet level
Borja Marcos
borjamar at sarenet.es
Fri Apr 9 09:29:45 PDT 2004
> We have thought about using static MAC entries per port on managed
> switches installed at the client endpoints, but that would require a
> overwhelming budget. We are also thinking about L2TP and PPPoE, but I
> am uncertain about compatibility.
>
> What would you recommand ? Are there any other elegant solutions ?
>
> I also heard about 802.1x technology and seems to be an interesting
> and professional alternative; I just don't know how well supported is
> on the server side, namely FreeBSD.
802.1x needs switch support. A switch supporting 802.1x will probably
support MAC address filtering at the port level. The same can be said
about using VLANs; you would need a switch with multi-VLAN port
support, something quite variable between manufacturers.
Anyway, stackable switches in the $600 - $1000 price range would do
it. Look at Cisco Catalyst or HP ProCurve. (Look at the low end of
both, not the high-end models)
Borja.
More information about the freebsd-security
mailing list