I there a way to manually specify an IP to a mac in the ARP tables. That way you could filter based on IP and if someone changed their IP to avoid the filters, there internet access wouldn't work. You could then take it a step further and lockdown the switch port to only that one mac and if they got cleaver and changed their mac, that wouldn't work either. Just a thought. Feel free to blast away.
Description: Description: Description: C:\Users\Ryan\AppData\Roaming\Microsoft\Signatures\AARElectronics3.gifRyan Rodrigue P.O. Box 4336 Systems Technician Houma, LA 70361 A A R Electronics, Inc Phone (985) 876-4096 510 West Tunnel Blvd Phone (800) 649-7346 Houma, LA 70360 Fax (985) 853-1034 <mailto:radiote...@aaremail.com> radiote...@aaremail.com <http://www.aarelectronics.com/> www.aarelectronics.com From: stephen at stephenjc [mailto:step...@stephenjc.com] Sent: Monday, November 29, 2010 8:19 AM To: support@pfsense.com Subject: Re: [pfSense Support] MAC based Access Control I was under the impression that pfsense was layer 3 software. Imo, I don't think it should be dealing with layer 2. You can always use a switch with port security. On Nov 29, 2010 8:21 AM, "Vick Khera" <vi...@khera.org> wrote: > On Mon, Nov 29, 2010 at 8:11 AM, Adam Piasecki > <apiase...@midatlanticbb.com> wrote: >> I understand it's a false sense of security, but I can see how it would be >> helpful. Maybe a package can be made with the understanding that its not >> 100% full proof. >> > > So you have a security feature that works, except when it doesn't. > The problem is there is no way to tell when it is not working, so how > do you "deal with it then"? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org >
<<image001.gif>>
<<image002.jpg>>