> AFAIK, MAC addresses do not get past our switches - so I suppose they
> might get lost as soon as you leave your own LAN. Correct me
> if I got this wrong.
Yes, you're right, that's the base of ethernet.
The source and destination IP addresses don't change, but the source
and destination MAC addresses change and become routers addresses if you
have to go another (other) LAN(s).
> ISP-s can easily restrict access based on MAC address, since
> you connect
> them directly.
I think that with cable ISP it is not the case since you access them
through a router, or they filter accordingly to your router address.
> Also DHCP can be configured to give the static
> addresses based on MAC - our cable provider does it.
Yes, it is easy to do this with ISC dhcpd or even with MS dhcp ! ;-)
I don't know if you can forbid a client to get an address through
DHCP according to its MAC address, but one can imagine to patch the ISC
dhcpd server to add this feature...
But since it is so easy under Linux to logically change the MAC
address, one cannot *only* rely on the MAC address to do security! ;-)
Mathieu
