>>> I guess he means it's a little cumbersome to do it your way. >>> Imagine a network of 500 machines or one where people with new >>> computers join and leave by the hour. >> >> thats not what he wrote. > > Actually he did. Basically your solution says that you define all > known machines and deny all others by default while he wants > something that is a mix of having some defined addresses, some > random and a specific list of denied MAC addresses.
hmm .. > However I think on the practical level he is better of blocking at > the switch rather than in this way. it is pretty trivial to pick a > random ip address if you know the range in use and the relevant > gateway and this can cause even worse havoc. In any case, what are > you trying to block them from accessing? > > You could simply put those particular clients on a separate V-LAN. agree, if the unwanted boxes are very many. rgds ernest _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
