802.1X is the standard way to solve this problem, it obviously comes with management overhead but your switch does support it.
Regards, Jared brick On Wed, Aug 11, 2010 at 4:48 PM, David <[email protected]> wrote: > > At $work, we're having more and more problems with people bringing > laptops etc from home and plugging them in to the network. The company > policy has always been against this, but it was never really enforced. > I want to change that. > > I'm looking for suggestions on how I can prevent user's personal devices > from functioning should they plug them into the network. > > Here is what I have to work with: > - the MACs of the company workstations/laptops/Voip phones > - Switches are 3Com Baseline 2924-pwr Plus > ( > http://support.3com.com/infodeli/tools/switches/baseline/3Com_Baseline-Switch-2924-PWR-Plus_User-Guide.pdf > ) > - IPs are assigned via dhcp (ISC dhcpd). Some equipment gets fixed IPs, > but workstations and voip phones are plain dhcp. > > I stopped assigning static ips to the workstations and voip phones > because it was becoming a pain to manage at 100+. However, I'm starting > to wonder if I should assign all known mac addressed to a fixed range, > and assign a second range by dhcp. Then when an unknown client "plugs > in", they will get an IP in the dhcp range, which I should be able to > block at the switch. > > Comments? > > > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
