----- Original Message -----
From: Junix Gaspar
To: Philippine Linux Users' Group (PLUG) Technical Discussion List
Sent: Friday, June 09, 2006 4:31 PM
Subject: Re: [plug] Linux gateway
first things first... i would like you to stay away what you are trying to
do due to the fact that mac address can be easily spoof to circumvent your
firewall policy...
to control who can use the internet is to provide an authentication
mechanism... you have three options here...
1. layer 2 authentication (eg. pppoe authentication)
2. layer 3 authentication (eg. vpn authentication)
3. layer 7 authentication (eg. web based authentication)
above options can be use both for wired and wireless medium, allowed time
to
login, time duration, what services allowed to access and many more...
This layer 2 authentication (pppoe). How do you do this. Do you need a
special
switch for this?
just a typical switch... during its PPPoE Active Discovery Initiation
(PADI)... the destination mac address in the ethernet frame is set to mac's
broadcast address (0xFFFFFFFFFFFF) while the source mac address sets to
client's mac address... using mac's broadcast address... it will send to all
ports in the switch to discover the pppoe server... pppoe server will reply
PPPoE Active Discover Offer (PADO) ethernet frame to offer its service until
it reaches to PPP for authentication.... thus it is doing a layer 2
authentication...
fooler.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
