On 03/01/2011 08:47 PM, Daniel Davis wrote:
Andy,
802.1x with MAC authentication bypass is probably what you are looking for.
Nearly all managed switches these days have support for 802.1x. This way the
device is authenticated at the switch-port, if it is not an allowed device the
switch will deny the device access (or you could set the switch to give unknown
users access to a guest VLAN).
Once set up it is no harder to administer than maintaining you DHCP
reservations list (Once you have it set up I would recommend removing DHCP
reservations where they are not needed, this way you only need to maintain one
list of MAC addresses).
Regards,
Daniel
Ah.. I don't have a managed switch. I have an HP 1400-24G (j9078a).
Thank you for this information, it gives me something to consider. I've
always wanted a managed switch.
Andy
-----Original Message-----
From: Andy Graybeal [mailto:[email protected]]
Sent: Wednesday, 2 March 2011 9:10 AM
To: [email protected]; [email protected]
Subject: [pfSense Support] Only allow DHCP assigned addresses access to network
Hi,
I would like every machine on my network to get it's address from
PFSense's DHCP server.
If it doesn't receive an address from the DHCP server (if they pick some
arbitrary address on the same subnet) how do I dis-allow them access to
network services?
Does this make any sense to do this? Does this make sense to not do this?
-Andy
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
--
This message has been scanned for viruses and dangerous content by
mail.lasseters.com.au, and no infections were found.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
