John Scrivner wrote:
Anyone out there have experience with PPPoE?.

[ snip ]

Based on the scenario you've described, PPPoE may not be the best solution. It'll probably break a lot of Windows-specific stuff (printer and file sharing leap to mind). Those could be worked around with a sufficiently complex firewall setup, but it might be more trouble than it's worth.

A few other ideas pop into mind right off:

* Many higher-end managed switches can be set up to only allow specified MAC addresses network access. You could do a network audit, get a list of all the allowed MACs in a location, and tell the switch to drop other traffic. Think "wireless MAC authentication" only with wires. :)

* Put all the "important" stuff in a separate subnet and require VPN logins to access it. Configure the firewall to only allow access from IPs allocated to the VPN subnet. This won't keep someone from bringing in their own laptop and connecting to the VPN, but at least you'll know who did it. You could do this with StarOS, RouterOS, or even Windows/Active Directory if you're brave enough.

* Fear and paranoia. Spread the word that the network is regularly monitored for unauthorized access, and that unauthorized MACs being seen from your port on the switch could be a write-up/lose-your-job offense. Use a managed switch that can record MAC-to-physical-port associations, and dump the logs somewhere. If you're really ambitious, actually review the logs on occasion and follow up on those threats :D

David Smith
WISPA Wireless List:



Reply via email to