[KLUG Members] stop unknown static IPs on lan

[Adam Tauno Williams]

> Is there a way to foil attempts of employees to bring in a new computers
> or laptops and plug into our corporate lan. My DHCP server is set to
> only give out IPs to known ethers, but I've stumbled upon a static IP
> when I tried to use it and get conflict errors.

Get a switch that supports EAP/802.1x and devices will have to
authenticate onto the wire.  Managed switches also usually let you
provide a list of MACs.

> I just tried to assign IP aliases of every unused IP on the subnet to
> one machine but if I give one of them to my windows laptop it doesn't
> seem to cause a conflict.

Yep.

> Second question, can I give my IPtables firewall a list of ether
> addresses that are allowed to pass and drop everyone elses packets?
 Sure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060307/d1f03446/attachment.bin