> - all machines legitimately using the network
are known as well as
> their ethernet addresses,
> - assign all those legitimate machines an (basically fixed) IP via
> DHCP,
> - for all unregistered machines, offer them IP addresses in the
> 127.0.0.0 range as well as themself as their default router and other
> stuff to make their network connection a notwork connection
I kind of like that! No! I *REALLY* like it! Have
you tested this?
We have something like this at PLNU. Unknown MAC addresses get dropped into
a category where the network will only allow them to connect to the
registration server -- it drops packets bound elsewhere. To register for a
"fixed IP over DHCP" lease, they have to have their bills paid and their
student ID, SSN, etc., and then they get the DHCP lease for the year
wherever they go on campus. The system is now almost totally automated.
So, an unauthorised laptop connecting on campus basically doesn't work;
their packets end up in /dev/null. There are plenty of public terminals if
surfin der Veb's all they want to do.
--
----------------------------- personal page:
http://www.armory.com/~spectre/ --
Cameron Kaiser, Point Loma Nazarene University * ckaiser(a)stockholm.ptloma.edu
-- A baby is God's opinion that the world should go on. -- Carl Sandburg ------