RE: DHCP security

["Payton, Zack" <Zack.Payton () MWAA com>]

802.1X is a nice switch level protocol that enables one to restrict the
activation of a switchport based on any number of criteria via the
Extensible Authentication Protocol (EAP) and it's family of relatives.
This suite enables one to restrict access based on any imaginable set of
criteria including MAC address, username, machine name, certificate,
etc.  
The option which you mentioned is (at least in the cisco world) referred
to as port security.  This option will allow frames sourced only from
certain MAC adddresses to enter the switch.  802.1x is very simple to
deploy, works cross platform/cross vendor, and offers a plethora of
extentions that you can use including centralized management by
connecting on the backend to a radius/tacacs server.

Z 

-----Original Message-----
From: razk () smarteam com [mailto:razk () smarteam com] 
Sent: Monday, October 10, 2005 3:38 AM
To: security-basics () securityfocus com
Subject: DHCP security

hello

i am looking for a solution of restricting unauthorised MAC addresses to
be able to connect into our LAN. (Visitors etc.) our main concern is
that we have around 50 new VmWares coming up everyday and our network is
flat without any vlans so we can't realy put them in a seperate network.

i was introduced to a solution on the port level of the switch but was
wandering if there are any other solutions.

thanks.

Raz.