> We have thought about using static MAC entries per port on managed > switches installed at the client endpoints, but that would require a > overwhelming budget. We are also thinking about L2TP and PPPoE, but I > am uncertain about compatibility. > > What would you recommand ? Are there any other elegant solutions ? > > I also heard about 802.1x technology and seems to be an interesting > and professional alternative; I just don't know how well supported is > on the server side, namely FreeBSD. 802.1x needs switch support. A switch supporting 802.1x will probably support MAC address filtering at the port level. The same can be said about using VLANs; you would need a switch with multi-VLAN port support, something quite variable between manufacturers. Anyway, stackable switches in the $600 - $1000 price range would do it. Look at Cisco Catalyst or HP ProCurve. (Look at the low end of both, not the high-end models) Borja. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"