[unisog] NetReg Circumvention?
mjimenez at net.tufts.edu
Thu Sep 4 04:58:25 GMT 2003
We have a psuedo-NetReg implementation (same concept, different
code) and we did see some hardcoding of IPs to circumvent the system. We
deal with it fairly effectively through a combination of policy and arp
log auditing. We poll our routers for their arp logs every five minutes,
and compare this to our DHCP leases. When we have a mismatch, we know the
MAC of the offender and can track it down to a switchport for enforcement.
We don't have to do this very much.
"Read all instructions before applying adhesive."
-Large Print on Lid of Bucket; words to live by.
"Diplomacy" is saying "nice doggy" until you can find a big rock.
On Wed, 3 Sep 2003, Brian Reilly wrote:
> For those of you who've implemented a NetReg or similar DHCP-driven
> solution for host registration, have you had many instances of users
> circumventing the process by just assigning themselves static IP
> addresses? If so, how have you addressed this issue, and are you
> considering migrating to something like 802.1x or VQP as a result?
> <reillyb at georgetown.edu>
More information about the unisog