I agree that setting up a database using VMPS doesn't seem worth it. The
URT product, on the other hand, sets up a default VLAN which only has
connectivity to the Novell or NT domain or NDS server. Once logon is
successful, the user is put into a normal VLAN with full access to the
network. One caveat is that a stub client is automatically loaded onto the
workstation to renew the adapter, so Unix workstations are not supported.
This product is targeted for physically open environments such as hospitals
or universities. More information can be found at:

http://www.cisco.com/warp/public/cc/pd/wr2k/urto/prodlit/cregt_ds.htm

My feeling is to tell management that it can't be done without an additional
product. If they really have a strong business need, they will buy the
product and make the approach easier to administrate. It is much better
than commiting to a labor intensive approach that may impact your ability to
deliver reliable services.

Ray
----- Original Message -----
From: "Israel Bilbao" <ibilbaoopennetwork.com>
To: "Ray Hooker" <Ray.Hookerattglobal.net>
Cc: "paul Carcary" <PaulLacewood.co.uk>; <focus-mssecurityfocus.com>
Sent: Monday, July 02, 2001 10:24 PM
Subject: Re: Secure DHCP...

> also all of the Cisco switches that I have worked with and the ones
> that I have now (1900,2900,3500,4000) have something called VMPS, which
> as an administrator of the switch you can set a database of all of the
> MAC addresses that the administrator would want to access the network,
> and unless the MAC is on the database there is no way you could send a
> single packet out of any port in the network, that is ofcourse if you
> assigned a switch as a designated server to host all of the MACs, but
> let me tell this is very painful if you go this route, and that is if
> one or several NICs go bad well... you know the rest!!
>
> Israel.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]