Re: Block Unauthorized Computer

In message <#sEt7Z$GIHA.4296@xxxxxxxxxxxxxxxxxxxx> "Danny Sanders"
<DSanders@xxxxxxxxxxxxxxx> wrote:

You could also disconnect any unused jacks at the patch panel so when they
plug the computer into an unused jack, they can't get anywhere.

This will only cause a minimal slowdown if the unauthorized computer is
malicious rather then an accident -- All it takes is a cheapo hub/switch
to get connected. I had one at one point that was USB powered.

You can go a step further and lock down a one to one ratio between ports
and MAC addresses, and automatically kill the port if an unauthorized
MAC address shows up (many data centers do this, SOHO gear cannot)

This raises the bar substantially, although it is entirely possible for
a stateful NAT box to sit between a legitimate machine and the network,
fake the correct MAC addresses on both sides, and still insert it's own
traffic into the WAN side of the NAT box (the LAN), effectively
"sharing" the IP of the client PC.

This is well beyond what is likely happening here, chances are that this
situation is just someone brought a home laptop in and plugged in.

--
You can get more with a kind word and a 2x4 than just a kind word.
.