On 03/07/2012 03:22 AM, Rich Trinkle wrote:
I apologize if this seems like a "rookie" question. A colleague and
I have a stance that neither want to budge on. We have a cisco 861w
core router for our internal network and a typical domain
server/client access. All of our internal pc's are part of this
domain and our client pc's obtain a dynamic ip from an internal dhcp
server. The question is this. Should I be able to take a personal
laptop that is not setup on our domain, plug into our network, obtain
an ip address dynamically through our cisco router and browse the
internet?
What does "should" mean here? Technically, would it work? Or policy,
ought it to work?
If the former, it will depend how you've got things set up.
If the latter, there's no right answer to that. It depends on your
security policy and what you want to achieve. At our site: no; you get
assigned into a VLAN and directed to a "register your machine" page, so
we've got machine -> owner tracking in the event of an abuse or
operational problem.
Some places don't care about that, and just absorb the costs of such
events in order to achieve ease-of-use.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
