Re: [SunRay-Users] Mac Table

Wed, 04 Jan 2006 01:26:23 -0800 

Hi All,
We have a 1Gb/s backbone Ethernet network with vlans for Corperate, SunRay, Development and Ad-Hoc networks. That keeps everything seperate, lets us plug anything into any port and simply configure the switch port to change the vlan that the port is on and means we only have one network infrastructure to maintain. 1Gb/s is plenty of bandwidth on the backbone and is easy to upgrade anyway. 


And yeah people will just hijack an IP address if they can not DHCP one, 
so we have DHCP sniffers that sniff the DHCP transaction and create 
access lists in the switches to only allow MAC addresses that have 
contacted the DHCP server and have a valid lease to access network 
resources other than the DHCP server.


--
Leigh


Markolf Gudjons wrote:


Fitra,

On Tue, 3 Jan 2006, fitra budi anggoro wrote:


 


 Actually I already set my PC with manual address. But I dont want
someone just bring their PC/Laptop and easily connect to the network
just by activate their DHCP client. Thus I need to filter wether it is
DTU or other devices. I wan only DTU that can connect to the server.

   


My experience is people will just highjack an IP if they can't get one via
DHCP. Which means you are not safeguarded from some PC connecting to your
Ray server.


 


 I will have to read it first. Any short document how you do that?

   


Nope, sorry, not that I know of. Maybe the Sun guys have something. I
don't use the Sun DHCP anymore.


 


The good thing about this solution is that you can keep adding DTUs
without having to register their MAC addresses in the DHCP config.
********************
 it means that it is possible to register DTU's Mac address in DHCP
config and get as what I want?
 ********************

   


Yup.


 


 Yes.. it is the best infrastructure to create separate networks
between Rays and PCs, but it is costly :-). I already create different
subnet between clients and servers networks. Hope it's working :)

   


Well, you could just create Vlans. One for the DTUs and one for the PCs.
That way you can use the same switches, but have nicely separated
networks. Also, the DTUs don't need an outside connection to the rest of
your network, they only ever connect to the server. Sort of an island.

- Markolf


 


_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users














    











					Reply via email to