Andy, 802.1x with MAC authentication bypass is probably what you are looking for. Nearly all managed switches these days have support for 802.1x. This way the device is authenticated at the switch-port, if it is not an allowed device the switch will deny the device access (or you could set the switch to give unknown users access to a guest VLAN).
Once set up it is no harder to administer than maintaining you DHCP reservations list (Once you have it set up I would recommend removing DHCP reservations where they are not needed, this way you only need to maintain one list of MAC addresses). Regards, Daniel -----Original Message----- From: Andy Graybeal [mailto:andy.grayb...@casanueva.com] Sent: Wednesday, 2 March 2011 9:10 AM To: support@pfsense.com; t...@casanueva.com Subject: [pfSense Support] Only allow DHCP assigned addresses access to network Hi, I would like every machine on my network to get it's address from PFSense's DHCP server. If it doesn't receive an address from the DHCP server (if they pick some arbitrary address on the same subnet) how do I dis-allow them access to network services? Does this make any sense to do this? Does this make sense to not do this? -Andy --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- This message has been scanned for viruses and dangerous content by mail.lasseters.com.au, and no infections were found. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org