Google 802.1x port authentication & then see if your switch is capable of doing it. (ebay might get you a switch that can)
It'd block the rogue machine at the switch connection. NB. it's possible to change mac addresses on machines so it's not really very secure. It's more of a inconvenience. On Thu, 29 Oct 2009 09:36:02 +0100, Toni Mueller <openbsd-m...@oeko.net> wrote: > Hi, > > On Wed, 28.10.2009 at 17:29:36 -0500, Andres Salazar <ndrsslz...@gmail.com> > wrote: >> I Have dhcp enabled on my LAN which assigns an IP according to the >> clients MAC address, however if a user wanted to be malicious he can >> statically assign any IP to his NIC. > > he then has root access to the box. > >> Isnt there anyway I can force my ARP tables to only allow IPs to be >> assigned if the MAC address matches? > > Some switches offer this kind of functionality, but they're not exactly > cheap. > > > Kind regards, > --Toni++
