Educause Security Discussion mailing list archives
Re: Address allocation on the network - DHCP, IPv6 etc.
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Fri, 19 Mar 2010 07:48:09 -0400
Andrew Daviel wrote:
Some fallout from a discussion on an IPv6 forum - How are people tracking or authenticating devices on the network ? Currently, for wired devices that stay in one location, we add the MAC address to DHCP and create a DNS entry. The name, in our minds, is the device for practical purposes. If we get a complaint about that name or ip address, we know where and what it is. (we have a fairly small site with few troublemakers - we haven't seen anything that would justify the effort of implementing 802.1x or locking down walljacks in the switch)
We're still exclusively IPv4. Devices that require static IPs get them (servers, network equipment, printers, etc.) Most of the wired client computers are leasing out of address pools. Switch CAM tables are harvested regularly and retained so that we can find any troublemakers by looking up the MAC by IP in DHCP logs, and then the location by MAC in the CAM tables. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Address allocation on the network - DHCP, IPv6 etc. Andrew Daviel (Mar 18)
- <Possible follow-ups>
- Re: Address allocation on the network - DHCP, IPv6 etc. Dan Oachs (Mar 18)
- Re: Address allocation on the network - DHCP, IPv6 etc. Matthew Gracie (Mar 19)
- Re: Address allocation on the network - DHCP, IPv6 etc. John Ladwig (Mar 19)
- Re: Address allocation on the network - DHCP, IPv6 etc. Robert Kerr (Mar 19)
- Re: Address allocation on the network - DHCP, IPv6 etc. Andrew Daviel (Mar 19)