MAC address registrations

[Kevin Shalla <Kevin.Shalla () IIT EDU>]

We have a few issues we're trying to address:

1) Expand the number of computers on the network with a limited supply of
routable IP addresses.
2) Make it difficult for attackers to access machines on our network.
3) Make it easier for our users to move computers (especially laptops) from
one building to another without having to reconfigure them.
4) Make it difficult for unauthorized people to connect a machine to our
network
5) Lessen the number of "stolen" IP addresses, where someone while
configuring a computer chooses an IP address already in use.

We require MAC addresses for wireless access, and are considering that
requirement for regular wire access, so we can gain some control of who's
using our network.  We're using a combination of hard-coded IP addresses
and dhcp now, and want to move to more dhcp, or maybe all dhcp.  One idea
we're considering is requiring that every MAC address be registered with
us, while another idea is that anyone who has not registered gets dhcp
dynamic addresses and NAT, while only registered MAC address could get
static addresses or routable addresses.

What do others do regarding registering MAC addresses?  Do you have
policies regarding who is allowed a routable IP address, or who is allowed
a static IP address?

Kevin Shalla
Manager, Student Information Systems
Illinois Institute of Technology
<mailto:Kevin.Shalla () iit edu>

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.