RE: can we have mac-addresses as client address sets for acl in isa
- From: Rajiv Kulkarni <rajiv_nag@xxxxxxxxx>
- To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Jun 2003 10:06:07 -0700 (PDT)
Hello TOM,
i'm in a kind of a healthy one-upmanship with my unix
colleagues now wherein they have shown me user-based
access control alongwith IP address AND mac-address
based acl's.
As i had mentioned earlier what i have observed
(keeping aside all the windows/isa features such as
GUI, Firewall, scheduled download,etc etc etc etc,,and
lot's more, ofcourse along with the perenial problems
of patches to be applied for each and every new
feature applied for network users in ISA) in all
fairness in appreciating any good product, i find that
atleast the percieved response of squid proxy ( which
now also supports reverse hosting,etc, where-in again
i'am comparing only the proxy features) for a user is
more quicker than isa. what is it that lacks in isa
for that kind of performance.
Believe me i have tried all i could to fine-tune the
isa's performance.
Now coming to the question of mac-address acls. My
network has some users (who do not have access to
internet) stealing or just configuring their systems
with the allowed ip's leading to ip address clashes.
This is because we have different independent
workgroups with subnets and it is quite difficult to
maintain dhcp service ( i do have resource constraints
wrt systems for dhcp service...i'm making do with
whatever i got and it's a long resource crunch story)
for the whole 1500 node network.
good or bad please do reply with your advice
thanks once again
with regards
rajiv
--- Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx>
wrote:
> http://www.ISAserver.org
>
>
> Hi Rajiv,
>
> Yes, but squid doesn't have user/group based access
> control, which is
> far more important than MAC address. Remember, MAC
> addresses are only
> available on the same Ethernet broadcast domain,
> which makes its pretty
> useless for most networks. Of course, with Squid,
> you do get what you
> pay for ;-)
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
> -----Original Message-----
> From: Rajiv Kulkarni [mailto:rajiv_nag@xxxxxxxxx]
> Sent: Wednesday, June 18, 2003 3:03 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] can we have mac-addresses as
> client address sets for
> acl in isa
>
>
> http://www.ISAserver.org
>
>
> Hello Friends,
>
> I wanted to know whether we could configure
> mac-address based client-address sets in isa.if not
> what prevents the configuration in isa.
>
> Also i have observed that a squid proxy has this
> facility (of mac-address based acl) and also that
> the
> responses from the squid proxy is very fast compared
> to isa..even when we have only ONE TEST USER.
>
> can anybody advice me please??
>
> thank you
>
>
> PS: I will still remain as passionate as ever for
> MS-products...it's just that i sometimes debate with
> my unix collegues often wrt MS products.
>
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>
>
------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 Exchange Server Resource Site:
> http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>
------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 Exchange Server Resource Site:
> http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
> You are currently subscribed to this ISAserver.org
> Discussion List as: rajiv_nag@xxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
Other related posts:
