Hello TOM, i'm in a kind of a healthy one-upmanship with my unix colleagues now wherein they have shown me user-based access control alongwith IP address AND mac-address based acl's. As i had mentioned earlier what i have observed (keeping aside all the windows/isa features such as GUI, Firewall, scheduled download,etc etc etc etc,,and lot's more, ofcourse along with the perenial problems of patches to be applied for each and every new feature applied for network users in ISA) in all fairness in appreciating any good product, i find that atleast the percieved response of squid proxy ( which now also supports reverse hosting,etc, where-in again i'am comparing only the proxy features) for a user is more quicker than isa. what is it that lacks in isa for that kind of performance. Believe me i have tried all i could to fine-tune the isa's performance. Now coming to the question of mac-address acls. My network has some users (who do not have access to internet) stealing or just configuring their systems with the allowed ip's leading to ip address clashes. This is because we have different independent workgroups with subnets and it is quite difficult to maintain dhcp service ( i do have resource constraints wrt systems for dhcp service...i'm making do with whatever i got and it's a long resource crunch story) for the whole 1500 node network. good or bad please do reply with your advice thanks once again with regards rajiv --- Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote: > http://www.ISAserver.org > > > Hi Rajiv, > > Yes, but squid doesn't have user/group based access > control, which is > far more important than MAC address. Remember, MAC > addresses are only > available on the same Ethernet broadcast domain, > which makes its pretty > useless for most networks. Of course, with Squid, > you do get what you > pay for ;-) > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > -----Original Message----- > From: Rajiv Kulkarni [mailto:rajiv_nag@xxxxxxxxx] > Sent: Wednesday, June 18, 2003 3:03 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] can we have mac-addresses as > client address sets for > acl in isa > > > http://www.ISAserver.org > > > Hello Friends, > > I wanted to know whether we could configure > mac-address based client-address sets in isa.if not > what prevents the configuration in isa. > > Also i have observed that a squid proxy has this > facility (of mac-address based acl) and also that > the > responses from the squid proxy is very fast compared > to isa..even when we have only ONE TEST USER. > > can anybody advice me please?? > > thank you > > > PS: I will still remain as passionate as ever for > MS-products...it's just that i sometimes debate with > my unix collegues often wrt MS products. > > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 Exchange Server Resource Site: > http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com > No.1 Exchange Server Resource Site: > http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: rajiv_nag@xxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com