On 1/31/06, person <blankinvites plus m0n0 at gmail dot com> wrote:
> Locally there are many internal webservers (not patched, containing info you
> wouldn't want any outsider to access, etc.), video/media servers, wiki's,
> shared drives, etc. etc. Given the nature of the offices, there are many
> places someone can, and even places people are allowed to, simply plug into
> a jack and get internet access (confrence rooms/guests, etc.). Not uncommon
> for someone using someones office to unplug the ehternet cable and plug it
> in to their laptop.
Wow, really asking for trouble there. You definitely need to be
looking for a solution aside from the firewall. No firewall is going
to be able to help you in this situation.
802.1X would be a good solution, but that's not an option on any
Catalyst 2924. dot1q trunking isn't even an option on the old 2924's
that you're talking about. They do support VLAN's, but no trunking,
so its usefulness is very limited. To accomplish this, you're going
to be stuck replacing all the switches.
For more info on 802.1x on Cisco gear, Google "802.1x site:cisco.com"