The bigger issue here is how manageable a solution will you have. In order to block MAC addresses, you must first know all the permissible MAC addresses in the enterprise. Then, if possible in the DHCP implementation, you must disable all other MAC addresses from getting an IP address. This can be a manageable process if there are relatively few systems in the environment. But think of the overhead and process that must be in place to make this continue. Every time a new system is purchased, the DHCP must be changed to allow its MAC address. What about vendors and consultants who may be allowed access while one site? How do you administer these? Do they need a separate subnet, and DHCP range with other restrictions? These are the issues that have to be addressed. Does the solution scale well? Does a different DHCP solution better solve the problem? Also what is the underlying security policy driving the need to block by MAC address? Are employees specifically banned from bringing in personal laptops? If there isn't a clear security policy banning this, your efforts may lack support needed to make blocking happen.
Dig Deeper on IP Networking
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.