Hi! I do some administration here at our university (students') network, about 100 clients, Mac and Windows-PCs, and a *ix-based network infrastructure. We use AT-switches, everything except the servers (which use Gigabit) is 100MBit TP so far. IPs are distributed by dhcp. Laptops are getting moe and more important, so we need to restrict the access to the net while it shouldn't be too difficult to "register" new machines. This is valid for wireless and tp-connected laptops. First I thought that we will simply "lock" the switches (so that they block if another device is connected to the switch) and use a FreeSWAN between a router that routes registred clients into our net. The problem is that this will take a lot of cpu (I have some 500MHz-Alphas 21164a here that I would like to use) and seams to be really hard to administrate. The client-side installation would require a pgp-client, and we would have to create certificates for every client. So which other options are there available? Is something like ppp over ethernet a way to build up this? Or do you know freeware solutions that use mac-netfilters and have a web interface or something similar? Or should I simply put these clients into a insecure network and give them only little access to the outside, so they can't damage our internal nets? Thank You, CU, Lars.