ANybody have a simple method for blocking a MAC address or (less effective) an IP address. We don't want to amend ACLs becuase laptop can move from network to network.
Basically I'm looking for the simplest method for blocking virus/worm/trojan/spyware infected PCs. We have a honeypot log that tells us the IP address but it is time consuming to track the PC down, both logically on the switches and then dispatching desktop support to track down the person/laptop and fix them.
I'd prefer to block the MAC addresses at the three major routing nodes and eliminate their ability to use the network. This would protect us and force them to contact tech services. Our major routing nodes host the routing interfaces on most of the networks. So if I can block the MACs there it will work fairly well. We have too many switches(200+) to do anything there
Thanks for any suggestions.
DiGiTAL_ViNYL (no email)