2009/10/19 Marko Vojinovic <vvmarko at gmail.com>: > with a form the user is supposed to fill in and send. After he does so, an > administrator does a sanity check of the data the user provided, and grants or > denies access. If access is granted, the user gets a new, unrestricted dhcp > lease, which provides him with a normal access to local network. Just be aware that, as far as I hear the experts, MAC addresses can be sniffed off the air even on "protected"/"encrypted" WiFi networks and so an intruder can find authorised ones. So trusting the MAC address for authentication is not secure. The way I hear that this is usually done is to create a VPN tunnel over the WiFi connection. Legitimate users still have to authenticate over that VPN tunnel and therefore even a fake sniffed MAC address won't help an intruder. The VPN also enhances protection of legitimate traffic. I never implemented this (neither the WiFi protection nor the MAC sniffing) so can't testify from personal experience. Cheers, --Amos