Somebody in the thread at some point said: > The DHCP server is configured to only service known MAC addresses, > however this won't stop an unknown MAC from getting onto the network > with an available IP already configured. DHCP server won't know about > it and thus won't do anything about it. So to me, this is something > beyond what the DHCP server itself can do (or should do). That's what > I'm looking for, some way to block everything else that may pop up, that > did not use the DHCP server to get an IP to begin with. Little-known thing, wpa_supplicant can work with wired networks too (-Dwired). If everyone on the network has to know the WPA encryption passphrase to even talk that is going to cause trouble for MAC-fondlers and other scoundrels. You use hostap on one box for the others to authenticate against, a sort of wired "access point". Of course, it doesn't necessarily help much if mortal users (or they are root themselves) can read /etc/wpa_supplicant/wpa_supplicant.conf and see your keys... -Andy