RE: I want to have my cake and eat it too
> However do note that if they plugged into a "internal" jack,
> they'd have
> access. The only real way to stop that would be to run a
> secure VPN over the
> top of the normal LAN for internal machines (rather like is done with
> Wireless LANs).
Or you can use IEEE 802.1x authentication and VLAN assigning through
radius attributes or Cisco's proprietary VMPS.
802.1x is in fact supported by most current switches.
Boyan Krosnov, CCIE#8701
just another techie speaking for himself