Comment we handled ~150-170 student machines like this: (Score 2, Informative) 579
The student co-op where I lived had around 150-170 machines on the network at any given time. We required each user to 'register' through a php form on the local administrative box. Until the user had registered a given machine (mac address) we redirected all web traffic to the 'you must register to use the internet' page.
We generated id keys for each house member ahead of time and required that they have this key to register. When the user came to get the key we gave them a quick overview of what they should and shouldn't do and introduced them to the software cache on the local network (free AV software, firefox, ad-aware, etc..).
Once the user had the registration key in hand they could go back to their room & register their machine in their name (or any number of machines), we then cleared that MAC address for access to our dhcp server.
The benefit of forcing registration is that we knew who owned each machine and where the person lived. If any virus or trojan was bad enough to endanger network we could go to the switch for that person's floor and pull the plug on their connection.
Alternately if a machine on the network started spewing virus payloads we could just revoke dhcp access and boot the offender off the network - we didn't have to worry about notifying them of virus infestations, we could wait for them to come to us saying "my internet doesn't work, can you fix it?"
We generated id keys for each house member ahead of time and required that they have this key to register. When the user came to get the key we gave them a quick overview of what they should and shouldn't do and introduced them to the software cache on the local network (free AV software, firefox, ad-aware, etc..).
Once the user had the registration key in hand they could go back to their room & register their machine in their name (or any number of machines), we then cleared that MAC address for access to our dhcp server.
The benefit of forcing registration is that we knew who owned each machine and where the person lived. If any virus or trojan was bad enough to endanger network we could go to the switch for that person's floor and pull the plug on their connection.
Alternately if a machine on the network started spewing virus payloads we could just revoke dhcp access and boot the offender off the network - we didn't have to worry about notifying them of virus infestations, we could wait for them to come to us saying "my internet doesn't work, can you fix it?"
