Mobi,
What you are proposing is a Network Access Control (NAC) solution. There are several venders who make this in different hardware implementations. Cisco and Bluecoat are the 500 lb guerillas in the room in this area. I have to tell you it’s not cheap and requires a fair amount of infrastructure and modification. For instance you have to set up authorized and unauthorized vlans on the switches, redundant clean access servers, etc… So unless you have 50K in hardware and licensing to spend, you probably are looking for a software only solution. If that’s the case, then I would look at McAfee ePolicy, which has a NAC and rouge device option. Either way be prepared for lots of cost. If you can’t afford the implementation, one no cost, high effort solution is to use sticky macs in your switches (
https://supportforums.cisco.com/thread/151147). This however does not provide a reporting component. Hope this was helpful.
Ken
www.kmbl.us