Hello all -
I have been asked if there is a possible way to block Windows XP machines from accessing our network.
At a glance -
We have about 1K stations (mostly Windows 7)
We have a large WAN across several T1 and fiber circuits
99% of the network devices are Cisco (28XX routers and 35XX switches)
Without having the budget to acquire a NAC on the fly and with a request from our management to block Windows XP machines I wanted to know if there is a way to identify the XP devices at the network devices and somehow block them from there.
I have been reading on ways to do it using DHCP fingerprinting but I'm not getting anywhere.
I also looked at open source options (PacketFence) but the set up might be an issue for us,
Any advice on this subject?