Iâ€™m currently working on a Project where I need the help of helping people here. We have about 400 Clients who will be accessing our network. We have used 3 Linux servers, 1 for gateway, 2nd for a mail, web, dns, DHCP etc.., server and the third one is used for a proxy server. Our Lan is having private ips if 172.16.X.X class and all the clients are automatically assined a dynamic ip address by our DHCP server. We used Cisco Switches for distribution. 99% of our clients uses windows (mostly win xp) and our network need to be in groups (something like sales dept., customer support etc..)., What we are planning is that we make Different Domains under Win2k3 servers and create Domain user accounts for our clients so that they can log in the network (domain) and use resources like printer etcâ€¦ one of our problem lies here. Since our proxy server too is in the network under a Linux server any user in our network can connect to the proxy server and then to the internet. We want to disable this. If a user joins a domain then at least we can manage the access levels etc through the domain admin. Take for example if a printer is owned by sales domain then any client from other domain cannot take any printout from the printer and the user cannot just join any domain with out a proper access. This fixed some of our problem but still if a user does not login in the network domain he still has access to the mail server, chat server, proxy serverâ€¦ is there anyway I can simplify this setup so that I can group my users and then give them access to the network resources according to their login, and that no one should be able to bypass the login (unless they want to work outside the network. Another problem is that since this is a fairly large network many ppl are trying to play with it. Like someone knows the proxy server ip and then set the same ip in his machine and whenever the proxy server is rebooted the client takes the proxy server ip, and therby no one can access internet. It is impracticable to go and check each and every client to see who is using the ip that our proxy server uses. IS there anyway to know (at least from the MAC Address) the physical location of the client or the port no at which it connect to the switch (since we can telnet the cisco switch and disable any port).