MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.
But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.
I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.
Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.
Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.
MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.
But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.
I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.
Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.
Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.