• mangaskahn@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.

    • Mr_Dr_Oink@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.

      I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.

      Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.

      Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.