this post was submitted on 24 Nov 2024
1505 points (92.5% liked)
Technology
59731 readers
3091 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
MAC is useless as a component of the security check. It's trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.
But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.
I wouldn't have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.
Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.
Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.