But only twice. You know the problem with having a network port on a usb is that the laptop no longer has a unique mac address, which can cause problems with authentication in a corporate environment. So when building devices or using mac auth it can be a nightmare.
MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.
But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.
I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.
Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.
Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.
But thats the dongles mac address. They break. They get passed around and used in multiple devices. If i am trying to authenticate a third party laptop and they are moving from dock to dock then i cant use the unique hardware ID to identify that hardware. I can only see where to dongle is.
In theory its all well and good saying the dongle will stay with the laptop or the mac isn’t a useful tool for authentication. But in practice in the wonderful wild world of IT. Its never that straightforward.
Its crap for asset registers, its crap for authentication servers and its crap for finding devices on switches with mac address tables.
I know there are other ways, but network ports aside, why am i buying a £60-£100 docking station to get all those ports back? I had them in my laptop. Now i have to spend more money to get them back and rely on a bit of cheap hardware that needs drivers, updates, and has breakable wires and ports to provide the functionality that was built in to my older devices.
There are advantages, but they dont outweigh the disadvantages. They just make it cheaper to manufacture laptops.
But only twice. You know the problem with having a network port on a usb is that the laptop no longer has a unique mac address, which can cause problems with authentication in a corporate environment. So when building devices or using mac auth it can be a nightmare.
MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.
But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.
I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.
Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.
Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.
There’s always a MAC address, it’s just the dongle’s then.
But thats the dongles mac address. They break. They get passed around and used in multiple devices. If i am trying to authenticate a third party laptop and they are moving from dock to dock then i cant use the unique hardware ID to identify that hardware. I can only see where to dongle is.
In theory its all well and good saying the dongle will stay with the laptop or the mac isn’t a useful tool for authentication. But in practice in the wonderful wild world of IT. Its never that straightforward.
Its crap for asset registers, its crap for authentication servers and its crap for finding devices on switches with mac address tables.
I know there are other ways, but network ports aside, why am i buying a £60-£100 docking station to get all those ports back? I had them in my laptop. Now i have to spend more money to get them back and rely on a bit of cheap hardware that needs drivers, updates, and has breakable wires and ports to provide the functionality that was built in to my older devices.
There are advantages, but they dont outweigh the disadvantages. They just make it cheaper to manufacture laptops.