Hi team
I have a concern regarding mac authentication done from the clearpass.
We are having a BYOD ssid with captive portal authentication . Users have to enter the AD credential to get internet access .
We have mac caching service in clearpass so that the users are not directed to captive portal frequently.
As per the configuration of the services , when a user 1st time connects it will get a captive portal page . After providing AD credentials user will get authenticate and updated in the endpoint repository .
Next day when the user comes back, the device will perform the mac auth and will be allowed access.
In the mac auth service we are checking the authorization time source mac-auth expiry less then the current time .
Now Here
Any one can spoof the mac of the user device and can gain access .
Is there any way to stop this ?