@skywalker wrote:
i understand mac is easy to crack. This wlan is only use by the customer. It configure to authenticated over the captive portal (via ClearPass of course). Mac authentication is enable after first initial login. It just a convinient for customers to log back in without typing the credentail again.
I would create a second SSID for those computers and only broadcast that SSID in that area where the fixed computers are.
You would create a different Weblogin in ClearPass that does not have Mac Caching and in the initial role for those users, forward them via the Captive Portal authentication profile to the URL of that new Weblogin.