Compnerd,
Looking at your post, there are quite a few considerations to your possible deployment and they can be listed as such:
- What is my infrastructure hardware and software support to provide the solution that I require?
- Will my hardware support all the feaures necessary to provide this service?
- If my hardware supports it, does it have the software to support it?
- If I want to do mac authentication for static endpoints, do I want to to even do something like an NMAP scan which will take some time to execute to determine the OS and other attributes?
- How do I want to enumerate and keep track of those statically ip addressed devices and what OS, platform do I compare them to?
- How will I troubleshoot those devices? Wired MAB, unless you are doing it already has to be a big challenge by itself, but even more of a challenge to your helpdesk who would get the first call if there is a problem
- What types of devices do you want to do this with, and what is their behavior?
- Do you have phones that have hosts behind them and do you have to provide differentiated access for those hosts?
The long story short is that you probably need to figure out what you have in the first place so that you can get a real picture of your challenge ahead. After that, once you get a list of devices and how they end up on the network, what can you use to identify them? In parallel, you will need to identify your switching infrastructure and what features they support to determine if what you want is even possible with the combination of those devices, your infrastructure hardware and software. You also need to understand how to troubleshoot devices that do not function correctly and have a procedure of how helpdesk all the way up to the highest levels of support will use tools to make determinations about those. In parallel, you will need to run a pilot in a closed space to gather all of the information in this paragraph realtime to understand what you can an cannot do.
Users on this forum can give you answers here and there about bits and parts of this, but it is probably up to you to establish a project to determine if a direction you take is even supportable with your hardware/software/and your ability to support such a solution. Get the big pieces in place, which is connectivity and then get testing and devices in a lab to see what you are capable of in your own environment.....
EDIT:
With that being said, it can be maddening to understand what will and will not work in your environment. It seems like you have a good head start on figuring that out.