Hi Tim,
When Mac Authenticated devices connectet to the correct SSID I am updating the endpoints repository using the "Ownership" attribute. I think the best thing for me to do from there is to create a policy on the 802.1x SSID that denys acces to any device with the correct value in the "Ownership" feild. In otherwords, any device which has previously been on the MAC Authenticated SSID will not be permitted on the other SSID. Likewise, if the "Ownership" feild is empty, the client device would not be permitted on the MAC Authenticated SSID.
Just wondering if there is a better way, or this this method has any shortcomings.
All of these MAC authenticated devices are smartphones and I wonder if there is a way that I can gete the IMEI of the phone into the ClearPass Endpoints Repository other than by means of an MDM Server. If this is possible, I could use the IMEI to create a whitelist. This would be much more difficult to spoof than a MAC address would.
Thanks