Ever wanted to tighten the security to the point that only some machines are allowed access on 802.1x/Wireless network? Well here’s the solution, combine MAC filtering, with EAP Authentication and you get, User AND machine authentication all in one.
Here’s how you would go about doing this:
Be aware that “MAC Authentication” alone is NOT secure, since MAC addresses can be easily forged, and there is no guaranteed universal uniqueness for the address.
Tip: The Calling-station-ID field is a regular expression, so you can have entries like A1B2C3D4E5F6|A2B3C4D5E6F7 in that field, if you prefer to filter multiple addresses, for the same account (say a user has more than one Laptop, multiple NICs).