• Mr_Dr_Oink@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 month ago

    But only twice. You know the problem with having a network port on a usb is that the laptop no longer has a unique mac address, which can cause problems with authentication in a corporate environment. So when building devices or using mac auth it can be a nightmare.

    • mangaskahn@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 month ago

      MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.

      • Mr_Dr_Oink@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        But if i am authenticating a unique third party laptop i could use the mac address and apply a profile in clearpass to authenticate it and apply an ACL to lock the device down as a separate measure to creating a separate vlan for the device.

        I wouldn’t have called it useless in that regard. But im fairly new to network administration, so perhaps i am not well versed enough to know better.

        Our clearpass servers struggle sometimes, and i experience timeouts or rejections when a laptop moves from one usb c docking station to another if they fail dot1x and revert to mab.

        Also all of this aside, the fact that all the ports got removed from a laptop and now you have to plig in a £60-100 dock to get all those ports back is an absolute con.

      • Mr_Dr_Oink@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        30 days ago

        But thats the dongles mac address. They break. They get passed around and used in multiple devices. If i am trying to authenticate a third party laptop and they are moving from dock to dock then i cant use the unique hardware ID to identify that hardware. I can only see where to dongle is.

        In theory its all well and good saying the dongle will stay with the laptop or the mac isn’t a useful tool for authentication. But in practice in the wonderful wild world of IT. Its never that straightforward.

        Its crap for asset registers, its crap for authentication servers and its crap for finding devices on switches with mac address tables.

        I know there are other ways, but network ports aside, why am i buying a £60-£100 docking station to get all those ports back? I had them in my laptop. Now i have to spend more money to get them back and rely on a bit of cheap hardware that needs drivers, updates, and has breakable wires and ports to provide the functionality that was built in to my older devices.

        There are advantages, but they dont outweigh the disadvantages. They just make it cheaper to manufacture laptops.