Quick question on EAP with MAC auth....
Documentation shows that if you enable EAP with MAC, clients that do not support EAP authentication, will then be able to use MAC. Is it possible to enforce that clients use both EAP and MAC? I don't want to create a security hole by allowing clients to skip the EAP and only use MAC.
Here is the text from http://www.cisco.com that supports above. Is this true, or am I just being paranoid?
You can set up the access point to authenticate client devices using a combination of MAC-based and EAP authentication. When you enable this feature, client devices that associate to the access point using 802.11 open authentication first attempt MAC authentication; if MAC authentication succeeds, the client device joins the network. If MAC authentication fails, the access point waits for the client device to attempt EAP authentication