As we return to the office from the pandemic, our offices have shifted to the "hoteling" strategy where people that come in will select their seat based on first come first serve.  These stations all have Thunderbolt docking stations (HP) which have their own NIC independent of the laptop.  How will Genians operate in this environment?  I'm assuming we'll have to use 802.1x again rather than the much simpler MAC based layer 2 enforcement.  With these docks a bad actor could use the dock and gain access if we're only using mac address as the policy decision.  Are there additional controls we can use with DPI to provide further enforcement without using 802.1x and continue to use layer 2 enforcement?  Does the "fingerprint" include more than just the MAC address of the machine when making enforcement decisions (without using 802.1x)?

Aaron Asked question April 5, 2021