Even with the introduction of network access control on wired (802.1X) and wireless (WPA/2-Enterprise) networks, security-conscious organizations have resorted to tracking MAC addresses of devices that can't support the needed authentication mechanisms. Keeping track of MAC addresses may be as simple as collecting the addresses of all workstations and end devices manually and tracking them on a spreadsheet. However, this is also the most labor-intensive option.

Using MAC address for access
Some organizations may store the MAC address information in a database that can be used by network equipment to allow or disallow access (MAC authentication for example). The benefits of this setup is that the infrastructure is capable and configured to allow or deny access to only known addresses. The challenge, however, is that the MAC addresses must be manually tracked; every new device must be added, configured or aged out manually by an administrator. Organizations may have chosen to invest additional resources in building their own registration system for devices, allowing users to register their device automatically and trying to reduce the load to the IT group.

Scaling up a home-grown solution
Whether using manual spreadsheets or a home-grown solution, information about the end devices is often limited to what is gathered manually by IT staff or entered by an end user. In order to make the network more secure, this information must be dynamic and include the type of device used, operating system, available services (file sharing, http, etc.) and location. Adding additional security with a layered compliance-based solution or exchanging information with an MDM system is usually not possible.

Using CGX to manage MAC addresses
The CGX solution makes MAC address management easy by dynamically collecting MAC addresses of all devices accessing the network, as well as profiling the devices for user, device type , operating system, location, etc. This information is then readily available to an administrator for further review and action, such as approving access, setting specific access profiles and so on. Automated or streamlined approval processes can be supported.
In addition, the CGX solution can be enhanced by adding compliance-based NAC, guest registration and MDM capabilities. By gathering information from these multiple sources, the decision logic to allow access and determine the level of access can automated, eliminating the need for additional manual intervention by administrators.