How can I add a condition to a Network Policy for a mac address only?

I have a Network Policy Server running on Server 2012 R2.  I have set it up to do certificate and PEAP authentication for our 802.1x wireless authentication and that works great.

I have a Network Policy on this server that I want to only apply to a computer with a certain MAC address.  Is this possible?  I see I can set policies based on Windows Groups.  This device is a iOS device so it isn't on the domain so I can use a Machine group.  I would like it to simply use the MAC address.  Anyone know how I can do this?  Or do you have any other ideas on how I can limit this policy to only apply to this iOS device?  I can't use IP address because this is dynamic.

Thank you for your time.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad GrouxSenior Manager (Wintel Engineering)Commented:
Utilize Group Policy Preference Item Level Targeting -

One of the items you can target is MAC address range -

Simply make the range start and range end the server in question's MAC address.
gacusAuthor Commented:
As I said this is a iOS device that is not on the domain so GP isn't any help.

This should be can't
"This device is a iOS device so it isn't on the domain so I can't use a Machine group."
Brad GrouxSenior Manager (Wintel Engineering)Commented:
Apologies for missing that. You can authenticate iOS devices with AD and push policies utilizing tools like DirectControl Express, as far as I know this (or similar tools) is how most corporations deal with iOS devices.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

gacusAuthor Commented:
I am sure I can push policies if I went that route, but I don't see how it would help with the issue I am having and would certainly add significant complexity to our setup.  I am not trying to apply group policies to an iOS device.  I am trying to apply a radius servers Network Policy so it returns the proper radius attributes.

I need to apply a Network Policy Server - "Network Policy" to a specific mac address.
gacusAuthor Commented:
Just add the mac to the calling station id condition!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig BeckCommented:
You are right but just be careful if you want to use wildcards for multiple devices!  If it's one MAC only it's simple enough though.
gacusAuthor Commented:
this is the answer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.