If you need to set a security profile for a device or reserved DHCP then there are a few ways to do it.
You could use different SSIDs for different security profiles but you'll rapidly run out of these when you have multiple security profiles, you need to use client certificates to identify devices (not so easy if you aren't in direct control of the device) or you need to perform a user login for each network connection (but then how do you ensure that connection is valid as they move from AP to AP without excessive logins?).
So you need some kind of device identifier, and although MACs were never that secure they provided a "good enough" approach for that in certain circumstances as long as you understood the security risks.
If, to avoid tracking, you can't identify a device is the same device that you saw a minute ago, an hour ago, a week ago, etc then it does create a bit more of an issue for secure traversal of systems unless you have control of the device and can use client certificates. It's a tough nut to crack, but I'm not an expert in this area so I might be missing something.
Biting the hand that feeds IT
