From my understanding in your Cisco network your boss need to use his MAC Address and Wi-Fi password (WPA2-PSK).
A would be hacker capturing the MAC address alone wouldn’t grant them access to the network as they would need the Wi-Fi password as well.
As Gupta Bobby said this can also be achieved with Cambium by enabling both MAC address filtering and WPA2 password authentication.
As you rightly pointed out a MAC address is easily cloned and therefore should not be considered a strong security feature.
If your security conscious I would recommended using a strong Wi-Fi password (20+ characters). This makes it very difficult to bruteforce WPA2 using an offline dictionary attack even after capturing the 4 way handshake.