Is vulnerabe the process of sending credentials to a NAS ?

[Daniel Lopez]

Hello. I've got a doubt about the security in authentication process.
Suppose we have our Freeradius server configured to authenticate a certain
user via password (Cleartext-Password) and MAC address
(Calling-Station-Id). When this user tries to authenticate via a NAS
(wireless router), and sends it its credentials, is it possible that an
attacker could obtain those credentials by sniffing the comunication? And
then gain access by mac address spoofing?
And if so, How could this be avoided? How to protect this first step?
Thanks you very much.