MAC Randomized feature of IOS and Android 10 activated as Default

tejas · Oct 9, 2020, 10:43 AM

I have been using PFSense and at present version 2.4.4 on x86 hardware in our small Production Unit 40 Desktops. We have couple of Laptops and Tablets and Mobile users (Both Ios and Android) using Wifi, and have 5 Routers used as Access Point mode in LAN with PFSense DHCP Server providing I.P Addresses. Everything was working fine, with some issues related to Online Banking Websites.

One of the problem I recently starts facing was the Wifi Users complaining no internet issue. After checking I found out that all my DHCP Pool Address was exhausted by only few IPad and Iphone user's including our GM Ipad Iphone and Apple watch. After few Googling I found out that the new September Updates of IOS includes a new feature is been added i.e The feature is called ‘Private [Wi-Fi] Address’ and a full description can be found here. It also appears that Apple leaves this feature on as default, which then of course means that MAC randomization will be activated on all iOS14 devices, unless actively disabled.

Everytime the user moves from One Access Point Zone to another, its MAC Address changes everytime, and DHCP leases a new I.P Address, and IP Lease remains there till it expires. I quickly delete Offline though active leases for the quick and temp resolution, and increase the IP Address Pool.

Another news that shook me is that Android 10 or Android-Q is also releasing the Random Mac Address feature as their new Privacy feature, and this too will be ON by Default.

Does any one have any Idea or Solution other than MESH Network, and manually disable the Random MAC Address Feature.

JKnott · Oct 9, 2020, 12:44 PM

@tejas

Set the connections to use the hardware MAC for your SSID. You can do that with Android, but I haven't tried with iPhone. Also, with Android, even when a random MAC is used, it retains the random number for future connections to that SSID.

MikeV7896 · Oct 10, 2020, 10:42 AM

iOS 14 works the same way... the random MAC is saved and reused per-SSID. It does not change every time a device re-connects to the network. Of course, if the network is forgotten and re-added, the random MAC might change when re-added. It can be disabled on a per-SSID basis in the settings for that network on the device. So if you have multiple SSIDs, it would need to be disabled for each of them.

If each of your access points has a different SSID, you could end up with one device that has reserved multiple IP addresses on your network. If all have the same name, that shouldn't happen. I don't think mesh vs non-mesh would matter here... it's the network name that matters.

For example, I have an iPhone and Apple Watch. I go in and out of my home with my phone and watch multiple times a day, yet both only have one (new) IPv4 address each since iOS 14/WatchOS 7 were released. They don't change every time I disconnect/reconnect. If I were to forget and re-add my home WiFi, then it would likely change and I'd get a different address.

JKnott · Oct 10, 2020, 10:43 AM

@virgiliomi

Or just turn off Private Address for that SSID.

MikeV7896 · Oct 10, 2020, 10:46 AM

@JKnott said in MAC Randomized feature of IOS and Android 10 activated as Default:

@virgiliomi

Or just turn off Private Address for that SSID.

Right, which is something every user would need to do on their own device (for each SSID, if there are multiple). And they'd need to remember to do it again if they were to forget and re-add the network.

I would think from a network management perspective, having each AP with the same SSID and key would be a lot easier, both on the user side and on the admin side.

tejas · Oct 10, 2020, 11:23 AM

@JKnott said in MAC Randomized feature of IOS and Android 10 activated as Default:

@tejas

Set the connections to use the hardware MAC for your SSID. You can do that with Android, but I haven't tried with iPhone. Also, with Android, even when a random MAC is used, it retains the random number for future connections to that SSID.

Didn't knew, that the Android retains the same random MAC for SSID.

JKnott · Oct 10, 2020, 3:54 PM

@virgiliomi said in MAC Randomized feature of IOS and Android 10 activated as Default:

I would think from a network management perspective, having each AP with the same SSID and key would be a lot easier, both on the user side and on the admin side.

Are they not the same? If not, that's nuts. I don't recall if the OP mentioned.

JKnott · Oct 10, 2020, 12:47 PM

@tejas

Yep, just Google on android random mac for info.

MikeV7896 · Oct 10, 2020, 3:54 PM

@JKnott said in MAC Randomized feature of IOS and Android 10 activated as Default:

Are they not the same? If not, that's nuts. I don't recall if the OP mentioned.

They didn't mention... just said there were 5 routers used in access point mode. But the only way I could see running out of DHCP addresses is if they're each a different name, giving each device up to 5 IP addresses on the network, one for each SSID.

JKnott · Oct 10, 2020, 5:36 PM

@virgiliomi

Actually, if he has 5, perhaps he should be using proper access points. Some of those are intended for such use and make for a much smoother transition between APs.

bingo600 · Nov 7, 2020, 5:36 AM

Or just turn off Private Address for that SSID.

Just upgraded to 14.2 , and had to disable private address om my iPhone/iPad
Nice feature , that you can do it per SSID

/Bingo