MAC address Randomization

Alan DeKok aland at deployingradius.com
Tue Jul 28 21:57:59 CEST 2020


On Jul 28, 2020, at 3:50 PM, Eric Aguilar <agueric at gmail.com> wrote:
> I wanted to exchange some ideas on the impact we will all have on the MAC
> address randomization being implemented as an enabled by default feature on
> iOS14 Apple Devices (https://support.apple.com/en-us/HT211227).
> 
> Some authentication procedures on our networks are based on the MAC address
> so I think the impact is going to be huge and certainly, analytics and
> accounting will be impacted as well.

  Yes.  It will become more difficult to track individual devices.

> ¿What are your thoughts on this?

  Mixed.  If you're on a public network, MAC address randomization is good for the user.  If you're on a private network, then MAC address randomization is bad for the admins.

  Apple should really allow it to be configured per SSID, or even as part of any certificate the device uses for authentication.

> ¿What are some workarounds we should implement? ¿are there any?

  Move to EAP-TLS with client certificates.  But the user can still install the same client cert on multiple devices.

  Alan DeKok.




More information about the Freeradius-Users mailing list