What's new

A tip for new iOS14/iPadOS14/MacOS 11/Watch OS 7 users.

Stuey3D

Regular Contributor
Hi all just a tip for you with regards to Apple’s latest device updates that may cause issues on certain router setups.

If you are like myself I have my Asus router OCD level setup, every device has a proper name and icon under the network map page, and they all have their priorities assigned under adaptive QOS.

These latest OS updates will cause these settings not to apply to your Apple devices unless you change one option. Under these new updates a new WiFi privacy option is enabled by default and that is “Private Address” what this does is generate a random MAC address whenever you connect to your wifi, which is what breaks any per device options you have set in the router as the Apple device will appear as something else each time it connects. Apple state this is to stop you from being tracked over different wifi networks which is a good thing in the long run, but probably not needed on your home network.

Luckily it is easy to disable and have the device present its proper MAC address to the router:

Go to Settings - Wifi - Your Network Name - Toggle private address to OFF

Your device will then quickly drop off and reconnect to your wifi, this time with the correct MAC address and therefore router settings. Apple will warn that this is a privacy issue so be aware of that.

Hope this helps.
119300EF-0301-4ED2-ADD0-83BA24C9360C.jpeg
 

coxhaus

Part of the Furniture
I have no problem with my Cisco setup. Maybe you need to setup for class of service rather than track each individual. This may just be the tip of the iceberg for what is coming.
 

Stuey3D

Regular Contributor
I have no problem with my Cisco setup. Maybe you need to setup for class of service rather than track each individual. This may just be the tip of the iceberg for what is coming.
I have QOS setup for class of service with just a handful of devices given higher priority on a device basis, for me the big one it breaks is my nice neat naming scheme I have in my routers “Network Map” page. Quite often the devices don’t share their proper names to the router or they end up truncated so look broken and the list ends up all messy, I have manually named and given each of the 30+ devices that connect to my network their own names and icons, this however is tied to the MAC address so if the Apple devices are using random ones then it breaks my nice neat setup.
 

quadra2030

Occasional Visitor
Found it in Apple developer documentation..

Users are always in control - users can control enablement of the feature at any time for each network.
Addresses are generated randomly for every network
Addresses are not linked to your identity
Addresses are updated for all networks daily by the device, NO server is involved in address generation. Since addresses are generated randomly, it is very unlikely that two devices on the same network will generate the same address.
A new MAC will be used whenever a new address has been generated and the device re-joins the network
Users can see which MACs are generated for each network in the Wi-Fi scan list, even before joining the network


And from testing..

When Private Address is on, Probe Requests seem to use the daily local random MAC address when connecting to a network and the target SSID is present in the request. When Private Address is off, Probe Requests seem to use the iOS 13 behavior of using frequently-changing local random MAC addresses.
MAC addresses are not local and do not appear to necessarily fall within any particular vendors' OUI ranges.
 

coxhaus

Part of the Furniture
I am watching my IP binding table for DHCP and I am not seeing a lot of new IPs being generated for all of our iPhones and iPads. It has not been long since IOS14 came out so it could be me but I have my leases set to never expire and I don't see a big increase of IPs. And we have at least 5 IOS14 devices.

PS
We have at least 5 IOS14 devices and 3 Apple watches. A few more older iPads.
 
Last edited:

Stuey3D

Regular Contributor
On my devices I disabled it on my home network, but prior to disabling my router was generating random IP’s for them.
 

Stuey3D

Regular Contributor
Right now I have multiple duplicate IP entries on the DHCP leases page for the Apple Watch as I’ve just been setting up mine and the wife’s new Series 6’s, some IP’s generated for the “Private Addresses” and now they have IP’s for their correct MAC Addresses.
 

JagoUK

Regular Contributor
Indeed. Had issues with this the other day at work as we use MAC authentication for mobile devices. Devices upgrading to iOS 14 then not connecting to WiFi.
We are looking at MDM to push a rule to disable this "feature" Apple kindly thrust upon us (Not the first time).

Only issue is a lot of our devices are limited to WiFi only. So if they update first we have thousands of devices we will have to manually put back on WiFi ‍♂
 

coxhaus

Part of the Furniture
Seems like MAC authentication is not very safe as someone can just change their MAC and be on your network. Most people use Radius. Some of the latest wireless APs tie into active directory for Windows shops.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top