parental control vs. iphone private MAC

[jweston]

Hello.

I'm sure others having similar issue with parental control vs. iPhone that use "private MAC",... although I'm not finding any good solutions? The problem is that the default private MAC setting makes it really hard to consistently identify the child devices = inconsistent application of parental controls. Thanks in advance for any ideas you might have.

Situation:

• ASUS router with Merlin and YazFi installed. YazFi allows assigning special DNS servers for each Guest Network. Also creates separate subnets for each Guest Network.
• Guest Network 1 = IOT devices. Super secret password.
• Guest Network 2 = my son's school iPad. YazFi redirects DNS to AdGuard Home local DNS server that blocks all "time-wasters".
• Main Wifi SSID = everything else. Default DNS is AdGuard Family.

Problem: I need to make sure the school IPAD only is able to attach to Guest Network 2 so that I can restrict sites.

• I can put a MAC DENY list on the Main Wifi SSID to prevent the IPAD from connecting there. However, I believe that he can get around this by deleting the WIFI connection in iOS and reconnecting,... the IPAD generates a new MAC address and gets around the DENY list.
• I could turn off "Private MAC" but he could just switch it off.
• His iphone is connected to the Main Wifi SSID,... Apple functionality let's you share network credentials between devices,... so able to connect the iPad to the unrestricted Main Wifi SSID.
• I've previously tried to point the iPad to the special DNS using DNS DIRECTOR, but has a similar problem caused by "private MAC" changing the iPad MAC.
• Apple ScreenTime parental controls work pretty good for his iPhone but not possible for the school iPad because school controls it.

The only solution I can think of is to set up an ALLOW list on the main SSID. Kind of a pain, because our iPhones all have the private MAC setting turned on.

Any other ideas?

 

[Tech9]

Your only option is parental controls on the device itself. Both Android and iOS offer options. Anything else on your router side is avoidable with few clicks. You are wasting your time.

 

[bbunge]

You are correct. Kids can and do figure out workarounds. I managed a network at a church some years ago and caught a block on a Sunday morning of the associate pastor's PC trying to access a restricted web site. Funny but the pastor was preaching at the time. It was his daughter who claimed a headache to go to his office and use the computer. When asked how she was able to try to bypass the block she said the kids at her christian school did it all the time at school.

Bottom line: just be a parent!

 

[Tech9]

The school iPad is perhaps restricted already, for own iOS devices information here:

Use parental controls to manage your child's iPhone or iPad - Apple Support

With Screen Time, there are a number of settings and parental controls that you can use to help keep your child's device usage safe, private, and age appropriate.

support.apple.com

 

[Tech9]

Kind of a pain, because our iPhones all have the private MAC setting turned on.

You guys never realized "Private Wi-Fi address" is actually per SSID and not global setting? It can be turned OFF for you home network and remain default ON for other networks. You're playing hide and seek.