What's new

Reserved IP Addressing when mobile device has Randomised MAC (Android) or Private Wi-Fi Address (iOS)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DrMopp

Occasional Visitor
I have DHCP on my router setup with reserved IP addresses for known devices. That works fine, except that our latest mobiles (one Android, one iPhone) setting randomised/private MAC mean that the device is identified as a new one each time it connects so is getting a new IP address. Turning randomised MAC setting off seems to be the logical solution - any other suggestions? (apart from NOT using IP address reservation)
 
Turning randomised MAC setting off seems to be the logical solution - any other suggestions?

Use the logical solution. It applies per Wi-Fi connection and you don't need randomized MAC on your own network.
 
I wouldn't worry too much about MAC randomization...

It's a feature, not a bug... it's there to protect privacy.



hth...

FWIW - once a device has attached to a WLAN, it will use that MAC address moving forward, with the caveat that if the device is reset, or that the network settings have been cleared out.
 
FWIW - once a device has attached to a WLAN, it will use that MAC address moving forward, with the caveat that if the device is reset, or that the network settings have been cleared out.
I can confirm this, at least for Apple's devices: they remember and re-use the initially chosen "random" MAC address when reconnecting to a known network. So you can just set up your DHCP assignment on the basis of that address. The only downside is that your network gear won't recognize the MAC's manufacturer code, as it might do for the "real" MAC address.

Still, if this all bugs you, you can certainly tell the device to not use a random MAC for your home network, while still letting that privacy feature activate when you're out and about.
 
Privacy feature applied to own network doesn't make sense. Another common one is encrypted access from LAN to home router GUI. Many have it enabled and even install certificates so the browser shows the GUI as secured website. Nothing wrong with it, but not needed.
 
Privacy feature applied to own network doesn't make sense.
Agreed ...
Another common one is encrypted access from LAN to home router GUI. Many have it enabled and even install certificates so the browser shows the GUI as secured website. Nothing wrong with it, but not needed.
... but I'm less convinced on this one. I think there's value in assuming that your home net can be compromised and having a little defense-in-depth. Personally I use ssh even for internal connections; not only is it unreadable by anybody who's managed to sniff my net traffic, but it's more featureful than ye olde telnet, and the cost of the encryption is negligible on modern machines. HTTPS on connections to admin GUI pages makes sense for the same reasons. I admit I don't go so far as to replace the snake-oil certificates that most such gear comes with.
 
It's a global setting, not specific...

Yep, mis-spoke here...

In any case, as mentioned earlier, once associated to an SSID, it will use the same MAC addr, so it should not be an issue.

It's been a common question across different threads - I realize folks want to have more "control" over their network by reserving IP's, but at some point, it's counter productive, as it doesn't actually improve anything with regards to security.

I could see one use case - parental controls, and network access, but that's about it, and even there...
 
It's been a common question across different threads - I realize folks want to have more "control" over their network by reserving IP's, but at some point, it's counter productive, as it doesn't actually improve anything with regards to security.

I agree there's little security advantage.

I could see one use case - parental controls, and network access, but that's about it, and even there...

Not sure if this is what you mean by "network access", but I like to lock down the IP addresses of boxes that I need to access via ssh or http(s), just because it's easier to get to them that way. Purely-client stuff like phones, I don't bother.
 
Thanks all for input. The fact that it's a per SSID setting and that the device will use the same MAC address on an SSID after connecting once answers the question.
 
Now doubting that a device retains the same MAC address once it has been connected to a given SSID even when set to 'private' or 'randomized' MAC, after seeing the network map showing the same device twice each entry with a different MAC address. The SSID has not changed, and its definitely the same device - a Windows 10 Pro laptop, which crashed earlier today. Thoughts?
 
Similar threads
Thread starter Title Forum Replies Date
D Using a tethered mobile phone as an Access Point General Wireless Discussion 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top