NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
iPhone Random generated MAC addresses
My RAX80 is set to REJECT new devices. My iPhone is registered as an ALLOWED device via it's HARD MAC address as are various other devices. But at least the iPhones and iPads now use Random generated MAC addresses and seem to generate new random ones ever so often yet still connect. I have not signed into the Router for the last couple of years so issues related to questions (1) and (2) below are a sudden surprise but may have gone on for some time.
So, being able to still connect it thus not a problem but my listing of "Allowed Devices not presently connected" now lists well over 100 MAC addresses with names
- like DEV-6C:C8:98 being the first half of the by me unrecognized MAC address or names like xqw?%, xqw??, or xqw? etc. being presumably newly generated random MAC addresses
- or registered devices where name is lost like xqw?? being my wife's computer and xqw? being my iPad-Pro per previous listings. One computer base on MAC address but with no name at all and lists the MAC address as wireless (but in a PREVIOUS listing as wired which it is and with the correct computer name).
As it also still loses the specific names of some of the devices I had registered, e.g. now just stating iPhone (there are more than one and various iWatches and iPads including more than one computer), so it is very difficult to see what is what.
I understand Apple and other smartphone suppliers using for some time now random addresses is for network privacy improvements.
My questions:
- How does the router verify the connection is valid, if a random MAC address is used?
- Assuming router somehow still can verify that that "new" random address is legit and verifies is to the registered device via it's registered HARD MAC address, why does it list every new random address making it quite time-consuming to open the listing and may be the reason my connections to the web are getting slower? Also I believe there may be a limit of MAC addresses the Router can handle so what happens if it reaches such a limit? If router has a time-stamp of such addresses and starts to delete the oldest ones would it perhaps delete a prior registered "HARD" MAC address?
- Why the name dropping and other errors in the listings (which I have observed in the past)
Thanks for someone clarifying #1, the reason or need for #2 v/s potential wi-fi slowdown or future problems and can #3 be fixed.
Regards, Willi
8 Replies
Page 45 of the RAX80 user manual describes Access Control.
https://www.downloads.netgear.com/files/GDC/RAX80/RAX80_UM_EN.pdf
If Access Control is enabled, this router provides two settings:
- Allow all new devices to connect. With this setting, each randomized MAC address will add another device to the list. The router does nothing to determine that the device is "legitimate" and makes no effort to associate it with any other device.
- Block all new devices means just that. Devices with a randomized MAC address will not be allowed to use the network.
Since there are over 100 entries in the table, my assumption is that the router has accepted over 100 random MAC addresses and has no idea what kind of device they are or what to call them.
I would clear that table completely and set all Apple devices to use the hardware MAC address when connected to the home network.
p.s. In almost 10 years, I have never enabled Access Control.
My RAX80 is set to REJECT new devices
oops. reading the original post again, there appears to be an obvious conflict. If all new devices are rejected, there cannot be over 100 mysterious entries in the Allowed Devices table.
But.... there are.
I would clear that table completely and set all Apple devices to use the hardware MAC address when connected to the home network.
FWIW, my apple devices are set to "fixed" (which is the default), and not "off" (which uses the hardware MAC address). This is configured for each wifi SSID in the connection list of the apple device, so "fixed" will still use the same MAC address no matter what band you connect to.
Do you have any wifi extenders on your network? They often will transform the MAC addresses of the extender clients on their uplink to the main router.
Assuming router somehow still can verify that that "new" random address is legit and verifies is to the registered device via it's registered HARD MAC address,
As CrimpOn says, that assumption is wrong. The router is just looking at the source mac address in the wifi packets sent by the device. Nothing beyond that.
p.s. In almost 10 years, I have never enabled Access Control.
I don't either. It doesn't provide much additional security, since someone with the skills to break into your wifi also has the skills needed to spoof the MAC addresses.
But I do reserve some IP addresses, and setting the phones/tablets to use "fixed" (or off) on the home network also is needed for address reservation to work for those devices.
I understand Apple and other smartphone suppliers using for some time now random addresses is for network privacy improvements.
This is intended mainly when connecting to public or 3rd party Wi-Fi networks. There is no reason for adding MAC any privacy on connecting to your very own network.
Adding privacy from yourself, where you certainly know who is behind each device connecting anyway?
You can disable the random MAC address - Apple does talk of "Private WiFi addresses" just to add confusion ->
Use private Wi-Fi addresses on Apple devices - worth reading completely. In fact you can turn this feature off when connecting to your very own networks, because this *** can cause different unexpected issues.
There is no reason for adding MAC any privacy on connecting to your very own network.
I agree, but wanted to point out that the current default settings in iOS won't create any issues here, since the MAC address is always the same.
FWIW, Android has a similar feature.
I agree, but wanted to point out that the current default settings in iOS won't create any issues here, since the MAC address is always the same.
The random MAC does change when deleting the wireless network, and add the same network again.
Further on, Apple does state "To improve privacy, your iPhone, iPad, iPod touch, Mac, Apple Watch, or Apple Vision Pro identifies itself to each network using a different Wi-Fi address, and might rotate (change) the address periodically." here (again):
https://support.apple.com/en-us/102509
Android has a similar feature.
Yes, but they don't use such a *** technically meaningless name like a "private Wi-Fi address".
My iPhone is registered as an ALLOWED device via it's HARD MAC address as are various other devices.
There is simply no way to build any relation between the random MAC and the hardware MAC address. That's the key intention #1 of this "design".
I'm wondering if it there would be any value in validating that the RAX80 Access Control feature performs correctly. Still stuck on what appears (to me) to be a conflict:
My RAX80 is set to REJECT new devices
vs.
I have not signed into the Router for the last couple of years
and this is separate from those 100+ entries in the "allowed devices not currently connected" issue. In all this time, there has not been even one new WiFi device? No new smartphone, tablet, light bulb, switch.... etc.???
