- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Using MAC Filtering w/Apple's Private Address Feature
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using MAC Filtering w/Apple's Private Address Feature
For FYI and or Discussion
Hello Community
Just thought I would post, not sure if anyone has posted on...
Using MAC Filtering w/Apple's Private Address Feature released "To improve privacy in, iOS 14, iPadOS 14, and watchOS 7"
And Apple's Recommended settings for Wi-Fi routers and access points.
In short order it prevents user client profiling & tracking across networks each time a iPhone, iPad, & Apple Watch connects to a new network, the said devices will generate a new fresh MAC address.
This applies to all routers and access points from any brand.
See Apple's
1. Use private Wi-Fi addresses in iOS 14, iPadOS 14, and watchOS 7
https://support.apple.com/en-us/HT211227
2. Recommended settings for Wi-Fi routers and access points
https://support.apple.com/en-us/HT202068
Like many of you I used MAC filtering as a extra layer to prevent unauthorized device access into my network.
After upgrading to iPadOS 14.6. I noticed a "Privacy Warning" after attraching my iPad to my network.
Which said "Private WiFi address is turned off for this network. Using a private address helps reduce tracking of your iPad across different WiFi networks."
Great for privacy! Can be a little hard on network administration using MAC Filtering.
Which by the way Apple now says as for as privacy is concerned allows for MAC spoofing and profiling as the connected device will always keep the same MAC address and assigned ip number together, giving attackers time to attack the device or track you across networks.
Now this feature can be turned on or off for each individual network SSID on the device.
Apple even states there are times you may have to turn off *Private Address.
Here's where things get sticky and can be annoying.
With Private Address turned on. Each Apple device Assigned to an SSID on your network will get a new MAC Address... maybe 2 address's!
Example say you have this scenario
Main SSID 2.4G
Main SSID 5G
Guest SSID 2.4G
Guest SSID 5G
Main 1 SSID 2.4G (Wifi Extentend Network)
Main 1 SSID 5G (Wifi Extentend Network)
In this example, for one device you could have 4 to 6 MAC Address's to manage with using MAC filtering once access has been granted.
In some cases this could become 8 to 12 Address's as each device can have two MAC address's
By that I mean this will depend on if you;
Turn on Private Address a new address will be generated and then....
Turn off Private Address the device's standard address will be used.
You will then have 2 MAC Address's.
This will allow a user on your network (in the event you would need to deny them access) to simply swith to another SSID on your network on their device unless you lock all MAC Address's down the original as well and the generated ones.
Now before you get bothered with Apple.
Android devices have hade a simular feature also. In the Android side of the house this is known as Randomized MAC Address Asigning.
The problem I had when allowing a android device to join may guest network was each time the device was turned off and on it generated a new MAC Address ....had me going for a minute. I thought the device was infected or that my router had been compromised.
So my solution to this new Apple feature was to:
-Limit or grant access to just one SSID then I would only need to manage two MAC Address's per device..
-Turn on *Private Address per device with one address to manage.
-Turn off Private Address per device with one address to manage.
There you have it.
Any suggestions or just your thoughts??
Feel free to chime in.
Happy Networking
RSlack
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Using MAC Filtering w/Apple's Private Address Feature
Thanks for sharing with the community.
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Using MAC Filtering w/Apple's Private Address Feature
Glad to do it.
one of my favorite things to do
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Using MAC Filtering w/Apple's Private Address Feature
Ok so here are my thoughts on adding 2 mac address to the MAC filtering. My rounter at this time only allows I belive only 30 MACs for MAC filtering. So I would only be able to have 15 devices, 2 MAC's each for the MAC filtering.
So with that being said you have 4 people in your house hold and the average person has how many devices, 3 or 4 between phone, laptop, smart theromstat that has to be wifi and not hardwired or at least mine does.
You are going to use up those 30 MAC's for MAC filtering pretty fast.
Any thoughts on that one?
Who7
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more