HI Jake, It should be possible to detect "locally administered" macs already today using the different filters (and a MAC regular expression) and redirect users to a different portal based on that. On the other hand, I think past the initial noise of users having to re-register based on the "new" mac (cause on IOS, even if the network was "known" before the upgrade, it seems it will change it ONCE after the first 24 hours).
You might be able to redirect to a different portal or based on a radius or dhcp filter assign a different registration vlan to those devices and have a different portal listen on that interface (vlan) I will create a bit of headache though. I totally agree. Its also a good time to check your dhcp server configuration for lease times and keep them to something short (4 hours?) if you have a lot of guest traffic, as well as maybe expire the leases overnight for "returning" devices, at least the coming days, best regards On Wed, Sep 23, 2020 at 2:24 PM Sallee, Jake <jake.sal...@umhb.edu> wrote: > With the advent of Apple iOS 14 and Android 11 MAC randomization is > becoming a bigger problem. > > According to this article there is a way you can tell if an address is > randomized or not: > > https://www.mist.com/get-to-know-mac-address-randomization-in-2020/ > > If this is correct, would it be possible to add some logic into PF that > looks for these randomized MACs? > > Ideally we could redirect users to a different portal that warns them > about the fact they will need to re-register when their MAC changes, and/or > provides them instructions on how to disable the feature. Also, network > operators could choose to ban randomized MACs outright, or do anything else > they may need to do. > > Is this a feature other users are interested in? I'm not an expert > programmer but I would be happy to help develop such a feature. > > Jake Sallee > Godfather of Bandwidth > System Engineer and Security Specialist > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > > _______________________________________________ > PacketFence-devel mailing list > PacketFence-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-devel >
_______________________________________________ PacketFence-devel mailing list PacketFence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
