A quick internet search seems to indicate the default for a Windows DHCP server is 8 days. On a visitor network, likely it’s a much shorter time, and may even be handled by something other than a Windows server (perhaps the onboarding device handles it). But once students come onto a production network because they’re trusted/802.1x etc., it’s possible that some of us use Windows and left the defaults and didn’t consider it would become an issue since that population really doesn’t change often. … Now I’m curious to know what our defaults are. But not TOO curious – it’s Friday at 5pm.
Have a good weekend everyone! Eric -- Eric LaCroix P’20 P’22, Director of Technology New Hampton School<https://www.newhampton.org/> • 603-677-3454 Where a fulfilled life begins. From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Tim Cappalli <[email protected]> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> Date: Friday, July 10, 2020 at 4:52 PM To: "[email protected]" <[email protected]> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Agreed on IPv6, but even for IPv4, I imagine most folks are running short leases on a visitor network, so I don’t really think much changes here. If your leases are 12 hours or less, there should be no impact. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> Date: Friday, July 10, 2020 at 16:51 To: [email protected] <[email protected]> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Maybe a good use case for IPv6???? From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:[email protected]] On Behalf Of Enfield, Chuck Sent: Friday, July 10, 2020 3:49 PM To: [email protected] Subject: [EXTERNAL]Re: [WIRELESS-LAN] MAC Randomization, a step further... Uhg. Didn’t even think about that. From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> On Behalf Of Eric LaCroix Sent: Friday, July 10, 2020 4:48 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... We’re all going to need to check the TTL on DHCP leases… some of our scopes will get eaten alive otherwise. From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> on behalf of "Floyd, Brad" <[email protected]<mailto:[email protected]>> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> Date: Friday, July 10, 2020 at 3:42 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Thanks Tim. I just started a conversation with my SE. Brad From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:[email protected]] On Behalf Of Tim Cappalli Sent: Friday, July 10, 2020 2:07 PM To: [email protected]<mailto:[email protected]> Subject: [EXTERNAL]Re: [WIRELESS-LAN] MAC Randomization, a step further... For extended visitor use cases (over 1 day), Passpoint is really the only feasible solution moving forward. Aruba has a Passpoint offering/service called Air Pass and WBA’s OpenRoaming initiative is gaining a lot of support. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> Date: Friday, July 10, 2020 at 15:04 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Tim, Anything in the works from Aruba about how best to deal with ClearPass Guest MAC Auth? Thanks, Brad From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:[email protected]] On Behalf Of Tim Cappalli Sent: Friday, July 10, 2020 2:01 PM To: [email protected]<mailto:[email protected]> Subject: [EXTERNAL]Re: [WIRELESS-LAN] MAC Randomization, a step further... Connected MAC randomization on iOS will be enabled by default, just like on Android (starting in 10). Two major differences: 1. iOS does not expose the randomization knob (to disable it) to end users during initial connection. It is available after connection in the saved network list 2. On Android (version 10 and 11), the MAC is set once per ESSID for the lifetime of the OS instance (aka until a factory reset). On iOS 14, the MAC is set per ESSID and is changed once every 24 hours. Note that Android 11 has a developer option to enable a per-connection MAC which likely indicates this will enabled by default or exposed to users in Android 12. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> Date: Friday, July 10, 2020 at 14:57 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: [WIRELESS-LAN] MAC Randomization, a step further... Apple is moving forward with their privacy efforts. The next step is to randomize MAC addresses when connecting to an AP, not just when probing. This is coming soon. https://globalreachtech.com/blog-mac-randomisation-apple/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fglobalreachtech.com%2Fblog-mac-randomisation-apple%2F&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960909491&sdata=EAngi4I6yxsqvvG1BzQiNt04FeJ7B37%2Bw%2BvGvE%2BJ24w%3D&reserved=0> This is from Apple. Luckily, there is a way to disable private addresses. I just don’t know if it will be ON by default. https://support.apple.com/en-qa/HT211227<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.apple.com%2Fen-qa%2FHT211227&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960919485&sdata=kVw%2BGcglBTH9N%2FJOXspkCkB1Ua5%2F7XldkmGt4nHn%2FVM%3D&reserved=0> Happy Friday! Hector Rios, Wireless Network Architect The University of Texas at Austin ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960929481&sdata=jtOWzf7RunWkyLtIAxsbUQ%2FWOvZqXKKxyZFg85trrdY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960929481&sdata=jtOWzf7RunWkyLtIAxsbUQ%2FWOvZqXKKxyZFg85trrdY%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960939474&sdata=VsdxfRRm0GlLq9D8S8synuEfDt1xN7M8hIrciJDiQdU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960939474&sdata=VsdxfRRm0GlLq9D8S8synuEfDt1xN7M8hIrciJDiQdU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960939474&sdata=VsdxfRRm0GlLq9D8S8synuEfDt1xN7M8hIrciJDiQdU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960949468&sdata=WR%2BYL6bALsovbhVYaZz%2FU9QdjgwyVCD3cxeD2mqJABI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960949468&sdata=WR%2BYL6bALsovbhVYaZz%2FU9QdjgwyVCD3cxeD2mqJABI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1ebf180de6a242fb0aa308d82513081c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300110960959462&sdata=4VWDilQ0iQIAWpuARBNaOWOB45XmcW98JxbNfsk%2B48c%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://www.educause.edu/community> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
