MAC randomisation and DHCP pools
Matt Pallissard
matt at pallissard.net
Mon Jul 27 16:41:16 UTC 2020
On 2020-07-24T10:10:54 +0100, Mike Richardson wrote:
> Hiya,
>
> Given Apple's decision to enable randomisation of MACs on IOS devices every
> 24 hours, I was wondering what effect this would have on DHCP?
>
> For example, if you have a pool of 100 IPs, 50 IOS devices and leases set to
> 7 days.
>
> At the moment the same 50 IPs would be assigned each day. Post-randomisation
> 50 would be assigned on day 1. On day 2, my understanding is that the devices
> would REQUEST their previous IPs and be NACKed, then do a DISCOVER and get a
> new lot of 50 addresses. What I'm unsure about is what happens on day 3? 'no
> free leases', a ping check and reallocation of old addresses or something
> else?
>
> Can anyone enlighten me?
>
To answer your question,
Yes, you'd wind up with multiple reservations per client. Options that can
help free up older leases do exist, but they aren't bulletproof. Look at
adaptive-lease-time-threshold and min-min-lease-time.
For Android, this is a non issue.
https://source.android.com/devices/tech/connect/wifi-mac-randomization
For IOS, this is configurable https://support.apple.com/en-us/HT211227. This
should be included in the profile that deploys the org's wifi settings.
As an aside,
I fail to see the use case for long reservations in the first place. Lower the
lease time and move on with life.
MAC addresses are a terrible canonical identifier, let alone an authentication
mechanism. If you need some sort of privileged access based on reservations
have users connect to a 'privileged network'. IMO a VPN is better tool for
this than a wifi network.
Matt Pallissard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200727/d4656ea3/attachment.bin>
More information about the dhcp-users
mailing list