MAC randomisation and DHCP pools

Joshua Stark starkjs at
Sat Jul 25 01:46:39 UTC 2020

The user can decide to turn the feature off on the Apple device per WiFi 

Rarely, a network might allow you to join with a private address, but 
won't allow Internet access. If that happens, you can choose to stop 
using private addresses 
<> with that network

I agree, this will make things different, harder initially. One example 
that comes to mind is white/black lists on WiFi networks, that will go 
out the window.
And the other of being able to set a static IPv4 will be next to impossible.

But was that not the point of IPv6 - totally random

In my mind this means we need an evolution of how we do things, like how 
AWS/GCP have taken the classic firewall of IP/Port to a Service Layer 
There is going to need to be another way to identify a device to allow 
automatic re-authentication, like public WiFi where you purchase access 
for greater then 24hrs.

How we do that, I don't know, but it's time to start thinking about how 
to implement the next evolution in technology!


On 24/7/20 20:59, Mike Richardson wrote:
>> Hi Mike,
>> This is not something new, it has been around since IOS 8 in 2014. I think
>> this page summarises how it works and has links to Apple's site with more
>> details.
>> It appears that it randomises the MAC address when the device is passively
>> scanning for networks and other particular settings are enabled or disabled,
>> so systems can't use the MAC address to persistently track wherever you go.
>> However, it seems that any associations/joining of networks is based on the
>> actual MAC address.
>> Or am I talking about something else entirely different?
> Something new I believe:
> Apple, in IOS14, are going to implement the changing of MACs every 24 hours
> as the default, and different ones for each SSID, I believe.
> I'm just trying to evaluate the impact on things like DHCP, but I'm not sure
> about exactly what happens when pools are, sort of, exhausted.
> Thanks,
> Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4044 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the dhcp-users mailing list