MAC randomisation and DHCP pools
matt at pallissard.net
Mon Jul 27 16:41:16 UTC 2020
On 2020-07-24T10:10:54 +0100, Mike Richardson wrote:
> Given Apple's decision to enable randomisation of MACs on IOS devices every
> 24 hours, I was wondering what effect this would have on DHCP?
> For example, if you have a pool of 100 IPs, 50 IOS devices and leases set to
> 7 days.
> At the moment the same 50 IPs would be assigned each day. Post-randomisation
> 50 would be assigned on day 1. On day 2, my understanding is that the devices
> would REQUEST their previous IPs and be NACKed, then do a DISCOVER and get a
> new lot of 50 addresses. What I'm unsure about is what happens on day 3? 'no
> free leases', a ping check and reallocation of old addresses or something
> Can anyone enlighten me?
To answer your question,
Yes, you'd wind up with multiple reservations per client. Options that can
help free up older leases do exist, but they aren't bulletproof. Look at
adaptive-lease-time-threshold and min-min-lease-time.
For Android, this is a non issue.
For IOS, this is configurable https://support.apple.com/en-us/HT211227. This
should be included in the profile that deploys the org's wifi settings.
As an aside,
I fail to see the use case for long reservations in the first place. Lower the
lease time and move on with life.
MAC addresses are a terrible canonical identifier, let alone an authentication
mechanism. If you need some sort of privileged access based on reservations
have users connect to a 'privileged network'. IMO a VPN is better tool for
this than a wifi network.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the dhcp-users