Technical Tip: Mac Address Randomization challenges

Adolfo_Z_H · ‎10-17-2023

Description

This article discusses Mac Address Randomization challenges.

Scope

All Fortinet WIFI products.

Solution

MAC randomization is a recent feature on most recent devices operating systems whose main goal is to enhance user privacy by generating a random MAC Address every time a user connects to a WIFI network.

Having it enabled during troubleshooting issues could prevent proper follow-up events and diagnose commands.
Knowing beforehand If a device could have this feature activated prior to troubleshooting will be helpful to expedite analysis.

This is a summary table of the most popular devices that support Mac addresses Randomization and their default behavior.

OS	MAC Randomization	Per SSID support	Time-Based randomization	By default
Windows 11 & 10	Supported	Optional	Optional	Disabled
MacOS 12/11/10	Not supported	-	-	-
Android 12 & 11	Supported	Supported	Optional	Enabled
Android 10	Supported	Vendor Specific	Not supported	Vendor Specific
Android 9	Supported	Optional	Not supported	Disabled
Chrome OS	Not supported	-	-	-
Apple IOS 15 & 14	Supported	Supported	Not supported	Enabled
Apple 1OS 13	Not supported		-

Features that depend on MAC address data could be impacted, like MAC filtering, MAC authentication, MAC-based policies, captive portals, Device Analytics, DHCP server, DCHP snooping, IP reservations, etc.

RFC 1918 notes that private MAC addresses known as Locally Administered Address Ranges are never used by devices or other vendors.

MAC addresses in these ranges can be safely used, assuming they are unique within the network:

It is that second hex value in the MAC address that indicates a private (software-generated) address. Any address matching one of the following patterns is considered private:

x2:xx:xx:xx:xx:xx
x6:xx:xx:xx:xx:xx
xA:xx:xx:xx:xx:xx
xE:xx:xx:xx:xx:xx