Description

This article discusses Mac Address Randomization challenges.

Scope

All Fortinet WIFI products.

Solution

MAC randomization is a recent feature on most recent devices operating systems whose main goal is to enhance user privacy by generating a random MAC Address every time a user connects to a WIFI network.

• Having it enabled during troubleshooting issues could prevent proper follow-up events and diagnose commands.
• Knowing beforehand If a device could have this feature activated prior to troubleshooting will be helpful to expedite analysis.

This is a summary table of the most popular devices that support Mac addresses Randomization and their default behavior.

Features that depend on MAC address data could be impacted, like MAC filtering, MAC authentication, MAC-based policies, captive portals, Device Analytics, DHCP server, DCHP snooping, IP reservations, etc.

RFC 1918 notes that private MAC addresses known as Locally Administered Address Ranges are never used by devices or other vendors.

MAC addresses in these ranges can be safely used, assuming they are unique within the network:

It is that second hex value in the MAC address that indicates a private (software-generated) address. Any address matching one of the following patterns is considered private:

• x2:xx:xx:xx:xx:xx
• x6:xx:xx:xx:xx:xx
• xA:xx:xx:xx:xx:xx
• xE:xx:xx:xx:xx:xx

Related document:

https://www.tmatlantic.com/encyclopedia/index.php?ELEMENT_ID=16734

If on device logs, a MAC address matches the patterns above mentioned, that device is likely to have MAC randomization enabled. Refer to manufacturer documentation in order to know how to disable it prior to starting troubleshooting.