Assistance with MAC Randomization Issue on Apple Devices in the Hospitality Industry using Meraki

Solved
CPeiris
Conversationalist

Assistance with MAC Randomization Issue on Apple Devices in the Hospitality Industry using Meraki

As an employee in the hospitality industry, I have encountered an issue with MAC randomization on certain devices, particularly iPhones. Due to this issue, I frequently find myself having to either bypass the MAC address or assign it to a group policy. Unfortunately, the Meraki Mobile App does not provide this feature, so I am forced to use the desktop web version to perform these actions. This often requires me to physically visit guests to obtain their MAC addresses and seek assistance from others to bypass them. Therefore, I am seeking assistance from the Meraki community to address this problem.

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked the documentation?

 

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_and_MAC_Addres...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal

Have you checked the documentation?

 

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_and_MAC_Addres...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
rhbirkelund
Kind of a big deal
Kind of a big deal

Unfortunately, there's not much you can do towards MAC randomisation. This is a security feature introduced on more or less all wireless devices, and can only be disabled on the the device itself.

If you have Systems Manager (or any other MDM solution) you can enroll the deivce and push a profile with your SSID and have MAC randomisation disabled.

Alternatviely you have to get in touch with every single user, and ask them to disable MAC randomisation.

 

Other than that, there's not much else for you to do, apart from perhaps redesiging how you onboard Wireless clients onto your network.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
CPeiris
Conversationalist

Hi rhbirkelund,
I don't think the Meraki System Manager is practical for hotels and resorts because guests typically stay for short periods of 1 to 14 days and may not want to install another app during their stay. Additionally, guests may have many questions about the app. However, as an IT administrator, the System Manager can be very helpful, even though it may not be practical for guest turnover in hotels and resorts.

rhbirkelund
Kind of a big deal
Kind of a big deal

@CPeirisin terms of hospitality, you are completely correct. It's not feasible to require app installation and mdm enrollment for visitors staying at a hotel for 1-14 days.

The point I was trying to convey is that from an IT administrator point of view, you can't do anythong towards MAC randomisation as this is a client side feature, which can only be untoggled by client intervention.

It's the same in terms of roaming between APs. In the end, it's the client who decides when to roam. You might be able to tweak the netework to make wireless roaming work more smoothly, but it's the client who decides.

 

If you are experience frequent reauthentication flows in your hotel guest network due to MAC randomisation, you might have to a look into your current wireless design instead, rather having to look for solutions to disable MAC randomisation on client devices. Besides - MAC randomsisation is for the benefit of the user. As an IT administrator for a Hotel, you should embrace it, rather than work around it.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

What problem are you trying to solve by assigning group policies to MAC addresses?  Perhaps there is a different way to solve the problem.

CPeiris
Conversationalist

Hi Philip,
Hotels and resorts commonly use third-party applications to onboard wireless clients, which are often integrated with their Property Management Systems (PMS). Unfortunately, clients often experience difficulties with the splash page authentication process. As a workaround, we usually disable the private address feature, but this does not always resolve the issue. In cases where the splash page bypass is unsuccessful, we must add the client to a predesign group policy. However, there are rare instances where even this workaround fails. In such situations, we have to obtain the client's MAC address and manually add it to the group policy.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels