Meraki

Community

False IP address conflict caused by client MAC address randomization

EricI
Here to help
‎Sep 23 2020 9:10 AM
‎Sep 23 2020 9:10 AM

False IP address conflict caused by client MAC address randomization

In our guest network I have started seeing a side effect triggered by clients such as iOS 14 devices hat use MAC address randomization

 

When a device is assigned a DHCP lease, then leaves the network to return later in the day within the address lease period, it tries to reconnect with a new MAC address at the same time re-using the previously leased IP address

 

This causes an "IP address conflict" situation to be triggered and reported from the DHCP server on our MX - which I guess, theoretically is correct given the client behaviour.

I know MAC address randomization can be disabled on corporate devices, but how to handle guests are another matter. One "solution" is of course to stop the reporting of IP address conflicts but sometimes this can be important to know about.

6 Replies 6
ww
Kind of a big deal
Kind of a big deal
‎Sep 23 2020 9:30 AM
‎Sep 23 2020 9:30 AM

Set the lease time on guest network to 1 hour 

In response to ww
EricI
Here to help
‎Sep 23 2020 10:11 AM
‎Sep 23 2020 10:11 AM

Thanks for the suggestion. I will absolutely be adjusting lease times.

After reading a bit more about this subject it seems Apple does not really change the MAC periodically but only switches from the physical MAC to the "Private" MAC when this function is enabled, then keep this private MAC associated to that particular SSID.

I guess what I am seeing is rather a side effect of guest users upgrading to iOS 14 these days, having the private MAC function enabled after the first boot, causing the "IP address conflict" situation temporarily.

0 Kudos
In response to EricI
BEagle
Here to help
‎Sep 29 2020 12:29 PM
‎Sep 29 2020 12:29 PM

Ericl, did you change your lease times?  Which time did you go with?

 

We changed ours to 12 hours and are still seeing the IP Conflict messages.  We have users on this subnet all day as it's for our BYOD network for staff and students. Do you know of any issues related to changing to a hour?

 

Thanks!

0 Kudos
In response to BEagle
EricI
Here to help
‎Sep 29 2020 11:06 PM
‎Sep 29 2020 11:06 PM

We adjusted the lease down to 4 hours but I see no benefit from this as the IP address conflicts continue into the next lease. I ended up limiting the number of recipients receiving the IP address conflict alerts and will keep it this way for the coming weeks until the majority of iOS users are on iOS 14.

0 Kudos
In response to EricI
BEagle
Here to help
‎Sep 30 2020 1:54 PM
‎Sep 30 2020 1:54 PM

Hi Ericl,

 

We have done the same.  Will leave it this way for a couple of weeks and try again.

 

 

0 Kudos
Luke44
Just browsing
‎Sep 29 2020 7:53 PM
‎Sep 29 2020 7:53 PM

I'm also seeing this behavior on our network.

 

It's rather frustrating getting the notifications throughout the day.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.