In our guest network I have started seeing a side effect triggered by clients such as iOS 14 devices hat use MAC address randomization
When a device is assigned a DHCP lease, then leaves the network to return later in the day within the address lease period, it tries to reconnect with a new MAC address at the same time re-using the previously leased IP address
This causes an "IP address conflict" situation to be triggered and reported from the DHCP server on our MX - which I guess, theoretically is correct given the client behaviour.
I know MAC address randomization can be disabled on corporate devices, but how to handle guests are another matter. One "solution" is of course to stop the reporting of IP address conflicts but sometimes this can be important to know about.
Set the lease time on guest network to 1 hour
Thanks for the suggestion. I will absolutely be adjusting lease times.
After reading a bit more about this subject it seems Apple does not really change the MAC periodically but only switches from the physical MAC to the "Private" MAC when this function is enabled, then keep this private MAC associated to that particular SSID.
I guess what I am seeing is rather a side effect of guest users upgrading to iOS 14 these days, having the private MAC function enabled after the first boot, causing the "IP address conflict" situation temporarily.
Ericl, did you change your lease times? Which time did you go with?
We changed ours to 12 hours and are still seeing the IP Conflict messages. We have users on this subnet all day as it's for our BYOD network for staff and students. Do you know of any issues related to changing to a hour?
Thanks!
We adjusted the lease down to 4 hours but I see no benefit from this as the IP address conflicts continue into the next lease. I ended up limiting the number of recipients receiving the IP address conflict alerts and will keep it this way for the coming weeks until the majority of iOS users are on iOS 14.
Hi Ericl,
We have done the same. Will leave it this way for a couple of weeks and try again.
I'm also seeing this behavior on our network.
It's rather frustrating getting the notifications throughout the day.