iphone update 14.4.2

davillan
New here

iphone update 14.4.2

Hi, 
I'm seeing strange behavior in multiple Meraki networks acorss different organizations for the past week or so.
where I'm receiving numerus alerts of IP conflict detected ... 
there is only MX devices (DHCP enabled) in those setups, no other DHCP server is working, and no static IP addresses is assigned !
mostly from IP addresses of iphones (I've confirmed that couple of these iphones are updated to ios 14.4.2)
anyone else having this issue? is there something I need to check?
4 REPLIES 4
CptnCrnch
Kind of a big deal

Re: iphone update 14.4.2

I'd take bets this has something to do with MAC address randomization:

https://appleinsider.com/articles/20/09/17/ios-14-mac-randomization-privacy-feature-may-cause-cisco-...

UCcert
Kind of a big deal

Re: iphone update 14.4.2

It’ll be that really helpful feature released by Apple just to make life a little harder for us Network Engineers.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Inderdeep
Kind of a big deal

Re: iphone update 14.4.2

@davillan : This is what i found, @CptnCrnch correctly mentioned 

 iOS 14 ships with the "Private Address" per-SSID MAC randomization feature enabled after the update, so anything based on MAC address will break until you either configure the newly generated address for that client, or disable the Private Address feature on each iOS device individually.

https://www.reddit.com/r/meraki/comments/iumrvq/ios_14_headsup/ 

Regards
Inderdeep Singh
www.thenetworkdna.com ( Awarded by Cisco IT Blogs award 2020)
Bruce
Kind of a big deal

Re: iphone update 14.4.2

Not sure what iOS version it was in but Apple did have a couple of bugs with the randomization when it was first introduced - the current iOS version is 14.6.

 

If you're getting IP address conflicts then that is because the MX is seeing the same IP address being used by two separate MAC addresses. And this is exactly what Apple did (no, it wasn't intentional, well not so far as they admitted). When they first introduced the MAC randomization on a per SSID basis there were situations where (I believe it was ARP requests) were responded to with the real MAC address, and not the randomized MAC address, whereas normally it responded with the randomized address. And this makes the MX 'think' there is an IP address conflict, although there actually isn't.

 

The only way I believe you can confirm this is through packet captures and compare MAC addresses in the capture (for the same IP address) with those on the iOS devices, to see if the different MAC addresses are actually on the same device. 

 

EDIT: Might also be worth reducing your DHCP lease times, as the randomized MAC address will likely rotate every 24 hours too.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.