Impact of iOS 14 random MAC on IPSK and Meraki functions

imuccini
Here to help

Impact of iOS 14 random MAC on IPSK and Meraki functions

Apple iOS 14 is planning to use a private WiFi MAC Address and change it periodically, even if the device connects to the same BSSID (https://support.apple.com/en-us/HT211227).

 

How does this impact Meraki IPSK? If the MAC address changes over time, this technique won't work.

https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication

 

Is the Meraki team working on alternative solutions or workarounds?

4 Replies 4
BlakeRichardson
Kind of a big deal
Kind of a big deal

I would hope that Apple has this as modifiable setting so the those using an MDM can force this feature to be disabled if they so wish.

 

If not let the fun begin...... 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

It is configurable per network, as iPSK should be configured to give only basic internet access, or no access then it is in the interest of the user to do this.  I'd guess that MDM platforms will catch up with varying speed...

If my answer solves your problem please click Accept as Solution so others can benefit from it.
ConnorL
Meraki Employee
Meraki Employee

@BlakeRichardson, going by the WWDC 20 video "What's new in managing Apple Devices", yes, MDM Restrictions Payload will be able to disable this.

 

"Beginning in iOS 14, whenever a device associates with a Wi-Fi network, it will use a random MAC address instead of the device's true hardware MAC address. For enterprise networks that use captive portals or filtering, the new feature may cause an unexpected behavior as the device may not be identified when it joins. If the device fails to join the network, it will fall back to using its real MAC address. While users can disable this feature in Settings, we've also made it possible to disable it using the Wi-Fi payload."

 

Screenshot 2020-07-27 at 23.24.31.png

Whilst I have no news when Meraki SM will support this new payload, I suspect it will be included once iOS 14 is released publically (not beta). Here's a full list of what's coming in iOS 14 MDM:

 

Screenshot 2020-07-27 at 23.28.14.png

CptnCrnch
Kind of a big deal
Kind of a big deal

Great question though!

 

Some kind of ideas (possibly even „best practices“ regarding ISE) and some background how „random“ MAC addresses are formed can be found in this document, highly recommended: https://community.cisco.com/t5/security-documents/random-mac-address-how-to-deal-with-it-using-ise/t...

Get notified when there are additional replies to this discussion.