Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to apply group policy on mobile phone due to MAC randomization

Rohit_Rana
Getting noticed
‎Jul 26 2023 1:03 AM
‎Jul 26 2023 1:03 AM

Unable to apply group policy on mobile phone due to MAC randomization

Hello Everyone.

 

I am trying to apply group policies in meraki . I have applied policies to Laptops/Desktop after fixing the Wireless IP address . But in case of mobile phones, I am facing issue. As every time, mobile phones are changing their MAC and IP address even if I have fixed their IP and MAC randomization is set to "Phone MAC' or "Private MAC". 

Their MAC address is fixed only for that particular SSID for which I have fixed the MAC, but as the user connects to another SSID, it automatically changes to "Randomized MAC" and it bypasses all group policies.

Even "Description" which I set for that mobile device, changes to default name due to which it is difficult to track the device even with Name, MAC and IP.

 

Someone , kindly suggest me the best idea that how to fix any identity of mobile device on Meraki so that I can apply the group policies on mobile devices .

 

Is there any solution to fix the mobile device identity and won't changes if user connects to any SSID ?

 

Rohit_Rana_1-1690358687516.png

 

0 Kudos
Subscribe
6 Replies 6
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jul 26 2023 1:11 AM
‎Jul 26 2023 1:11 AM

Are the devices company owned or personal devices? If company owned I would suggest managing them using an MDM if you are not already which will allow you to disable MAC randomisation. 

 

If they are private devices you will need to look for an alternative solution that might involve and SSID specifically for  phones.

btr.net.nz
Subscribe
In response to BlakeRichardson
Rohit_Rana
Getting noticed
‎Jul 26 2023 1:27 AM
‎Jul 26 2023 1:27 AM

Hi @BlakeRichardson 

 

Users are having private devices.

Is there any possible way which can help to fix these private device identities on meraki ?

0 Kudos
Subscribe
In response to Rohit_Rana
cmr
Kind of a big deal
Kind of a big deal
‎Jul 26 2023 1:52 AM
‎Jul 26 2023 1:52 AM

@Rohit_Rana both Android and IOS devices now choose a random virtual MAC address for each new wireless network that they connect to.  They do retain the same random address for reconnections to the same network, but not between networks.  This can be disabled by the user, either for the whole device, or for a specific wireless network, but the only way to force this is to install an MDM solution on the device.  It is not a Meraki issue, but a deliberate design from the mobile device vendors to reduce device tracking.

Subscribe
In response to cmr
Rohit_Rana
Getting noticed
‎Jul 26 2023 2:04 AM
‎Jul 26 2023 2:04 AM

Thanks @cmr ,

Got it !

0 Kudos
Subscribe
Brash
Kind of a big deal
Kind of a big deal
‎Jul 26 2023 1:28 AM
‎Jul 26 2023 1:28 AM

The best solution here is to MDM the devices.

You can also apply the group policy on the SSID based on the device type which might be helpful

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Applying_Policies_by_Device_Type

Subscribe
In response to Brash
Rohit_Rana
Getting noticed
‎Jul 26 2023 2:08 AM
‎Jul 26 2023 2:08 AM

Hi @Brash ,

Thanks !

I think this can be the best solution to map the users for particular SSID wise, and we can provide access to that SSID only to them.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.