GL-AX1800 Flint Enable or disable ACCESS for randomize MAC access to internet

Routers
1

I have tested on GL-AX1800 and GL-AXT1800 and on both I have same issues.

The GL-AX1800 and GL-AXT1800 is making connection. connected in PPoE , work, so no other router ahead.

GL-AX1800 Flint / v4.4.6

  • 80% of my home devices are Apple which had random MAC address enabled(IOS does have it as default)

  • GL-AXT1800 Under Clients Access Control /allowlist. I’ve added all MAC address as well for all Apple devices with randomize MAC

  • VPN Global Proxy All traffic will go through VPN.

  • but when a APPLE device it’s rebooted it’s change the MAC address.

How this situation can be solved in order to not add every time the MAC under Clients Allowlist.

Thank you for any suggestion.

2

Unfortunately there is no way - that’s the con of having randomized MAC.

Just don’t use MAC based access list - it’s not really a security feature anyway.

3

Make whitelist macaddress in dhcp? Don’t share password WiFi. Problem solved :wink:

1 Like
4

Won‘t work either - still randomized.

1 Like
5

In iOS, the randomized MAC address feature assigns a unique MAC address to each Wi-Fi network and keeps the same address for subsequent connections to that network, instead of changing it on every reboot. Additionally, this feature can be disabled for specific networks, like your home Wi-Fi, allowing your device to use its real MAC address instead.

2 Likes
6

Thank you for all replys

1.@admon Not using MAC based access list is not a solutions… I need this in order to filter devices and allow connection to use VPN

  1. @slesar Don’t share password WiFi. I hope that;s an joke . is not a solutions (device need to use the connections)

  2. @meo solutions to use real MAC address is good but outside of this wifi , users should use that privacy mac feature for tracking and security reasons

So If I understand it’s no way using GL-AX1800 Flint / v4.4.6 the to block some devices by MAC address to use the connections. or limit some day hours ! ()
Even Parental Control is not useful .

Thank you for the support

7

@idglabs

you said “… but when a APPLE device it’s rebooted it’s change the MAC address.”

This shouldn’t be the case, as long as the device connects to the same AP, the device will keep its randomised address and NOT generate a new one. Worth a recheck.

you said “solutions to use real MAC address is good but outside of this wifi , users should use that privacy mac feature for tracking and security reasons”

You can turn off apple’s devices MAC randomisation per AP, you can disable it only for your home AP and it will still be enabled for other APs.

8

What about make static or manual IP in apple devices?

9

Indeed. This is behind of scope for this device.
You need some captive portal. Might be possible with OpenWrt but tbh, just go for a professional firewall like Sophos then.

10

Nope.
Official docs say:

Each time these network interfaces are started, new random addresses are generated and a unique address is generated for each interface as required and independently of each other

So it happen more often.

11

Thank you I will check this solutions as well. Even my kids…want to avoid my internet block after 22:00 …:wink:

12

thank you fo the suggestion related to MAC randomize…I will check if after root it’s still keep MAC randomize and for how long.

Thank you

13

Thank ypu good information I will check to see how is ork with OpenWrt

14

From here:
Starting with iOS 15, iPadOS 15 and watchOS 8, if your device hasn’t joined the network in six weeks, it will use a different private address the next time it connects to that network. And if you make your device forget the network, it will also forget the private address it used with that network, unless it has been less than two weeks since the last time it was made to forget that network.

Alternatively, disable apple’s devices randomisation only for your own Access Point.

15

thank you very much @meo very very useful info.