Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
Private MAC in iOS 14 and auto-block new devices causes BAD_ADDRESS





Hi,
in our office-network, we have a DHCP-Range between 192.168.xxx.1 and 200, quite a lot of IPs. Everything works fine. But now i'm in trouble because the DHCP-Scope is filled up with "BAD_ADDRESS"-entries, until the scope is filled up and DHCP doesn't offer IPs anymore.
During my research with logfiles (Windows Server 2008R2 as DHCP) i found out that the problem is caused by iOS 14's new option with private MAC-address + autoblocking new devices through fingbox.
Once a iOS-device with activated private MAC-address-option is connected to the network, fingbox is blocking this device and around 30 mins later, the DHCP-scope is filled up with BAD_ADDRESS entries.
When i check the logfiles of DHCP, i could see fingbox's MAC-address for each BAD_ADDRESS. So i'm thinking, a new device is asking about DHCP, the DHCP-server checkes if the possible IP is already "alive". In this case, fingbox will answer the ping-question and DHCP-Server is setting this IP to "BAD_ADDRESS".
I've set the lease-time down to 20 mins, but it seems that the BAD_ADDRESS-entries are "alive" for round about 60 mins.
I've found the option of conflict-detection, i've set to 0 (deactivated), but there are still BAD_ADDRESS-entries applying.
I can't deactivate the auto-block of fingbox, because lots of unwanted / unknown devices will connect. There's also no network-management to block devices within the network. Especially the new private-option is really bad for network-monitoring / -management.
So could it be possible that fingbox won't bind the new IP to itself? I've set the slow network detection option in fingbox already, but the problem is still present.
I've also set a delay of 150 ms within DHCP-server, same result, still flooding the scope with BAD_ADDRESS.
Does somebody else has this kind of problem? And maybe found any solution?
regards,
mozarella
0
Answers
Yes, like @Static said, you can ask and possibly force iOS users to turn that feature off and it will only be off for your wifi network, but we SHOULDN'T have to disable that feature. IMHO, this all falls on Apple. They made the change which, on the outside looks great, but we, you and I, the network admins, are the ones having to "fix" it. There are several options you can do but you'll have to see what your company will and will not allow. And like you, no, I AM NOT disabling "auto block new devices". I abso-freggin-lutely love that feature and, unfortunately for Fing, is the ONLY reason I still have a Fingbox.