Frequent Contributor I
Posts: 68
Registered: ‎08-16-2011

iOS 8 & MAC Address Randomization



Has anyone played w/ iOS 8 beta & have you ran into any issues w/ Airwave monitoring, or with any logging or tracking functionality?  


Guru Elite
Posts: 8,180
Registered: ‎09-08-2010

Re: iOS 8

It's only for probing. The device associates with its own MAC address.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Posts: 1,110
Registered: ‎10-11-2011

Re: iOS 8

Even so, will this not affect ClientMatch as it utilizes client probes?  I see this as potentially causing more issues, especially when troubleshooting a client association issue.  If you suspect a client probing issue, how are you going to identify the client probes with a packet capture?

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II
Posts: 48
Registered: ‎05-23-2014

Re: iOS 8

Does anyone know if this will prevent MAC authentication from taking place?


If it probes the network with a random MAC but authenticates with its own correct MAC, i dont see that this should prevent MAC authentication from taking place.


On the other hand, if MAC authentication is in place as part of a layered security model, should the random MAC be in the list (is this going to be chosen from the Apple agreed list??) this could in effect authenticate a non authorised device, causing a security breach to the network




Super Contributor I
Posts: 268
Registered: ‎04-04-2014

Re: iOS 8


I think that's the burning question -- how will these devices play with virtual beacons/11k, and legacy-mode client-match?  Apples already are one of the rockier platforms for match/steering and this feature doesn't bode well.  Hopefully it completely turns off while enterprise authed.






Posts: 505
Registered: ‎05-11-2011

Re: iOS 8

Still remains to be seen what the effects will be, but once the device is actively associated to your wireless network it use it's own MAC-address. There is no ClientMatch etc before association right?


Tho - a system counting the number of MAC-addresses "probing the Air" will/might be worthless since all i-devices will probe with different MAC-address each time.


John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: