Cloud Guest stores the MAC address that the client uses at the moment of authentication. It does not know if it is a persistent or non-persistent MAC address that the client used. You can disable MAC randomization on the Android device (Use Device MAC), but that is something the end-user should do.
You can look up the client in Central (both connected and disconnected but connected before) and see the client MAC address. In that way you can see if the same user uses different MAC addresses (of course only works with registered accounts, not with click-to-accept). Randomized MAC behavior is highly unpredictable and differs between devices and even OS versions or vendors.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 23, 2024 06:00 AM
From: DavidB
Subject: Aruba Central Cloud Guest captive portal and Android MAC randomization
Hi everybody,
In our Splash Page we configured a session time-out of 7 days with Enable MAC Caching, but got feedback that some users are send back to the registration page after just 2 or 3 days.
At this moment I'm only aware it happens on Android devices, so I'll focus on these devices - it is possible it happens on iPhones too, but got no feedback about these devices yet.
As far as we 've discovered the mail culprit seems to be the "randomize MAC-address" option that 's automatically enabled nowadays on Android devices (starting Android 12, oktober 2021).
As I've understood, when you use 'Enable MAC Caching' and you've registerd your device, you're not supposed to see the registration page again untill the session timeout limit is hit. (This prevents the users to go the the registration page everytime the inactivity limit is hit).
According to this site MAC Randomization Behavior | Android Open Source Project there are 2 types of MAC's randomizations:
"Non-persistent randomization" and "Persistent randomization"
Persistent randomization:
Android generates a persistent randomized MAC address based on the parameters of the network profile including SSID, security type, or FQDN (for Passpoint networks). This MAC address remains the same until factory reset.
Persistent MAC addresses are necessary in cases where networks rely on the persistence of the MAC address to provide useful functionality to the user, for example, to remember a device and allow users to bypass the login screen as expected, or to enable parental controls.
It is unclear to me if this functionality still existst in Android 12 and up.
Non-persistent randomization:
Under the non-persistent randomization type, which is used for some networks in Android 12 or higher, the Wi-Fi module re-randomizes the MAC address at the start of every connection or the framework uses the existing randomized MAC address to connect to the network.
The conditions mentioned later on, do seems to resemble what our users might experience.
Is it possible that the MAC-adresses that are saved, are not of the persistent type? (again: if 'persistent' still exists Android 12 and up)
Is there a way to check these MAC-addresses?
Thank you