Cisco wlc showing one device with more then one MAC address and IP address

hhakimi · ‎08-06-2018

Hi,

Can some please help me, why my WLC 2504 assigning multiple MAC address and IP Address to one device, with change the last 6 digits of MAC Address, these are happen when they disconnected and re login but both showing associated. and have second and thired IP Address.

also it is show unknown client with assigned IP by WLC.

Please see the attached.

Leo Laohoo · ‎08-06-2018

Because the owner enabled Randomize MAC Address feature.

hhakimi · ‎08-06-2018

Thanks for reply how to stop this, and with stopping this which future will be remove.

hhakimi · ‎08-06-2018

Thanks for reply how to stop this, and with stopping this which future will be remove.

Leo Laohoo · ‎08-06-2018

@hhakimi wrote:

Thanks for reply how to stop this

You can't.

@hhakimi wrote:

with stopping this which future will be remove.

Raise a complaint with Apple, Google and Windows.

hhakimi · ‎08-06-2018

This not acceptable, to raise complain with 3 big companies because of Cisco WLC. Cisco should find out the solution for this.

patoberli · ‎08-06-2018

No no, those enduser devices have (sometimes) a function built in to randomize their mac-addresses, to counter snooping and movement profiles. Cisco can't do anything here, because it's an end user privacy feature, which Apple and Google (and with tablets/laptops Microsoft) have built-in and enabled for guest networks. The WLC always sees a different client, unless you use username/password authentication on the SSID, or if the end user trusts the SSID. I think the MAC doesn't change, once the user has configured the SSID on his device.

hhakimi · ‎08-06-2018

Thanks for support.

Scott Fella · ‎08-06-2018

It’s the devices that has a feature to randomize the MAC address. You can’t address that issue from any wireless vendor.

-Scott
*** Please rate helpful posts ***

hhakimi · ‎08-06-2018

Thanks for support.

Leo Laohoo · ‎08-06-2018

@hhakimi wrote:

This not acceptable, to raise complain with 3 big companies because of Cisco WLC. Cisco should find out the solution for this.

Raise a TAC case.

Random MAC Address feature was introduced because there are some people who don't like to be "tracked" by government agencies. This is a feature enabled by Apple, Microsoft and Google. Cisco isn't the "author" of this feature.

The only way is enable MAC address enrollment or MAC-based ACL.

hhakimi · ‎08-06-2018

Thanks for support.

hhakimi · ‎08-06-2018

how to remove unknown client. from list of wireless.

Leo Laohoo · ‎08-06-2018

@hhakimi wrote:

how to remove unknown client. from list of wireless.

You can force the wireless client to deauthenticate but the wireless client will just get back in.

The only way is to block/ban the MAC address.

Scott Fella · ‎08-06-2018

Unknown clients are any client that is not identified using 802.1x or email registration from a portal page.

-Scott
*** Please rate helpful posts ***