cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
769
Views
0
Helpful
3
Replies

CMX 10.6.3 "will not filter random MAC when devices are assoc with it"

martintee
Level 1
Level 1

The release notes of CMX 10.6.3 (source: https://www.cisco.com/c/en/us/td/docs/wireless/mse/10-6-3/cmx_release_notes/rn-cmx-10-6-3.html) say:

"What's New in Cisco CMX Release 10.6.3?
MAC Randomization for associated devices: Cisco CMX will not filter random MAC when devices are associated with it."

We have upgraded to 10.6.3-105 but see no difference in behaviour in relation to locally administered ("random") MAC addresses. The CMX v3 clients API does not provide us with any information on devices that are associated with the network with a locally administrered MAC address. In other words, they still seem to be filtered out.

Why? Is this new feature in CMX 10.6.3 not supposed to fix exactly that? Should we change any settings to enable us to receive this data? If so, which setting and where can we find it?

Note that this does not concern probing devices, we are not interested in those. Our end goal is to retrieve information of only associated devices, with a locally administered MAC address or any regular hardware MAC using the CMX v3 clients API. In our case those associated devices are authenticated to the network with a username and password.

I have gone through countless of documentation and I see no reason why Cisco would not publish information on associated devies with a locally administered MAC address, since those MACs are hardly random. For example, iOS devices use the same locally administered MAC for a single network once associated.

3 Replies 3

Hi

 CMX has always been a Bug  tool.  But, if you are able to stract information using API, which means you are using coding to stract information from CMX, you can do it by yourself.

 

There are four possible formats of locally administered MAC addresses (x can be any hex value)

X2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx

 

 

We can only do it by ourselves if the CMX actually provides us with information on those devices. When we use the v3 clients API, the CMX does not give us data on any devices with locally administered MAC addresses, even if devices with those kind of MAC are associated with the WiFi SSID that is configured for the CMX. We do receive all the other device data, just not of locally administered MACs.

What does the actual feature as described in "What's New in Cisco CMX Release 10.6.3? - Cisco CMX will not filter random MAC when devices are associated with it." contain? Surely Cisco would not add this line to the release notes if nothing has changed?

Actually the feature is not new on 10.6. What changed is the the feature is enable by default.

 

Filtering.

This field is present in CMX 10.5.x, but has been removed from the 10.6.x web interface and has been enabled by default.

 

What I suggested is that, you have control over all the mac address connected in the network. You can collect this on the CMX or on the Prime, in case you have itt. Then, using programmability, you can look for those mac address among connected devices.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: