Thanks Tim. I just started a conversation with my SE. Brad From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, July 10, 2020 2:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL]Re: [WIRELESS-LAN] MAC Randomization, a step further...
For extended visitor use cases (over 1 day), Passpoint is really the only feasible solution moving forward. Aruba has a Passpoint offering/service called Air Pass and WBA's OpenRoaming initiative is gaining a lot of support. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, July 10, 2020 at 15:04 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] MAC Randomization, a step further... Tim, Anything in the works from Aruba about how best to deal with ClearPass Guest MAC Auth? Thanks, Brad From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, July 10, 2020 2:01 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [EXTERNAL]Re: [WIRELESS-LAN] MAC Randomization, a step further... Connected MAC randomization on iOS will be enabled by default, just like on Android (starting in 10). Two major differences: 1) iOS does not expose the randomization knob (to disable it) to end users during initial connection. It is available after connection in the saved network list 2) On Android (version 10 and 11), the MAC is set once per ESSID for the lifetime of the OS instance (aka until a factory reset). On iOS 14, the MAC is set per ESSID and is changed once every 24 hours. Note that Android 11 has a developer option to enable a per-connection MAC which likely indicates this will enabled by default or exposed to users in Android 12. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, July 10, 2020 at 14:57 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] MAC Randomization, a step further... Apple is moving forward with their privacy efforts. The next step is to randomize MAC addresses when connecting to an AP, not just when probing. This is coming soon. https://globalreachtech.com/blog-mac-randomisation-apple/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fglobalreachtech.com%2Fblog-mac-randomisation-apple%2F&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C26fc195c29b4457a06d508d825041970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300046829877974&sdata=igFSatWaHCRzls6rl4jmDkuFMSPjuntnUMWZxFGbHFA%3D&reserved=0> This is from Apple. Luckily, there is a way to disable private addresses. I just don't know if it will be ON by default. https://support.apple.com/en-qa/HT211227<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.apple.com%2Fen-qa%2FHT211227&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C26fc195c29b4457a06d508d825041970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300046829887971&sdata=g0uQmC7cCwUEiW62uzXILQWWJtyhlm%2Bv1JhrspVG0ec%3D&reserved=0> Happy Friday! Hector Rios, Wireless Network Architect The University of Texas at Austin ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C26fc195c29b4457a06d508d825041970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300046829897966&sdata=Ma2mA8RDW7QHHZ5kPBEGpOZIgn6EK%2FTJBmSYird3aI8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C26fc195c29b4457a06d508d825041970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300046829897966&sdata=Ma2mA8RDW7QHHZ5kPBEGpOZIgn6EK%2FTJBmSYird3aI8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C26fc195c29b4457a06d508d825041970%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637300046829907958&sdata=oeswZX6JQwIzOynzZAyJQFdfMmdN6g4HtQOUEHzS1%2B0%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community