JaedenRuiner

Q: Apple Products and MAC Filters

So,

I am NOT an Apple user.  Ever.  I believe literacy is important and therefore despise picture navigation.  If you can't type the commands or know why it works the way it does, maybe you shouldn't be using the device.  I control the system at a system level, and will never allow some programmer at HeadQuarters to determine how something should be done.  Thus I prefer Linux and Windows PC, because there I make the rules, there are no limits, and I can do it all from a command prompt.

 

But I have to manage a network that supports people using iPhones, iMacs, iPads, and AppleTV.

Now, I know (so don't give me crap about it) that MAC filtering is an "unnecessary step" to wireless security.  Totally agreed.  But what it does is force everyone who uses my network to inform me who and what device is on it.  If it was just the AES Key, that can be told and shared between people and I would never know.  So I use the key PLUS MAC Filtering so that everyone who connects to my network has to tell me about it.

 

But, AppleTV, iPads, iPhones all suck so hard, they never connect and work with my network.  Linux, Android, and WIndows - never fail.  They always work - FIRST TIME.  So what do I have to do to get the Apple products to see AND CONNECT to my network?  I put the MAC address into the "Allowed" list on the router, and reboot the routher.  I provide the WPA2 key and yet they never connect.  It's like Apple products are network challenged.  If it isn't some simple scheme they won't work.

 

These are simple LinkSys/Cisco E3500 and E4200 home router toasters, that you simply enter in the "allowed MAC addresses" and give the user the key and everything works...

EXCEPT FOR APPLE PRODUCTS.

 

Any idea why?  (I have my opinions but as you can probably guess they're biased, so I'd rather hear from the Apple experts how to get a MAC filtered access point to recognize Apple Products)

 

Thanks

Jaeden "Sifo Dyas" al'Raec Ruiner

Posted on Aug 23, 2016 7:29 PM

Close

Q: Apple Products and MAC Filters

  • All replies
  • Helpful answers

  • by FishingAddict,

    FishingAddict FishingAddict Aug 23, 2016 7:42 PM in response to JaedenRuiner
    Level 4 (1,532 points)
    Mac OS X
    Aug 23, 2016 7:42 PM in response to JaedenRuiner

    The reason is that Apple devices are far more secure than the other devices you have mentioned.  To ensure privacy and prevent tracking of devices, Apple iOS uses MAC address randomization.  Google it and you can learn more about how iOS uses this technique to ensure user privacy,

     

    And, guess what, on Mac OS computers you can also "do it all from a command prompt".  If you are such a skilled Linux admin then you should have no problem applying the same skills to the Mac OS's BSD roots.

  • by JaedenRuiner,

    JaedenRuiner JaedenRuiner Aug 25, 2016 4:04 PM in response to FishingAddict
    Level 1 (4 points)
    Aug 25, 2016 4:04 PM in response to FishingAddict

    Is there any way to turn this "feature" off?

    I won't remove MAC filtering from my network so there has to be a way to get Apple products to connect to a MAC filtered WIFI network.

     

    Yes I know, BSD Unix back end, but at that point might as well just use Linux.  Oh, an no computer is more secure than the last user who touched it.  PCs just expose the users who don't know how to use them correctly. Apple products protect the idiots.  Anti-Darwinism in my opinion. 

     

    Thanks for the help, by the way.  I really don't want to have to tell these guys that they can't connect ever.

     

    J"SD"a'RR

  • by FishingAddict,

    FishingAddict FishingAddict Aug 25, 2016 7:32 PM in response to JaedenRuiner
    Level 4 (1,532 points)
    Mac OS X
    Aug 25, 2016 7:32 PM in response to JaedenRuiner

    No, there is no way to disable it that I know of.

     

    You do know that you MAC filtering will not stop any bad guy from joining your network, right?  All you are doing is preventing valid users from being able to use your WiFi.

     

    MAC filtering is like putting a typical cable lock on a bicycle on the street.  The same people that would not have stolen the bike in the first place will leave the bike alone while even a rookie a bike thief will have a bolt cutter and cut the cable in one second!  What you are doing with MAC filtering is "security theatre".

  • by JaedenRuiner,

    JaedenRuiner JaedenRuiner Aug 30, 2016 9:40 PM in response to FishingAddict
    Level 1 (4 points)
    Aug 30, 2016 9:40 PM in response to FishingAddict

    I already admitted that about MAC Filtering.

    I live in an apartment setup, where people move in and out all the time.  MAC Filtering prevents person A from giving the password to person B with out telling me about it first.

     

    I never said the MAC Filter was about "security" it is there solely because I want to know who is on my network and what devices they have on my network.  Period. 

     

    There is no such things as fool proof.  It is opportunity.  Like your bicycle on the street why put a lock in it?  No matter what kind of lock you have, if someone truly wants to steal your bike, they will. The lock prevents the opportunistic thief.

     

    Same thing with a WIFI password to a private network.  I could give it to you when you came over.  But then you could give it to how many people and they could give it to even more, and well hey, the opportunity is there for any of them to piggy back on my network without me ever knowing who was sucking all the bandwidth.  MAC FIltering removes the "opportunity" because the average person won't know how to spoof the MAC Address, and it prevents the casual sharing of access rights to my network.  Every person must show me the devices they are planning to connect to my network. 

    That's the only reason.

     

    Now, it just seems foolhardy of Apple to have a "feature" that prevents their devices from connecting to some networks.  MAC Filtering doesn't make the network LESS secure, it may be a false sense of security for the unlearned, but like that bike lock, opportunity is thwarted.  I could ask anyone who has ever come to my house, and only 2 would know how to spoof a MAC address let alone knowing that it could even be done.  So since MAC filtering exists, there should be a flag in the device that says, "I'm connecting to a MAC filtered network" so that the devices can be used on all networks.  It isn't like MAC filtering is new.  It's been around nearly as long as WIFI.  And there are some Apple products that work just fine on my network.  It's just that others don't.  That seems, as a point of logic, to be inconsistent and another reason not to use them.

     

    I keep looking and researching the issue, there's gotta be a way to get this to work...

     

    Thanks

    J"SD"a'RR

  • by FishingAddict,

    FishingAddict FishingAddict Aug 31, 2016 7:11 PM in response to JaedenRuiner
    Level 4 (1,532 points)
    Mac OS X
    Aug 31, 2016 7:11 PM in response to JaedenRuiner

    Now that you have explained your needs a bit more in depth I understand where you are coming from.  Fortunately for mobile privacy, not only is Apple not going to change but MAC randomization will likely become a standard feature on all mobile devices.  It's a user privacy, tracking, and targeting issue.

     

    Your best bet in the future will likely be to get more of a commercial router that has features to require some type of login at some type of terms of service webpage prior to gaining access to the network.  Most universities and hotel's use these.  This also may make it easier to require a specific random password that maybe you provide on each month's rent invoice?  Just a thought.