[WarrenHolt]

One thing still open for understanding is: when I pressed the minus button next to a static entry in the Hostnames and Static Leases listing, why wasn’t the entry REALLY removed?

[WarrenHolt]

The connected devices listing does not show her IP and does not show “unknown”. I checked her device and the IP her iPhone presented is NOT the IP I have for the MAC address of her phone. The IP is for the April_TV which is a different MAC address.

If I remember correctly, from what I have been reading today, an iPhone has the ability to change it’s MAC address depending upon what router / network they connect to. Yea, just checked – https://support.apple.com/en-us/HT202068 – Scroll down to the MAC address filtering – one bullet point reads: To help protect user privacy, some Apple devices use a different MAC address for each Wi-Fi network.

Then following the given link and reading the “About private Wi-Fi addresses” is this: Starting with iOS 15, iPadOS 15, and watchOS 8, if your device hasn’t joined the network in 6 weeks, it uses a different private address the next time it connects to that network. And if you make your device forget the network, it will also forget the private address it used with that network, unless it has been less than 2 weeks since the last time it was made to forget that network.

I don’t believe my granddaughter has disconnected from my WiFi for 6 weeks but she sure ends up utilizing WiFi from all over and perhaps that triggered the “change the MAC address” that apple has built in.

I am old school so I think MAC addresses are locked to a device. OBVIOUSLY that is no longer the case.

Any bright ideas how you guys are going to be able to combat this or any ideas for me? Sometimes technology really bothers me!

Ok, I did more reading from Apple info – ref: https://support.apple.com/en-us/102509 and there is a section for Network Administrators:

If you manage a Wi-Fi router that’s configured to notify you when a new device joins the network, you are notified when a device first joins with a private address.

Businesses and other organizations might need to update their Wi-Fi network security to work with private addresses. Or they can use an MDM-defined network profile to turn off Private Address for enrolled devices that join their Wi-Fi network. Learn more about private Wi-Fi addresses and enterprise networks.

And that last part of the paragraph is a link. I will let you find and follow it, if you desire.

I also think this is some of the same stuff the School is performing because I have had to capture her School laptop with more than one IP / MAC.

If you have any brilliant ideas, I am open to them!

[WarrenHolt]

Of all the times I have logged into my router today (more than 5), I have NEVER seen my granddaughters phone (April_iPhoneSE) in the Connected Devices list. I DO see all the devices I expect to see, however – an iPad, my phone, my wife’s phone, two entries for the Roku TV. And I have performed the list refresh more than once.

[WarrenHolt]

I have checked with my Wife’s iPad and my Android phone. The IP reported on each device is the same that is being reported in the connected devices list when I log into the router. Also, these are in both in the Hostnames and Static Leases listing as I strive to make all the IPs static to help keep tabs on who’s accessing the network.

[WarrenHolt]

To answer your question: no “unknown” device has been presented. Now, there is more:

I had a goal to apply an access calendar to restrict access to a range of time for a PhilipsRokuTV_356 TV in my granddaughter’s room

I had setup a TV Profile and set: CleanBrowsing Family Filter DNS Server, Safe Search, and Enable Access Control
After making sure no other device was affected by the profile, I applied an Access Calendar to restrict TV use from 10:00pm to 7:00am on School nights.
When my granddaughter came home tonight (the 31st), she said her iPhone did not have internet access. I looked and saw the pcWRT “access not allowed” (or such) screen was displayed on her phone.
I logged into the router and her iPhoneSE device was not present in the Connected Devices list, even after I did a refresh. And when I say it is not present, I mean there is also no “unknown” entry present.
I was able to find out her MAC address and looked in Settings-Network-Hostnames and Static Leases and found the MAC address and the Hostname I had given it at first: “April_iPhoneSE”.
I pressed the “-” (minus button) next to the Hostname and removed it from the list, thinking it would show up on the Connected Devices list. I waited for perhaps 2 minutes or so. Then even after I did a refresh or two, it was not showing and neither was an “unknown” device present.
So I rebooted the router.
After the reboot, I again checked the Connected Devices list – and the device and “unknown” was still not there, even after a refresh. But all the devices I expected to see were there.
I when to the Hostnames and Static Leases and again found the MAC address / “April_iPhoneSE” Hostname in the listing – at the same IP it had before I pressed the minus button.
I went to the TV profile. When the TV was brought to the house, it presented two device connections which I named “Aprils_TV” and “PhilipsRokuTV_356.
I removed “PhilipsRokuTV_356” from the TV profile and checked if her iPhone was now connecting. It wasn’t.
I put “PhilipsRokuTV_356” back and removed “Aprils_TV” and checked if her iPhone was now connecting. It WAS – but the Connected Devices list still did not show it or an “unknown” device. However, both “PhilipsRokuTV_356” and “Aprils_TV” are in the list as well as the others I would expect.
I have checked the three devices and all have different MAC addresses AND different IP addresses.
In the Bandwidth App, I also see the bandwidth I saw when she was watching TV when I did not want her to. And the traffic is associated with “Aprils_TV”

So I presently am unable to achieve my goal, although I have NO idea what is going on!

[WarrenHolt]

Bandwidth Monitor Stats – 11:00 pm to 1:00 am – Sept 27/28
Total: (sorry, did not highlight this so did not paste as part of the list)
Alexis_iPad (3.79 MB) – shows no pie chart when clicked – no profile for this
Alexis_iPhone (118.54 MB) – shows no pie chart when clicked – no profile for this
April-LCSD-82Q4WZ2-Schol-Laptop (132.53 MB) – shows live.com, ibosscloud.com, windows.com when clicked
Red-Whale-iPad_Old (303.90 KB) – shows apple.com and others when clicked on
RedWhaleiPadGo_Wife (325.82 KB) – shows apple.com and googleapis.com when clicked on
wHolt-01 (3.54 MB) – shows no pie chart when clicked on – no profile device for this

Clicking on the highest bar in April-LCSD-82Q4WZ2-Schol-Laptop bandwidth monitor display – does not present a detailed listing, just 111.32 MB download and 1.16 MB upload – but no pie chart for either (for any bar in that time frame).

[WarrenHolt]

Enforce Access Control is checked along with Safe Search, Block Literal IP, Block VPN,TOR, URL Filter Mode – White List with only www.googleapis.com in the white list box, 8 calendars for time limits on different groups, DNS Server “CleanBrowsing Family Filter” and YouTube Restricted set to Restricted.

[WarrenHolt]

P.S. – Checking the logs shows access denyed due to Proxy/IP

[WarrenHolt]

Ok, I understand. Thanks.
Now I assume Static Leases do not need to remain within that range. Should they always be kept OUT of the DHCP range (e.g. the two never overlap)?

[WarrenHolt]

Wow! I played with the Bandwidth Monitor more, now that I understand the text will drill down when I click it, and I must say – you guys really present lots of information! Sorry for the post – I will try to look around better next time.

[WarrenHolt]

1) Yes, my listing is already sorted by Hostname
2) In my setup, I like to place those I allow on my network into a certain block of static IP addresses outside the DHCP block. So I may have DHCP give me 100 to 120 while the static IPs are 200 to 235 or so. I also have an Apache server running on my main development computer with a static IP of 240 (does not get to the web). I know I can go to any computer / device in my network and type in 192.168.0.240 and that device can access the Apache server content. Now instead of hostnames, I look at my IP listing, then to the Host for that IP and I can grant / modify their access as needed. This is just what I have gotten used to given the diversity of devices that come and go on my network (different laptops, iPhones, iPads, etc). So sorting by IP, for me, would just be nice – not a necessity and I thought since it is just some JavaScript, we should be able to click on the list title and have the list sorted by that entry, maybe even toggling between sorted Ascending or Descending, like I have seen at other web sites. Like I say, not a necessity – just would be nice.

[Author]

Posts