Information About Disabling Clients with Random MAC Addresses
Wireless clients used to associate with a wireless network using the MAC address that is assigned, for the Wi-Fi network interface card (NIC), during manufacture. This globally unique MAC address assigned by the manufacturer is also known as burn-in address (BIA). BIA tracks end users with the help of the MAC address of the Wi-Fi. To improve the privacy of end user products, a locally enabled random MAC address is enabled for Wi-Fi operations.
Prior to Cisco IOS XE Bengaluru 17.5.1 Release, clients joining a wireless network using a random MAC address could not be tracked with ease. From Cisco IOS XE Bengaluru 17.5.1 Release onwards, the controller is equipped with a knob that denies the entry of clients with a random MAC address into the network. When the local-admin-mac deny knob is enabled on the controller, the association of a client joining the network with a random MAC address is rejected. By default, this feature is disabled on the controller.
This feature is not supported in Cisco Wave 1 access points.