Hi  @WM1 

What kind of devices are these MAC addresses for?

Are they the real MAC addresses of the clients?

Hi @Vincent-TP, good question.

I forgot to mention that none of these MAC Addresses are known to me. All my (30+) wired clients have a fixed IP address using DHCP Reservation, in combination with IP-MAC Binding. My (also 30+) mobile clients all have a dynamic IP address.

What at least is remarkable is that these all have a MAC Address starting with the same range "C0-A8-01". Obviously, I checked if any of my wired and wireless clients have MAC address that looks similar, which is not the case.

The only thing I can think of is that these are "temporary" (or actual?) MAC addresses of the access points, since many of these have a MAC address starting with the same range ("40-ED-00" for all 5 EAP615-Wall access points and "84-D8-1B" for all 2 EAP230-Wall access points).

Does this explain it somewhat better?

Hi  @WM1 

These should not be the MACs of the APs.

Normally, wireless clients will choose to use random MACs to access the network for privacy protection, We suspect that these are the random MAC addresses used by the clients.

Did you check if there is any MAC address starting with "C0-A8-01" in the wired client list?

Hi @Vincent-TP, thanks for your response.

I disabled random MACs of my known mobile clients to access my home network, as an extra layer of security using MAC Filter to only allow known clients. Tomorrow I will check if any of the mobile clients accidentally is using a random MAC address. That would explain it. I will let you know.

And yes, I checked if there is any MAC address starting with "C0-A8-01" in the wired client list; there is none. That is why I was suspecting the access points.

Hi  @WM1 

You may also search the MAC on the Logs page, There will be a log if a client ever connects, and it will also show which device it is connected to, wired or wireless.

Hi @Vincent-TP, l checked if any of the mobile clients accidentally is using a random MAC address. That seemed not the case. At the same time, no new registrations of unknown 'Known Cients' happened. I will keep an eye on it i the coming days. Thanks so far.

Hi @VincentTP, meanwhile the MAC Addresses starting with the same range "C0-A8-01" in the overview of Known Clients of my OC200 controller has increased to 23:

C0-A8-01-0D-01-BB
C0-A8-01-1D-01-BB
C0-A8-01-1E-00-35
C0-A8-01-1E-01-BB
C0-A8-01-20-00-35
C0-A8-01-20-01-BB
C0-A8-01-22-01-BB
C0-A8-01-23-01-BB
C0-A8-01-26-00-35
C0-A8-01-28-01-BB
C0-A8-01-2A-00-35
C0-A8-01-2C-01-BB
C0-A8-01-2D-01-BB
C0-A8-01-2E-00-35
C0-A8-01-FE-D3-80
C0-A8-01-FE-E1-17
C0-A8-01-FE-E7-AE
C0-A8-01-FE-E9-B0
C0-A8-02-02-8C-12
C0-A8-02-02-AF-52
C0-A8-03-04-00-35
C0-A8-04-02-00-35
C0-A8-04-03-00-35

As you can see in the screenshot there is '0' KB/MB/GB of DOWNLOAD and '0' KB/MB/GB of UPLOAD.

As mentioned earlier, l checked if any of the mobile clients accidentally is using a random MAC address. That is not the case.

Can I ask you to investigate this? Thank in advance.