Controller shows unknown 'Known Clients'
For some time my OC200 controller regularly shown unknown clients in the overview of Known Clients. These all have a MAC Address starting with "C0-A8-01":
My setup:
- 1 x ER605 v2.0 router (firmware 2.2.6 Build 20240621 Rel.03066)
- 2 x SG2210P v5.20 switch (firmware 5.20.2 Build 20240531 Rel.65965)
- 1 x OC200 v1.0 controller (firmware 1.31.3 Build 20240620 Rel.80383)
- 5 x EAP615-Wall(EU) v1.0 access points (firmware 1.2.4 Build 20240312 Rel. 38105)
- 2 x EAP225-Outdoor(EU) v1.0 access points (firmware 5.1.6 Build 20240313 Rel. 43415)
- 2 x EAP230-Wall(EU) v1.0 access points (firmware 3.2.0 Build 20240103 Rel. 66363)
Even though I regularly forget these clients, they keep appearing every now and then. My network is properly secured with ACL's, IP-MAC Binding, etc.
Do other users have this as well, and does anyone know what this causing this?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @WM1
What kind of devices are these MAC addresses for?
Are they the real MAC addresses of the clients?
- Copy Link
- Report Inappropriate Content
Hi @Vincent-TP, good question.
I forgot to mention that none of these MAC Addresses are known to me. All my (30+) wired clients have a fixed IP address using DHCP Reservation, in combination with IP-MAC Binding. My (also 30+) mobile clients all have a dynamic IP address.
What at least is remarkable is that these all have a MAC Address starting with the same range "C0-A8-01". Obviously, I checked if any of my wired and wireless clients have MAC address that looks similar, which is not the case.
The only thing I can think of is that these are "temporary" (or actual?) MAC addresses of the access points, since many of these have a MAC address starting with the same range ("40-ED-00" for all 5 EAP615-Wall access points and "84-D8-1B" for all 2 EAP230-Wall access points).
Does this explain it somewhat better?
- Copy Link
- Report Inappropriate Content
Hi @WM1
These should not be the MACs of the APs.
Normally, wireless clients will choose to use random MACs to access the network for privacy protection, We suspect that these are the random MAC addresses used by the clients.
Did you check if there is any MAC address starting with "C0-A8-01" in the wired client list?
- Copy Link
- Report Inappropriate Content
Hi @Vincent-TP, thanks for your response.
I disabled random MACs of my known mobile clients to access my home network, as an extra layer of security using MAC Filter to only allow known clients. Tomorrow I will check if any of the mobile clients accidentally is using a random MAC address. That would explain it. I will let you know.
And yes, I checked if there is any MAC address starting with "C0-A8-01" in the wired client list; there is none. That is why I was suspecting the access points.
- Copy Link
- Report Inappropriate Content
Hi @WM1
You may also search the MAC on the Logs page, There will be a log if a client ever connects, and it will also show which device it is connected to, wired or wireless.
- Copy Link
- Report Inappropriate Content
Hi @Vincent-TP, l checked if any of the mobile clients accidentally is using a random MAC address. That seemed not the case. At the same time, no new registrations of unknown 'Known Cients' happened. I will keep an eye on it i the coming days. Thanks so far.
- Copy Link
- Report Inappropriate Content
Hi @VincentTP, meanwhile the MAC Addresses starting with the same range "C0-A8-01" in the overview of Known Clients of my OC200 controller has increased to 23:
C0-A8-01-0D-01-BB
C0-A8-01-1D-01-BB
C0-A8-01-1E-00-35
C0-A8-01-1E-01-BB
C0-A8-01-20-00-35
C0-A8-01-20-01-BB
C0-A8-01-22-01-BB
C0-A8-01-23-01-BB
C0-A8-01-26-00-35
C0-A8-01-28-01-BB
C0-A8-01-2A-00-35
C0-A8-01-2C-01-BB
C0-A8-01-2D-01-BB
C0-A8-01-2E-00-35
C0-A8-01-FE-D3-80
C0-A8-01-FE-E1-17
C0-A8-01-FE-E7-AE
C0-A8-01-FE-E9-B0
C0-A8-02-02-8C-12
C0-A8-02-02-AF-52
C0-A8-03-04-00-35
C0-A8-04-02-00-35
C0-A8-04-03-00-35
As you can see in the screenshot there is '0' KB/MB/GB of DOWNLOAD and '0' KB/MB/GB of UPLOAD.
As mentioned earlier, l checked if any of the mobile clients accidentally is using a random MAC address. That is not the case.
Can I ask you to investigate this? Thank in advance.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 403
Replies: 7
Voters 0
No one has voted for it yet.