On Thu, Dec 21, 2023 at 2:49 PM Tom Hughes via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On 21/12/2023 14:33, Steven A. Falco wrote: > > On 12/21/23 08:53 AM, Neal Gompa wrote: > >> On Thu, Dec 21, 2023 at 8:52 AM Leigh Scott <leigh123linux@xxxxxxxxx> > >> wrote: > >>> > >>> I'm -1 for this change, it shouldn't be enabled by default as it will > >>> cause issues for users using router mac filtering. > >> > >> What this seems to state is that the MAC address would be unique for > >> each SSID, but once it's picked, it would be locked in. That should > >> still make router-level MAC filtering possible, since the MAC address > >> would be stable for that network. > > > > What would happen on a network where I've set up the DHCP server in my > > router to map mac addresses to static IP addresses? Sounds like I'd > > have to disable the feature, at least on my home network. > > Either that or you would make a one off change to your DHCP server > to use the new per-network MAC address instead of the old one. Would it not have to be done every time one reinstalls their system? And on each SSID one connects to (so connect to your HOME-5G (for your 5GHz AP), and HOME-2.4G (for your 2.4GHz AP), wifi networks would get different MAC addresses as the SSID is different?) (side note: some DHCP servers may not like assigning different MACs to the same IP address to allow individuals to choose their own access point frequency range based SSID). While doing so as an individual would probably be minorly annoying, for some orgs, "re-imaging" a system is the standard practice for repair (or redeployment, or for each reboot for guest systems) and having a stable MAC address (whether wired or wireless) is necessary for institutional requirements. And for some orgs with advanced 802.1x network access controls, changing MAC addresses may result in even more additional tasks across different parts of the organization (yes, one should not use mac authentication alone for 802.1x, but that is a different topic). For orgs with a more sophisticated process, updating their ansible provisioning scripts to change the NetworkManager to use the hardware address may be possible, although for others, that will be one more step for tech support to have to do manually (and, of course, occasionally forget to do, as they are always overworked), but at the very least the proposal should probably call out that change requirement more explicitly for such orgs. Given the unknown impact on larger organization customers (rather than individuals taking their own devices to an overpriced coffee shop), I am currently leaning on the -1 side. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
