Is there a way to block devices with "Private" MAC addresses?

I want every device to use a real MAC, not a "private" one: MAC addresses like below should not get an IP address nor should they access Internet. Is that possible on an OpwnWrt router?

The router is OpenWrt on x86-64 and I am using several APs (non-OpenWrt).


I can't really answer if this is possible or not from a technical level, but a few thoughts:

  • This is fine, but may be a bit arduous, if all of the devices that may connect to your router are under your control (or indirectly so - like your family member's device, as an example). But it will end up causing lots of hassles for your friends/family/customers/guests/students (whatever the context) and thus for you, too. I'd be surprised if anyone would understand why their device(s) won't connect. And most of those people probably also won't know about the 'private MAC' address settings on those systems (not to mention that most people may not even know what a MAC is in the first place). So they'll bug you every time they try to connect a new device and/or they'll be frustrated. So it becomes a burden for you and for others. (And I'm assuming that this is targeted at devices that you don't (directly) own, because if they are your own devices, you can simply turn off the private MAC feature and be done; the only reason to bother asking this question is if you are doing this for devices that aren't directly yours).
  • I'm not sure what benefit this really has for you in any practical context. If you have a strong password that is only provided to those who are allowed to connect, you should not need to worry about random devices connecting. And if you're running a business network, the whole reason that this feature exists is to prevent businesses and other public wifi networks from tracking user locations/behaviors, so it would seem counter to most current privacy practices and may upset your patrons.

See this similar request:

1 Like