Re: Question about MAC Address randomization options

On Fri, 2018-06-29 at 15:48 -0500, Jim Campbell wrote:
Hi All,

I was looking through the options regarding MAC Address
randomization, and have a question about them. A member of my team
wanted to know if it would be possible to do a sort of combo between
the "stable" and the "random" options. 

As a refresher, here is my understanding of these two particular

1) The "stable" option - give one MAC address to My_Neat_Wifi_AP_Name
(which would remain stable, but would be unique), and give another
unique address to each other Wifi AP. The MAC address would remain
stable for each of those AP's, but they would be unique between each


2) The "random" option - Give a random MAC address to
My_Neat_Wifi_AP_Name and to every other Wifi AP (each connection
would always use a random MAC address every time the system connected
to an AP). 

What my coworker inquired about is a mix between 1 (stable for
My_Neat_Wifi_AP_Name ) and 2 (random for every other AP).

I don't think this is currently possible (and may not be feasible /
practical in the future), but I thought I would inquire about it just
to be sure.

Thanks very much for all of your work.


I think that should be easily possible.

In general, NetworkManager is profile oriented. So, you anyway reqire a
profile for each SSID, as you see them with `nmcli connection`.

The configuration option in question (wifi.cloned-mac-address) is part
of the profile, you could just configure most profiles with a value
"random", except one having "stable". For example with something like:

  for UUID in $(nmcli -g UUID connection); do nmcli connection modify uuid "$UUID" wifi.cloned-mac-address 
$WHATEVER ; done

Alternativley, various profile settings support to have their default
value defined in NetworkManager.conf. See "CONNECTION SECTION" in `man
NetworkManager.conf`. As such, you could instead leave "wifi.cloned-
mac-address" setting of most profiles at their default/unset value.
This makes the setting elegible to fallback to the default from
NetworkManager.conf. Only at a selected few you'd configure an explicit

It result is very similar, whether you explicitly configure "random" in
the profile, or whether you allow it to fall back to a default-value
"random" from NetworkManager.conf.

Also, I personally prefer to leave cloned-mac-address always unset (in
the profile), and set their default to "stable". But then instead I
tweak the stable-id to either "${RANDOM}" or "some value". The stable-
id itself can be dynamic, via certain special values ("${RANDOM}",
"${BOOT}", "${CONNECTION}", which also can be combined, like
"${CONNECTION}${BOOT}" -- which is actually the only combination that
makes sense).

See connection.stable-id in `man nm-settings` [1].

Actually, I use [2] snippet, with most profiles neither specifying
stable-id nor cloned-mac-address (thus, falling back to "stable" and a
"${RANDOM}" stable-id). And then, for a selected few profiles, I set a
more suitable stable-id.



Kind regards,


P.S.  Thanks for this well-written blog-post!
networkmanager-list mailing list
networkmanager-list gnome org

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]