How devices are enrolled and named

Device enrollment is fully automated. Normally, no action is required as devices are listed automatically by its broadcast name, such as “Johnny’s iPhone“.

Only when broadcast names are unable to be determined by the filtering service, does it fall back to the manufacturer of the MAC address. Here are some examples:

  • MAC addresses starting with 00:00:00 are Xerox
  • MAC addresses starting with A8:66:7F are Apple
  • MAC addresses starting with 10:bf:48 are ASUS

Having the MAC address visible provides you with the best ability to control your rulesets, which will follow the MAC address.  In other words, if a device changes IP address, the ruleset will still apply. If the MAC address listed on the dashboard does not match, that happens when OSI layer 2 visibility is not available. This nerdspeak means that the filtering service received a different MAC address then your actual device. This can happen in the following circumstances:

  • A router is between your filtering service and the device
  • A bridge is between your filtering service and the device

Furthermore, the following are conditions where the broadcast name (NetBIOS) name may be unavailable to the filtering service:

  • Device has a firewall turned on
  • Device has NetBIOS bindings disabled
  • Filtering is run on a stand-alone device (such as ClearOS in stand-alone mode)

Enrollment happens automatically upon the first received DNS query. Devices remain in the list until they are deleted.