How devices are enrolled and named

Device enrollment is fully automated. Normally, no action is required as devices are listed automatically by its broadcast name, such as “ Johnny’s iPhone “.

Only when broadcast names are unable to be determined by the filtering service, does it fall back to the manufacturer of the MAC address. Here are some examples:

  • MAC addresses starting with 00:00:00 are Xerox
  • MAC addresses starting with A8:66:7F are Apple
  • MAC addresses starting with 10:bf:48 are ASUS

Having the MAC address visible provides you with the best ability to control your Policies, which will follow the MAC address. In other words, if a device changes IP address, the Policy will still apply. If the MAC address listed on the dashboard does not match, that happens when OSI layer 2 visibility is not available. This nerdspeak means that the filtering service received a different MAC address then your actual device. This can happen in the following circumstances:

  • A router is between your filtering service and the device
  • A bridge is between your filtering service and the device

Furthermore, the following are conditions where the broadcast name (NetBIOS) name may be unavailable to the filtering service:

  • Device has a firewall turned on
  • Device has NetBIOS bindings disabled
  • Filtering is run on a stand-alone device (such as ClearOS in stand-alone mode)

Enrollment happens automatically upon the first received DNS query. Devices remain in the list until they are deleted.