Easy to check if an LAA (locally administered MAC address) is used or not. Look in your registration table or log.
In the beginning Apple used a different LAA for every connect in privacy mode. Now it seems to hold the same LAA for 24h for the same SSID network.
Android is doing the same already.
My "workaround" is using RADIUS PEAP/EAP/MSCHAPv2 as authentication. The wifi access is username based, not MAC address based.
Unsolved problem: how to inform a hotspot portal that the user is already identified and authenticated? (Fortinet does this with a RADIUS-listener to create a table of user/IP/MAC entries)
FROM
http://www.noah.org/wiki/MAC_address:
locally administered address
A locally administered MAC address is similar to a LAN IP address (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). You can make up your own locally administered address and can be sure that it will not collide with any hardware on your network that use a factory burned-in MAC address. Locally administered addresses are useful when creating virtual machines or virtual network interfaces.
The second bit of the first byte of a MAC address determines the type of OUI. If the bit is 0 then it is an OUI globally assigned by the IEEE; if the bit is 1 then it is a locally administered MAC address.
Create a OUI by whatever scheme you like, then logically OR it with 02:00:00:00:00:00, and then logically AND it with fe:ff:ff:ff:ff:ff, and you will have a locally administered address. The first OR pattern sets bit 2 of the first byte; the second AND pattern clears bit 1 of the first byte (unicast, not multicast).
The following MAC address pattern satisfies the OUI requirements:
4e:4f:41:48:00:00
SEE also :
viewtopic.php?f=7&t=160748&p=825959&#p825731