The way you’re supposed to identify hosts for v6 configuration is with a DUID instead of a MAC.
So this is just a feature of DHCPv6, right? The one unsupported by Android?
A better way of managing it is to group common hosts within a specific /64, and set policy specific to that. The hosts can then cycle through IADs as normal. It’s why it’s so important for ISPs to provide a minimum of /60 or /56 via PD as a default.
Then, without some kind of ident, you need physical separation or VLANs which gets kind of annoying in a small/home network. Mostly I want to keep an eye on windows machines, silence consumer devices (IoT/entertainment devices), and allow some services for a couple of servers (don’t tell my ISP). They all need to be treated uniquely by the router/firewall.
So this is just a feature of DHCPv6, right? The one unsupported by Android?
Then, without some kind of ident, you need physical separation or VLANs which gets kind of annoying in a small/home network. Mostly I want to keep an eye on windows machines, silence consumer devices (IoT/entertainment devices), and allow some services for a couple of servers (don’t tell my ISP). They all need to be treated uniquely by the router/firewall.