Changing MAC Address of VLANS on to obtain multiple IPs via DHCP
-
@jarhead Freebsd does allow vlan interfaces using different Mac addresses, via ifconfig.
ifconfig igb0.11 ether random
ifconfig igb0.11 ether 00:08:a2:1d:3d:c1
-
Any idea how to make that persist through reboot?
-
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
Wondering if anyone has any suggestions
Can you not just use different physical nics for your wan interfaces, or add more interfaces? That would be the simplest solution ;) A 4 port nic isn't all that expensive. Especially if 2nd hand.
-
I've had a rough go with 2nd hand NICs failing in servers, so don't want to chance that on Pfsense. I'm working to set up a redundant Pfsense box, and have 10gbe NICs, so I would like to avoid the cost of two quad port 10gbe NICs if possible.
-
@sef1414
So couldn't you add ifconfig igb0.11 ether 00:08:a2:1d:3d:c1 to the loader.conf.local file? -
I actually was not able to get the second interface working, so I suppose thats moot for now. I was able to run that command and change the MAC on the second interface, and it appeared to pickup an IP according to the gateways status page, but it remained in a pending status.
cxl0.101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN_VLAN options=1080000<LINKSTATE,TXRTLMT> ether 00:07:43:57:14:60 inet6 fe80::207:43ff:fe57:1460%cxl0.101 prefixlen 64 scopeid 0x18 inet xx.xx.xx.xx netmask 0xffffff00 broadcast xx.xx.xx.xx groups: vlan WAN_GROUP vlan: 101 vlanpcp: 0 parent interface: cxl0 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> cxl0.102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN2_VLAN options=1080000<LINKSTATE,TXRTLMT> ether 00:07:43:57:14:63 inet6 fe80::207:43ff:fe57:1462%cxl0.102 prefixlen 64 scopeid 0x19 groups: vlan vlan: 102 vlanpcp: 0 parent interface: cxl0 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> -
@sef1414
Just had another thought, earlyshellcmd will get that through a reboot. -
Alright, thanks. I'll give that a shot if I can figure out how to get that command to achieve desired effect.
-
So I ended up grabbing a quad port NIC so that I could get around this issue... however, now I'm facing a new obstacle.
I have two WAN connections from the same ISP. Two different modems plugged into a single mikrotik switch. I assigned VLANs to each port, and then ran a second trunk cable to a different physical interface on pfsense, so that the two connections from the same ISP would each have their own parent interface with different MAC addresses.
Cable ISP Port #1 - VLAN 101 ----> Pfsense WAN_VLAN101 on cxl0 interface
Cable ISP Port #2 - VLAN 102 ----> Pfsense WAN2_VLAN102 on em0 interface
DSL ISP Port #3 - VLAN 103 ----> Pfsense WAN3_VLAN103 on cxl0 interfaceThe second connection from the cable ISP manages to successfully grab an IP this time, but the gateway won't come up. Only one gateway from the Cable ISP will show as online, and the other will show 100% packet loss. If I unplug one, the other one comes online, and vice versa. I'm at a loss as to what to do now. I'm guessing perhaps the problem lies in how traffic is being handled at the switch level, but I'm not sure. Any suggestions would be most appreciated.
-
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
Cable ISP Port #2 - VLAN 102 ----> Pfsense WAN2_VLAN102 on em0 interface
The monitor IP here is key, I think. What's the IP address of the WAN2? Drop the last octet if you are concerned about exposing it
-
Its 68.107.128.x
Before configuring the WAN connections via VLAN, I would not input a monitor IP, and just monitor the gateway IP. The only way I could get WAN to come up is using a monitor IP. For WAN2 I tried without a specified monitor IP, as well as a handful of public DNS servers.
-
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
he only way I could get WAN to come up is using a monitor IP
Yes, typically you use a DNS server for this.
Some ISPs (such as yours, apparently) will block the checking ping (which sends every second) as a DoS attack and block the ping. The gateway still works but it won't ping and it brings it down.
The solutions are find a different IP to ping (as you did) or disable the gateway monitoring action/monitoring function.
Try changing that monitoring IP to Google (8.8.8.8, 8.8.4.4) or another public DNS IP. Note this will make a static route so if this ISP does goes down or get disconnected that will stop the DNS traffic from routing.
-
I tried Google (8.8.4.4) with the same results. The one in the screenshot is OpenDNS.
