AP with onboard built in NAS abilities/multiple MAC Hardware Layer 2 addresses
-
@stephenw10 it's essentially a wireless NAS it's part of the AP. It's the airport extreme AP/ apple time machine software.
(AP bridge mode to pfSense Firewall)
(Set to Bridge Mode)
(NAS within the AP itself)
(Accessible NAS within bridge mode set AP) -
@stephenw10 I made a Redmine ticket for the hostname mix ups because it should update the hostname or block inputting different ones because logs could be wrong if it doesn't use the right hostnames.
-
@JonathanLee said in AP with onboard built in NAS abilities/multiple MAC Hardware Layer 2 addresses:
I made a Redmine ticket for the hostname mix ups
And what is this redmine number? Seems like lack of understanding of basic concepts if you ask me vs some issue with pfsense.
-
If there's a bug here it's probably that you shouldn't be able to add the same IP address to multiple dhcp static mappings.
But you can't ever prevent all config errors. -
@stephenw10 we can try to prevent all the errors
-
@johnpoz https://redmine.pfsense.org/issues/14516
Opened
-
"With Multiple static ARP MAC-IP pairing to the same IP address"
So you don't see the problem with this? Thought you wanted to reduce traffic?
So if I create multiple entries for say 192.168.1.100 for like 3 different mac addresses.. And then I want to send traffic to 192.168.1.100 - so I will put 3 packets on the wire? Sending to all 3 mac addresses?
Like I said lack of understanding of basic concepts is the issue here.
-
@johnpoz Why does the GUI allow it? Leading to, it does allow it. Therefore, why does it map to the wrong host names? If only one shows as an active DHCP lease at a time wouldn't it only send packets to that device? It also would not recognize active leases with multiple entries it shows them offline. Hypothetical situation, an admin has a list of thousands of static DHCP entries, wouldn't he want some type or control for multiple entries and or a way to log the correct hostname that in use at that particular time if he needed multiple entries? It didn't list the right hostname in my example. The PfSense system software now has experimenatal layer 2 Ethernet filtering rules as of 23.05, shouldn't we start to research this? Spoofed MAC addresses so on?
-
There's only so much input validation and error checking we can do. But it seems like this might be possible.
Ultimately the user can configure pfSense in any number of broken ways we can't prevent.
Steve
-
@stephenw10 yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DHCP list with a couple entries thus causing hostname mix ups. That for one would be very hard to pinpoint. Moreover, we know the amount of hours system administrators work. It's a lot of hours. This would make PfSense have a ease of use software functionality built in. I assumed that if pfSense allowed multiple duplicate entries, it was done for a situation when two devices need to be swapped in and out and need the same IP address, in this mindset PfSense should still log the correct hostnames. Again, if that was the reason for PfSense allowing the GUI duplicate entries.
Weird thing to research, but the hostnames mixup was what I was after and or why
PfSense would allow the duplicate entries in the first place. Let's agree admins have monster static dhcp lists that are updated and changed all the time within a secure setting. This situation would want controls in place for hostnames. Finally, logs for the hostnames could get bonkered up and with a monster list and that would be hard to track down why hostnames are wrong. We know PfSense now has experimental layer 2 Ethernet filtering.