DHCP LEASES some mac address that are not allowed is shown in the dhcp leases

invoker

hello sir,

some of the mac address that is not allowed in captive portal was shown in the the dhcp leases / it was active

johnpoz

@invoker kind of hard to talk to the captive portal in the first place, if the device can't get an IP.. So kind of requirement for device to get an IP from dhcp.

If you want to block some device from getting an IP from dhcp, you should set that up in the dhcp server or your wifi network from macs connecting in the first place.

SteveITS

@invoker In the DHCP Server config, see the "Deny unknown clients" choice.

invoker

@johnpoz i already filtered MAC address in my captive portal the one that i filtered is the one that i allow to connect to the dhcp or to have internet but suddenly in the dhcp leases there are some MAC address that is showing but not in the list of filtered MAC address that i allow.

invoker

@SteveITS thank you sir

Gertjan

@invoker said in DHCP LEASES some mac address that are not allowed is shown in the dhcp leases:

some of the mac address that is not allowed in captive portal was shown in the the dhcp leases / it was active

As said by @SteveITS

In the DHCP Server config, see the "Deny unknown clients" choice.8

I'l detailed this one yesterday :

Maybe you do need this.

But using a captive portal, a network for unknown devices and non trusted devices, when you accept only known devices .... that the world upside down.

@invoker said in DHCP LEASES some mac address that are not allowed is shown in the dhcp leases:

@johnpoz i already filtered MAC address in my captive portal the one that i filtered is the one that i allow to connect to the dhcp or to have internet but suddenly in the dhcp leases there are some MAC address that is showing but not in the list of filtered MAC address that i allow.

MAC blocking isn't actually blocking MAC's (like : no traffic what so ever) when using that functionality on the captive portal.
Examples :

The first entry : it's like the captive portal isn't there for the 00:11:22:33:44:55 user. GUI Interface rules still apply, though.
Second entry : the user did get an DHCP lease, IP, gateway, etc. He even sees the login page, with a message : "You are blocked" (something like that).

This : MAC Address Control says "Always deny traffic from this MAC address" and that's not really what happens : the device and the portal are exchanging traffic, as you will see the login page, and the blocked message. Other traffic, like visiting other (Internet) web pages, isn't possible.

johnpoz

@Gertjan said in DHCP LEASES some mac address that are not allowed is shown in the dhcp leases:

when you accept only known devices .... that the world upside down.

Yeah kind of defeats the whole point of a captive portal if you ask me. You you only allow known devices to connection - what is the point of captive portal then?

Gertjan

@johnpoz said in DHCP LEASES some mac address that are not allowed is shown in the dhcp leases:

You you only allow known devices to connection - what is the point of captive portal then?

It boils down to "what is my concept of networking", and then "yours", and then, after some extrapolation, you'll find a lot of so called definitions of one and the same thing out there.

pfSense might even be at fault here, as it might induce this impression that every possible collection of selected options and settings can create a workable or useful solution for someone

I guess we'll reach that point in the future : invent something (whatever), and some one else has already tried it. This forum has already a nice collection of them.