Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP and MAC Address filtering

    Scheduled Pinned Locked Moved
    General pfSense Questions
    access control reserved assignment mac-address
    3
    6
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DarkKnight 0
      last edited by stephenw10

      Everyone on this forum has been great and I have my pFsense firewall up and running with Snort, pFBlockerNG and OpenVPN. Thank you all

      Now I need to migrate from the Netgear to the pFsense, what I mean is that I have pFsense LAN port going to my Netgear WAN port and all my devices on the LAN are handle by the Netgear. The reason why I want to migrate is the the netgear max throughput is between 300 MBPS and 500 MBPS (directly from Netgear Support). and USG20-VPN is only 350 MBPS So here are my question(s)

      1. does pFsense (DHCP) support reserved IP Address assignment ? or do I need to statically set IP's on all computers. ( Why ? I am using Arconis Advanced Workstation Backup and have the machine added to the management console and that is based on IP Address so for the workstation to be backed up the IP Address needs to remain the same.)

      2. Does pFsense support Access Control List ? ( Why ? The Netgear R6220 allow me to block all new connections and only allow connections from allowed computer(s) based on IP Address/MAC Address.

      That is all I need to complete my migration from the Zytel USG20-VPN to my custom built pFsense Fire Wall - IDS/IDP - OpenVPN Server.
      Learned allot and had allot of fun doing this. Again I thank you all as you all have been great in responding and answering questions

      Dark Knight

      S C 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @DarkKnight 0
        last edited by

        @DarkKnight-0 Yes you can reserve IPs.

        MAC filtering is a pfSense Plus feature. You can do some things like refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote đź‘Ť helpful posts!

        D 1 Reply Last reply Reply Quote 1
        • D
          DarkKnight 0 @SteveITS
          last edited by

          @SteveITS said in DCHP and MAC Address filtering:

          You can do some things like refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range

          is that in the Free version or Plus version ? As I did not see that or could not have understood the layout in pFsense

          Thank You Dark Knight

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @DarkKnight 0
            last edited by

            @DarkKnight-0 it’s “Deny unknown clients” on that link

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote đź‘Ť helpful posts!

            1 Reply Last reply Reply Quote 1
            • C
              coxhaus @DarkKnight 0
              last edited by

              @DarkKnight-0
              If you want you can bring both DHCP client server lists up in a Window and cut and past the MAC addresses to the new DHCP server.

              What I do now is I don't use DHCP reserved IPs and all I have to do is move the cables and the clients automatically acquire new IP addresses on the new DHCP server. It seems easier to me. If I set statics up for equipment I don't use DHCP as I set the statics up outside the DHCP range so they just transfer if you use the same network and mask.

              D 1 Reply Last reply Reply Quote 1
              • D
                DarkKnight 0 @coxhaus
                last edited by DarkKnight 0

                @coxhaus okay got it all figured out (refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.) this worked very well and I was able to use the Access Control on the netgear as well so that WIFI clients could not connect either.

                I am now completely up and running, I have addressed my speed issue by just getting Intel (ET PRO 1000) dual Ethernet adapter and just disabled RealTek Nic's. I am now getting the speeds I am paying for and I can see that everything inbound is block, no new devices can connect very happy camper here,

                28db92cd-b0c5-40a5-aba3-14a4ad01651e-image.png

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post