Vlan and spoofmac

hanx

I need to use spoofmac function to meet my isp requirement. And I have 3 valn interface .

pfsense(only one real nic)–-trunk port on switch--vlan0, vlan1 ,vlan2.

I change the mac of vlan2 in webgui. But  it  change mac of vlan2 interface, not real nic.  Results are vlan2 cannot communication

I tried follow method,  it can worked.

ifconfig em0 ether "needmac"
ifconfig vlan0 ether "needmac"
ifconfig vlan1 ether "needmac"
ifconfig vlan2 ether "needmac"

How can change the mac of real nic not vlan on webgui?

Thanks

nocer

Hi,

Only you can change is so called "administrative" or "soft" MAC that is not the real MAC of course. The "real" MAC is something called a "hard" MAC. This hard MAC must be unique as far as you are on the Earth. Most of NIC has 2 or more writable registers for the administrative purposes. When NIC is powered on, the NIC copies its real MAC(from its EEPROM) to those registers then opens for drivers and administrators.

You can not change real(hard) MAC written in the EEPROM from webGUI or console, unless you have really special tools.

cheers,

hanx

@nocer:

Hi,

Only you can change is so called "administrative" or "soft" MAC that is not the real MAC of course. The "real" MAC is something called a "hard" MAC. This hard MAC must be unique as far as you are on the Earth. Most of NIC has 2 or more writable registers for the administrative purposes. When NIC is powered on, the NIC copies its real MAC(from its EEPROM) to those registers then opens for drivers and administrators.

You can not change real(hard) MAC written in the EEPROM from webGUI or console, unless you have really special tools.

cheers,

Sorry for my english.
I mean not to change real MAC on eeprom.
I need to modify the mac address of em0(vlan2 and other vlan on  the interface ) , not only teh mac of vlan2.

GruensFroeschli

I'm not sure if i understand correctly what you're trying to do, but why dont you change the mac to what you need it on every VLAN in the webGUI?

Did you assign the "real" interface together with the VLAN's?

You shouldnt mix tagged and untagged traffic on the same cable.
If you have only a single real interface, then create multiple VLAN's on this real interface and work only with VLAN's

ie:@good:

vlan0 on em0
vlan1 on em0
vlan2 on em0
vlan3 on em0

WAN –> vlan0
LAN --> vlan1
OPT1 --> vlan2
OPT2 --> vlan3

and NOT
@bad:

vlan0 on em0
vlan1 on em0
vlan2 on em0

WAN –> em0
LAN --> vlan0
OPT1 --> vlan1
OPT2 --> vlan2

Perry

I've also have an ISP(yousee) that needs to know my mac address. To solve it i make a direct connection from ISP modem to pfSense box (no vlan switch) then boot from a ubuntu livecd and browse to the ISP website to logon.  
After that i can use pfSense with no need to spoof, maybe it is a way you can use too?

hanx

@good:

vlan0 on em0
vlan1 on em0
vlan2 on em0
vlan3 on em0

WAN –> vlan0
LAN --> vlan1
OPT1 --> vlan2
OPT2 --> vlan3

Yes I did do this as the method. My setting is

Wan –>vlan1
Lan  -->Vlan0
opt1-->Vlan2 ( need spoofmac)

all  vlan is on em0.

before setup mac of opt1 interface
ifconfig show   (vlan0, vlan1, vlan2, em0) have a same address.

after setup mac of opt1 on webgui
ifconfig show  (vlan0, vlan1, em0) have a same mac address,  vlan 2 has a spoofmac address

but my switch can not accept data from vlan2.    but vlan0 and vlan1 is normal.

after I change the mac of( vlan0, vlan1, vlan2, em0 )  to the spoofmac (by use ifconfig in shell). Vlan2 is also normal

Because the ifconfig's change  will lost after reboot, so i want a permant method on webgui.

thanx

GruensFroeschli

Well there is the field "MAC address" on the config page.

If you set the spoofed MAC on the OPT1-config page it doesnt work?
How did you test that it doesnt work?
Did you clear the arp-cache of the devices connecting to the pfSense?

nocer

Okay,
Really simple way: Why don't you try adding some lines for static arp or ifconfig in the very end of /etc/rc or
equivalent rc scripts? That helps assign your desired MAC every boot.

hanx

Well there is the field "MAC address" on the config page.

If you set the spoofed MAC on the OPT1-config page it doesnt work?

Yes, it doesnt work.
In order to let vlan2 work, I must set the mac of em0 same as vlan2.

How did you test that it doesnt work?

Test method:  ping opt1 gateway from pfsense.

Did you clear the arp-cache of the devices connecting to the pfSense?

Yes, it is only a layer2 switch. And I also turn off and then turn on the switch.

hanx

@nocer:

Okay,
Really simple way: Why don't you try adding some lines for static arp or ifconfig in the very end of /etc/rc or
equivalent rc scripts? That helps assign your desired MAC every boot.

Thanx,  I use the simple way. But I hope to get a official method.