Captive Portal doesn't refresh the MAC table



  • Hi everybody,

    the latest build of pfSense with Captive Portal is running in my company. In the following you can see my problem:

    Scenario:
    Client-A (172.16.0.5(Static)) has logged into my Captive Portal. Few days later came Client-B with the same static IP (Client-A is already departed right now) and Client-B will be logged into Captive Portal too. Here is the problem, nothing is happen. I can login, but the redirect is doesn't work and i haven't access to my network behind the Captive Portal. Captive Portal doesn't refresh the MAC Addresses. I must manually kick the Client-A out of my MAC Table (into pfSense/Captive Portal).

    Why? Thanks in advanced for your help.
    Quentoo



  • How long are you leaving your client connections to time out? And why are you putting two clients on one network with the same IP address in the first place? Why not use DHCP? That way you don't run the risk that both clients could end up on the same network with the same IP.



  • Hey,

    Thanks for your reply. The Client's wasn't at the same time with the same IP in our network. Client-A was departed as Client-B would be connect to our network.

    Thanks in advanced.
    Quentoo



  • @muswellhillbilly:

    How long are you leaving your client connections to time out? And why are you putting two clients on one network with the same IP address in the first place? Why not use DHCP? That way you don't run the risk that both clients could end up on the same network with the same IP.



  • Thanks for your same reply …

    12h leaving maybe fewer. DHCP is not intendet on our pfSense-Network infrastructure. Or can you help me only with DHCP?  :P



  • Same as muswellhillbilly;
    What is the time out ? (hard and soft)
    How long is your DHCP lease (Captive poprtal interface) ?



  • I would double-check your CP hard-timeout settings to make sure your MAC addresses are being unbound from the IP address. Also make sure the tick-box 'Enable Pass-through MAC automatic additions' is un-ticked, as this will set the MAC address as having unlimited access after the first successful login. You might also want to check your ARP table to see if it's holding onto the first MAC against the IP both are using.

    As I've said already, I don't see why you don't use DHCP (you say it's not used in your network, but you don't explain why). DHCP simplifies your client addressing and would remove the likelihood of something like the problem you're having from occurring. Static addresses are generally used for servers, not for client workstations. You also take a risk that both users could end up on the network at the same time, creating an obvious issue.

    If none of this sorts the issue out, may I suggest you post a screenshot of your CP settings?



  • @muswellhillbilly:

    I would double-check your CP hard-timeout settings to make sure your MAC addresses are being unbound from the IP address. Also make sure the tick-box 'Enable Pass-through MAC automatic additions' is un-ticked, as this will set the MAC address as having unlimited access after the first successful login. You might also want to check your ARP table to see if it's holding onto the first MAC against the IP both are using.

    As I've said already, I don't see why you don't use DHCP (you say it's not used in your network, but you don't explain why). DHCP simplifies your client addressing and would remove the likelihood of something like the problem you're having from occurring. Static addresses are generally used for servers, not for client workstations. You also take a risk that both users could end up on the network at the same time, creating an obvious issue.

    If none of this sorts the issue out, may I suggest you post a screenshot of your CP settings?

    Thanks man! :-) I check these in the next days. Enjoy your week.



  • Also:
    Read carefulle what's being idicated at the bottom of this page :
    ServicesCaptive => Portal => => Configuration

    It's something like:

    Don't forget to enable the DHCP server on the captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the hard timeout entered on this page. Also, the DNS Forwarder or Resolver must be enabled for DNS lookups by unauthenticated clients to work.
    


  • @Gertjan:

    Also:
    Read carefulle what's being idicated at the bottom of this page :
    ServicesCaptive => Portal => => Configuration

    It's something like:

    Don't forget to enable the DHCP server on the captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the hard timeout entered on this page. Also, the DNS Forwarder or Resolver must be enabled for DNS lookups by unauthenticated clients to work.
    

    I've already checked, this is fine.