Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal doesn't refresh the MAC table

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      Quentoo
      last edited by

      Hi everybody,

      the latest build of pfSense with Captive Portal is running in my company. In the following you can see my problem:

      Scenario:
      Client-A (172.16.0.5(Static)) has logged into my Captive Portal. Few days later came Client-B with the same static IP (Client-A is already departed right now) and Client-B will be logged into Captive Portal too. Here is the problem, nothing is happen. I can login, but the redirect is doesn't work and i haven't access to my network behind the Captive Portal. Captive Portal doesn't refresh the MAC Addresses. I must manually kick the Client-A out of my MAC Table (into pfSense/Captive Portal).

      Why? Thanks in advanced for your help.
      Quentoo

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        How long are you leaving your client connections to time out? And why are you putting two clients on one network with the same IP address in the first place? Why not use DHCP? That way you don't run the risk that both clients could end up on the same network with the same IP.

        1 Reply Last reply Reply Quote 0
        • Q
          Quentoo
          last edited by

          Hey,

          Thanks for your reply. The Client's wasn't at the same time with the same IP in our network. Client-A was departed as Client-B would be connect to our network.

          Thanks in advanced.
          Quentoo

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly
            last edited by

            @muswellhillbilly:

            How long are you leaving your client connections to time out? And why are you putting two clients on one network with the same IP address in the first place? Why not use DHCP? That way you don't run the risk that both clients could end up on the same network with the same IP.

            1 Reply Last reply Reply Quote 0
            • Q
              Quentoo
              last edited by

              Thanks for your same reply …

              12h leaving maybe fewer. DHCP is not intendet on our pfSense-Network infrastructure. Or can you help me only with DHCP?  :P

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Same as muswellhillbilly;
                What is the time out ? (hard and soft)
                How long is your DHCP lease (Captive poprtal interface) ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • M
                  muswellhillbilly
                  last edited by

                  I would double-check your CP hard-timeout settings to make sure your MAC addresses are being unbound from the IP address. Also make sure the tick-box 'Enable Pass-through MAC automatic additions' is un-ticked, as this will set the MAC address as having unlimited access after the first successful login. You might also want to check your ARP table to see if it's holding onto the first MAC against the IP both are using.

                  As I've said already, I don't see why you don't use DHCP (you say it's not used in your network, but you don't explain why). DHCP simplifies your client addressing and would remove the likelihood of something like the problem you're having from occurring. Static addresses are generally used for servers, not for client workstations. You also take a risk that both users could end up on the network at the same time, creating an obvious issue.

                  If none of this sorts the issue out, may I suggest you post a screenshot of your CP settings?

                  1 Reply Last reply Reply Quote 0
                  • Q
                    Quentoo
                    last edited by

                    @muswellhillbilly:

                    I would double-check your CP hard-timeout settings to make sure your MAC addresses are being unbound from the IP address. Also make sure the tick-box 'Enable Pass-through MAC automatic additions' is un-ticked, as this will set the MAC address as having unlimited access after the first successful login. You might also want to check your ARP table to see if it's holding onto the first MAC against the IP both are using.

                    As I've said already, I don't see why you don't use DHCP (you say it's not used in your network, but you don't explain why). DHCP simplifies your client addressing and would remove the likelihood of something like the problem you're having from occurring. Static addresses are generally used for servers, not for client workstations. You also take a risk that both users could end up on the network at the same time, creating an obvious issue.

                    If none of this sorts the issue out, may I suggest you post a screenshot of your CP settings?

                    Thanks man! :-) I check these in the next days. Enjoy your week.

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      Also:
                      Read carefulle what's being idicated at the bottom of this page :
                      ServicesCaptive => Portal => => Configuration

                      It's something like:

                      Don't forget to enable the DHCP server on the captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the hard timeout entered on this page. Also, the DNS Forwarder or Resolver must be enabled for DNS lookups by unauthenticated clients to work.
                      

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • Q
                        Quentoo
                        last edited by

                        @Gertjan:

                        Also:
                        Read carefulle what's being idicated at the bottom of this page :
                        ServicesCaptive => Portal => => Configuration

                        It's something like:

                        Don't forget to enable the DHCP server on the captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the hard timeout entered on this page. Also, the DNS Forwarder or Resolver must be enabled for DNS lookups by unauthenticated clients to work.
                        

                        I've already checked, this is fine.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.