Vlan and spoofmac



  • I need to use spoofmac function to meet my isp requirement. And I have 3 valn interface .

    pfsense(only one real nic)–-trunk port on switch--vlan0, vlan1 ,vlan2.

    I change the mac of vlan2 in webgui. But  it  change mac of vlan2 interface, not real nic.  Results are vlan2 cannot communication

    I tried follow method,  it can worked.

    ifconfig em0 ether "needmac"
    ifconfig vlan0 ether "needmac"
    ifconfig vlan1 ether "needmac"
    ifconfig vlan2 ether "needmac"

    How can change the mac of real nic not vlan on webgui?

    Thanks



  • Hi,

    Only you can change is so called "administrative" or "soft" MAC that is not the real MAC of course. The "real" MAC is something called a "hard" MAC. This hard MAC must be unique as far as you are on the Earth. Most of NIC has 2 or more writable registers for the administrative purposes. When NIC is powered on, the NIC copies its real MAC(from its EEPROM) to those registers then opens for drivers and administrators.

    You can not change real(hard) MAC written in the EEPROM from webGUI or console, unless you have really special tools.

    cheers,



  • @nocer:

    Hi,

    Only you can change is so called "administrative" or "soft" MAC that is not the real MAC of course. The "real" MAC is something called a "hard" MAC. This hard MAC must be unique as far as you are on the Earth. Most of NIC has 2 or more writable registers for the administrative purposes. When NIC is powered on, the NIC copies its real MAC(from its EEPROM) to those registers then opens for drivers and administrators.

    You can not change real(hard) MAC written in the EEPROM from webGUI or console, unless you have really special tools.

    cheers,

    Sorry for my english.
    I mean not to change real MAC on eeprom.
    I need to modify the mac address of em0(vlan2 and other vlan on  the interface ) , not only teh mac of vlan2.



  • I'm not sure if i understand correctly what you're trying to do, but why dont you change the mac to what you need it on every VLAN in the webGUI?

    Did you assign the "real" interface together with the VLAN's?

    You shouldnt mix tagged and untagged traffic on the same cable.
    If you have only a single real interface, then create multiple VLAN's on this real interface and work only with VLAN's

    ie:@good:

    vlan0 on em0
    vlan1 on em0
    vlan2 on em0
    vlan3 on em0

    WAN –> vlan0
    LAN --> vlan1
    OPT1 --> vlan2
    OPT2 --> vlan3

    and NOT
    @bad:

    vlan0 on em0
    vlan1 on em0
    vlan2 on em0

    WAN –> em0
    LAN --> vlan0
    OPT1 --> vlan1
    OPT2 --> vlan2



  • I've also have an ISP(yousee) that needs to know my mac address. To solve it i make a direct connection from ISP modem to pfSense box (no vlan switch) then boot from a ubuntu livecd and browse to the ISP website to logon.  
    After that i can use pfSense with no need to spoof, maybe it is a way you can use too?



  • @good:

    vlan0 on em0
    vlan1 on em0
    vlan2 on em0
    vlan3 on em0

    WAN –> vlan0
    LAN --> vlan1
    OPT1 --> vlan2
    OPT2 --> vlan3

    Yes I did do this as the method. My setting is

    Wan –>vlan1
    Lan  -->Vlan0
    opt1-->Vlan2 ( need spoofmac)

    all  vlan is on em0.

    before setup mac of opt1 interface
    ifconfig show   (vlan0, vlan1, vlan2, em0) have a same address.

    after setup mac of opt1 on webgui
    ifconfig show  (vlan0, vlan1, em0) have a same mac address,  vlan 2 has a spoofmac address

    but my switch can not accept data from vlan2.    but vlan0 and vlan1 is normal.

    after I change the mac of( vlan0, vlan1, vlan2, em0 )  to the spoofmac (by use ifconfig in shell). Vlan2 is also normal

    Because the ifconfig's change  will lost after reboot, so i want a permant method on webgui.

    thanx



  • Well there is the field "MAC address" on the config page.

    If you set the spoofed MAC on the OPT1-config page it doesnt work?
    How did you test that it doesnt work?
    Did you clear the arp-cache of the devices connecting to the pfSense?



  • Okay,
    Really simple way: Why don't you try adding some lines for static arp or ifconfig in the very end of /etc/rc or
    equivalent rc scripts? That helps assign your desired MAC every boot.



  • Well there is the field "MAC address" on the config page.

    If you set the spoofed MAC on the OPT1-config page it doesnt work?

    Yes, it doesnt work.
    In order to let vlan2 work, I must set the mac of em0 same as vlan2.

    How did you test that it doesnt work?

    Test method:  ping opt1 gateway from pfsense.

    Did you clear the arp-cache of the devices connecting to the pfSense?

    Yes, it is only a layer2 switch. And I also turn off and then turn on the switch.



  • @nocer:

    Okay,
    Really simple way: Why don't you try adding some lines for static arp or ifconfig in the very end of /etc/rc or
    equivalent rc scripts? That helps assign your desired MAC every boot.

    Thanx,  I use the simple way. But I hope to get a official method.


Locked