Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How does pfsense handle cloned mac address?

    General pfSense Questions
    3
    5
    86
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      narmenia last edited by

      If a user is currently online in dhcp.
      Then a new device connects but has the same mac address on a client that is currently active.

      How does pfsense handle the new client?
      Will it be given a different ip?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Is it in the same subnet/L2 as the first client? If so, then your switch would go nuts since that's not a valid scenario. You can't have two different devices with the same MAC. That has nothing to do with pfSense, and would have to be addressed in your AP/Switch/L2 setup.

        Even if it did manage to make a DHCP request, pfSense would most likely think it's the same client and give it the same lease, since it would be going by MAC.

        If it's on a different interface/switch/L2/subnet, that's OK and it would get an address from the other subnet.

        1 Reply Last reply Reply Quote 0
        • N
          narmenia last edited by narmenia

          client would be on wifi.
          im offering a public "paid" wifi.

          one way people cheat is scanning for users and cloning their mac address.

          JKnott 1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott @narmenia last edited by

            @narmenia

            If they weren't connected at the same time, there's no way to tell. However, for a paid service, you should be relying on something better than just the MAC address.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              There isn't any way for the firewall to tell two MACs apart. You'll need something more. If it's that bad, you need L2 auth (802.1x) in your APs, not firewall controls.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy