Changing MAC Address of VLANS on to obtain multiple IPs via DHCP
-
I have 3 ISP Modems plugged into 3 different switch ports, with untagged VLANs on each, and a trunk port to Pfsense.
I have them configured as:
WAN1_VLAN101
WAN2_VLAN102
WAN3_VLAN103However, I'm running into an issue. WAN1 and WAN2 are the same ISP, and they obtain an IP via DHCP. I cannot get both working simultaneously, as both VLANs share the MAC address of the parent interface.
I've seen some posts but no clear solution, about changing the NIC to promiscuous mode and then changing the MAC via shell command. This seems viable, although I'm not sure how I would get it to persist through reboot.
It seems another option could be using a bridge, although I haven't figured out how exactly to accomplish that.. I'm pretty ignorant about bridges. Seems most people think there is not much of a use case for a bridge, and I'm not entirely sure if its viable.
Wondering if anyone has any suggestions, appreciate any help.
-
@sef1414
You can spoof a MAC in the interface config.
-
@jarhead
That only works for the parent interface. The vlan interfaces share the parent mac address. I don't see an easy solution without using a separate physical interface. -
@dotdash You're right, never realized that.
-
@jarhead Freebsd does allow vlan interfaces using different Mac addresses, via ifconfig.
ifconfig igb0.11 ether random
ifconfig igb0.11 ether 00:08:a2:1d:3d:c1
-
Any idea how to make that persist through reboot?
-
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
Wondering if anyone has any suggestions
Can you not just use different physical nics for your wan interfaces, or add more interfaces? That would be the simplest solution ;) A 4 port nic isn't all that expensive. Especially if 2nd hand.
-
I've had a rough go with 2nd hand NICs failing in servers, so don't want to chance that on Pfsense. I'm working to set up a redundant Pfsense box, and have 10gbe NICs, so I would like to avoid the cost of two quad port 10gbe NICs if possible.
-
@sef1414
So couldn't you add ifconfig igb0.11 ether 00:08:a2:1d:3d:c1 to the loader.conf.local file? -
I actually was not able to get the second interface working, so I suppose thats moot for now. I was able to run that command and change the MAC on the second interface, and it appeared to pickup an IP according to the gateways status page, but it remained in a pending status.
cxl0.101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN_VLAN options=1080000<LINKSTATE,TXRTLMT> ether 00:07:43:57:14:60 inet6 fe80::207:43ff:fe57:1460%cxl0.101 prefixlen 64 scopeid 0x18 inet xx.xx.xx.xx netmask 0xffffff00 broadcast xx.xx.xx.xx groups: vlan WAN_GROUP vlan: 101 vlanpcp: 0 parent interface: cxl0 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> cxl0.102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WAN2_VLAN options=1080000<LINKSTATE,TXRTLMT> ether 00:07:43:57:14:63 inet6 fe80::207:43ff:fe57:1462%cxl0.102 prefixlen 64 scopeid 0x19 groups: vlan vlan: 102 vlanpcp: 0 parent interface: cxl0 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> -
@sef1414
Just had another thought, earlyshellcmd will get that through a reboot. -
Alright, thanks. I'll give that a shot if I can figure out how to get that command to achieve desired effect.
-
So I ended up grabbing a quad port NIC so that I could get around this issue... however, now I'm facing a new obstacle.
I have two WAN connections from the same ISP. Two different modems plugged into a single mikrotik switch. I assigned VLANs to each port, and then ran a second trunk cable to a different physical interface on pfsense, so that the two connections from the same ISP would each have their own parent interface with different MAC addresses.
Cable ISP Port #1 - VLAN 101 ----> Pfsense WAN_VLAN101 on cxl0 interface
Cable ISP Port #2 - VLAN 102 ----> Pfsense WAN2_VLAN102 on em0 interface
DSL ISP Port #3 - VLAN 103 ----> Pfsense WAN3_VLAN103 on cxl0 interfaceThe second connection from the cable ISP manages to successfully grab an IP this time, but the gateway won't come up. Only one gateway from the Cable ISP will show as online, and the other will show 100% packet loss. If I unplug one, the other one comes online, and vice versa. I'm at a loss as to what to do now. I'm guessing perhaps the problem lies in how traffic is being handled at the switch level, but I'm not sure. Any suggestions would be most appreciated.
-
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
Cable ISP Port #2 - VLAN 102 ----> Pfsense WAN2_VLAN102 on em0 interface
The monitor IP here is key, I think. What's the IP address of the WAN2? Drop the last octet if you are concerned about exposing it
-
Its 68.107.128.x
Before configuring the WAN connections via VLAN, I would not input a monitor IP, and just monitor the gateway IP. The only way I could get WAN to come up is using a monitor IP. For WAN2 I tried without a specified monitor IP, as well as a handful of public DNS servers.
-
rcoleman-netgate Netgatelast edited by rcoleman-netgate Jan 23, 2023, 4:29 AM Jan 23, 2023, 4:28 AM
@sef1414 said in Changing MAC Address of VLANS on to obtain multiple IPs via DHCP:
he only way I could get WAN to come up is using a monitor IP
Yes, typically you use a DNS server for this.
Some ISPs (such as yours, apparently) will block the checking ping (which sends every second) as a DoS attack and block the ping. The gateway still works but it won't ping and it brings it down.
The solutions are find a different IP to ping (as you did) or disable the gateway monitoring action/monitoring function.
Try changing that monitoring IP to Google (8.8.8.8, 8.8.4.4) or another public DNS IP. Note this will make a static route so if this ISP does goes down or get disconnected that will stop the DNS traffic from routing.
-
I tried Google (8.8.4.4) with the same results. The one in the screenshot is OpenDNS.