Kea DHCP and MAC Address Control (MAC allow) - no access after restart.
-
Hello guys,
I have Netgate 4200, but I think this issue is not related with this model.Previously I had Netgate 2100 and now 4200 and I always worked wit static IPs for all my devices at home. So I always had dedicated static IP's for all my devices and clients at home (it's not so much).
Yesterday, I decided to add additional "small security layer" and I added in DHCP Server configuration, for each interface , under MAC Address Control \ MAC allow the list of allowed MAC addresses (comma separated without spaces) which are allowed to get IP from DHCP server. Changes saved and applied. It worked properly without rebooting. After that I even rebooted Netgate 2 or 3 times and until end of day , everything was fine.Later on, in the evening I shut down the pfsense (from menu "Halt system") and switched the power off during the whole night.
On the next day, I switched Netgate appliance on, but I cannot connect to pfsense via LAN ... I just not getting the IP from DHCP. Also when I change the IP of my PC manually to the same which is configured as static IP for my PC , I cannot connect to pfsense GUI. Also if I set the IP manually to the different one , but from the same subnet ... I cannot connect to the pfsense.
In parallel I have the box connected also thru USB to the console port and I don't see any errors.First try to fix it: I set pfsense back to the factory defaults from the console, then it works. But then, when I restore the last worked configuration from my local PC , it's not working. As above , I cannot connect via LAN ... I am not getting the IP.
Second try: Restoring factory defaults from the console, then remove allowed MAC addresses from the config file manually -> "<mac_allow></mac_allow>". Then restore this configuration , it's not working. The same behavior , I cannot connect to pfsense , I am not getting the IP from the LAN.
Now I am connected to internet via the standard ISP router, but this of course not want I want.
Any ideas ? Is this known issue ?
Installed version: pfsense plus 24.11-RELEASE
best regards
Tom -
Hmm, do you have any Ethernet rules? It's hard to block DHCP requests otherwise.
Does it pull a lease as expected if you disable the firewall temporarily:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#disable-the-firewallSteve
-
You missed one 'try to fix it'
If the console access works, have a look at what option 15, "Restore recent configuration" can do for you.
Before you test, as you have a console access working, use option "8", goto /conf/ and there you have the main config.xml file that contains your entire actual setup.
Get a copy.Now, use option 15, and list all the saved 'past' version.
Pick one that dates from just before you started to make the changes.
Activate that one.
The system probably reboots.
You'll be back to "all is well" again.@johndoe102 said in Kea DHCP and MAC Address Control (MAC allow) - no access after restart.:
Yesterday, I decided to add additional "small security layer" and I added in DHCP Server configuration, for each interface , under MAC Address Control \ MAC allow the list of allowed MAC addresses
Before using such a low level control of access, be ready to get back, as the slights error will lock yourself out .... as you've figured out already ^^ (we all have done this ones or twice)
-
@johndoe102 said in Kea DHCP and MAC Address Control (MAC allow) - no access after restart.:
if I set the IP manually to the different one , but from the same subnet ... I cannot connect to the pfsense
That implies it's not on or not functioning. Can you ping the pfSense LAN IP? Replace the patch cable between pfSense and your switch?
