Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Deny unknown clients and static ARPs

    DHCP and DNS
    5
    7
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      broncoBrad
      last edited by

      I have an OPT network that I checked the Deny unknown clients, but last night I was able to connect to the network and it gave me an IP via DHCP and the MAC address was not registered in the static IP mappings for that interface. Why is this happening?

      I have noticed the Static ARP option, but I'm worried about messing up the connections to the wireless AP. So the question is if I have a wired NIC that connects to a wireless AP and that AP has a manually assigned IP because it doesn't like receiving it's IP dynamically, can I put that IP and MAC address in that static mappings? Do I need to with Static ARP enabled?

      Hope this all makes sense. Thanks!

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @broncoBrad:

        I have an OPT network that I checked the Deny unknown clients, but last night I was able to connect to the network and it gave me an IP via DHCP and the MAC address was not registered in the static IP mappings for that interface. Why is this happening?

        You didn't restart DHCP server so it didn't notice the configuration change?

        @broncoBrad:

        I have noticed the Static ARP option, but I'm worried about messing up the connections to the wireless AP. So the question is if I have a wired NIC that connects to a wireless AP and that AP has a manually assigned IP because it doesn't like receiving it's IP dynamically, can I put that IP and MAC address in that static mappings? Do I need to with Static ARP enabled?

        I don't see any reason why you couldn't but its not clear to me what you are trying to accomplish by doing so.

        1 Reply Last reply Reply Quote 0
        • B
          broncoBrad
          last edited by

          The latter part of my last post was talking about doing static ARPs because the Deny Unknown Clients wasn't appearing to work. Also if I say Deny Unknown Clients that just stops clients from obtaining an IP for that network, but there's nothing stopping them from making a static IP for their NIC and connecting to the network is there?

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @broncoBrad:

            but there's nothing stopping them from making a static IP for their NIC and connecting to the network is there?

            And (in many cases), there is nothing to stop them using the MAC address of their choice and consequently bypassing the protection you think you might get from using static IP and static ARP.

            1 Reply Last reply Reply Quote 0
            • S
              SeventhSon
              last edited by

              Have a look at the IPGuard package

              1 Reply Last reply Reply Quote 0
              • R
                rjcrowder
                last edited by

                @SeventhSon:

                Have a look at the IPGuard package

                I could never get IPGuard working correctly… ended up writing a script that created ipfw firewall (layer 2) rules to accomplish this. Let me know if you get it working correctly - I'd like to know how. Likewise, if you don't get it working, let me know and I'll send you my script.

                1 Reply Last reply Reply Quote 0
                • M
                  mendilli
                  last edited by

                  hi!

                  if you are familiar with coding, check my thread, if you can help me overcome my problem ı think ay can help you

                  my:thread:http://forum.pfsense.org/index.php/topic,53655.0.html

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.