Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I it possible to display captive portal while static arp enabled?

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      z3r0tech
      last edited by

      i have an open AP no security

      captive portal ip is 192.168.2.254 connected to opt1

      dhcp range is 192.168.2.100-250
      static ip range is 192.168.2.10-99

      my goal is i want to show the portal to unknown clients while deny unknown clients and static arp enabled?
      or is there another way on firewall rules?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you have static ARP enabled, then it is not possible for any "unknown" client to talk to the firewall at all. It will only talk to the IPs you entered as DHCP mappings and only if those specific IP:MAC pairings match.

        If you disable static ARP, and add your "good" MACs to the captive portal bypass list, then they would go through without getting prompted to login to the portal. Other devices would pull IPs and get the portal login.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M Offline
          m4st3rc1p0
          last edited by

          is there a way that it will never give IP to those client that unable to authenticate or not in the list of good mac ?

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            You're asking for the impossible.

            In order to get to the portal to authenticate, they need an IP address. You can't both show them the portal and deny them an IP address.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • M Offline
              m4st3rc1p0
              last edited by

              Thanks for that, I was just thinking if there are clients that is not authorized to login and were able to get an IP address this will result to to IP leases loss due to the number of clients trying to connect on the portal.

              1 Reply Last reply Reply Quote 0
              • jimpJ Offline
                jimp Rebel Alliance Developer Netgate
                last edited by

                If you have enough people attempting to connect to your APs that you run out of leases, then you need to setup better security on your APs (as I mentioned in the other thread you started).

                That level of protection is done at Layer 2 (AP or switch) not at the firewall.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • Z Offline
                  z3r0tech
                  last edited by

                  thanks for the reply now i'm enlightened… ^_^

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.