Mac Filtering



  • Dear All,

    Is it possible in pfsense to allow or disallow to assign an IP Address for a specific mac address? I'm asking this because I don't what to connect or give an ip address to all mobile devices. My doing this I just need to know the mac address of the devices then tell the dhcp server if you see this mac address don't give it an ipadrress. If you are familiar with the callout, something like that I'm looking for or the mac filtering of the wireless router.

    Thank you in advance.



  • In DHCP server you can use the MAC Address Control section to put in some MAC addresses to deny. That would really be if you want to put some manufacturer MAC prefixes to deny that manufacturer - might work for phones? but not really for general devices because they have so many different ethernet cards/devices. And it would be a bit difficult to put a long list in that field.
    You can check "Deny unknown clients" and then allocate static mapped IP address to each client you want to allow.
    I do something in-between - have a DHCP-pool that gives to whatever asks, but then I block those DHCP pool IP addresses from internet access. That way ordinary people connect their phone (using a WiFi password they got from someone) but quickly come to ICT complaining the internet does not work. Then we allocate them a static mapped IP (which we can then make use of in limiting their bandwidth…).
    And yes, many users nowadays can look at the IPs on the subnet and make an educated guess and assign their own static IP on their device, or can set the MAC address on their device to something different to get around whatever controls are put in place. So, ultimately, MAC address and IP address of a device on the LAN is only really a reliable guide to what the device/user is, if you have complete control over all the hardware.



  • I have an existing MS windows dhcp server. I also installed a third party application called callout dhcp, it capable is to declare the mac addresses that you want to allow or deny to give an ip address by dhcp server. I have also a ip address reservation, I used this for the executive management in order to give them a full access on the internet(using squidguard of pfsense).

    The ip address reservation can handle it by pfsense. How should I configure on pfsense the mac filtering or the capable of the callout that I installed on the ms windows dhcp server.

    Your help is greatly appreciated.

    Thank you.



  • Hi to all.

    Please give me an advise how to use the mac filtering of pfsense.

    Thank you in advance.


Log in to reply