• how static arp handles mac cloning?
    what happen when the original mac 12:34:56:78:90:ab connect first.
    then some one clone that mac and then connect.
    will both connect or the first one disconnected??

    tia
    rex


  • Your switch will probably go nuts as this causes layer2 trouble (at least if both machines are running at the same time).


  • it happened to me.

    someone tries to steal internet access in my network.
    (here, internet is quite slow and expensive…)

    first. here's my network again:
    adsl router >> pfsense >> wireless ap --- repeater a --- repeater b

    utp cable
    --- wireless (wds)

    client a with legit mac connect to repeater a.
    then someone clone the mac tries to connect.
    because it's the same mac, it cant connect to repeater a. it connects (maybe) to repeater b.

    both can connect at the same time.
    i didnt have time to check how pfsense response when that happened.

    but, it can happen.

    so, maybe there should be something in pfsense to prevent it?

    rgds,
    rex


  • 2 times the same macs can't exist in the same layer2 network. It will break and there is nothing to prevent this with your setup unless you are using some kind of other additional athentication maybe even at accesspoint level to let the fake client simply not associate.


  • it does happen.
    theory and practice not always match…

    i bet you can reproduce this if you have the time and resources.
    just setup your wireless using linksys wrt54g/gs like this instruction:
    http://www.linksysonline.com/content/view/30/43/

    then have two client with same mac connect.
    both client will not connect to the same repeater.
    but each client can connect to different repeater.


  • If the repeater clones his mac for all clients connected to it it can break things anyway. However I don't have a wrt54g to test anyway  ;) but there were a lot of discussions at the m0n0 list concerning that device and problems with captive portal with several different firmwares. If you really want to shut that down you have to change your wireless setup to prevent this. The pfSense only can see a macadress and an IP. If something of this or even both is faked how should it tell which one is the original and which one is the fake? Your problem is a wireless authentication/association problem, not a pfSense problem or at least nothing that can be fixed/workaround from the pfSense side in this setup.