Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static arp vs mac cloning

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rexster
      last edited by

      how static arp handles mac cloning?
      what happen when the original mac 12:34:56:78:90:ab connect first.
      then some one clone that mac and then connect.
      will both connect or the first one disconnected??

      tia
      rex

      http://www.GoBlogLah.com

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Your switch will probably go nuts as this causes layer2 trouble (at least if both machines are running at the same time).

        1 Reply Last reply Reply Quote 0
        • R
          rexster
          last edited by

          it happened to me.

          someone tries to steal internet access in my network.
          (here, internet is quite slow and expensive…)

          first. here's my network again:
          adsl router >> pfsense >> wireless ap --- repeater a --- repeater b

          utp cable
          --- wireless (wds)

          client a with legit mac connect to repeater a.
          then someone clone the mac tries to connect.
          because it's the same mac, it cant connect to repeater a. it connects (maybe) to repeater b.

          both can connect at the same time.
          i didnt have time to check how pfsense response when that happened.

          but, it can happen.

          so, maybe there should be something in pfsense to prevent it?

          rgds,
          rex

          http://www.GoBlogLah.com

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            2 times the same macs can't exist in the same layer2 network. It will break and there is nothing to prevent this with your setup unless you are using some kind of other additional athentication maybe even at accesspoint level to let the fake client simply not associate.

            1 Reply Last reply Reply Quote 0
            • R
              rexster
              last edited by

              it does happen.
              theory and practice not always match…

              i bet you can reproduce this if you have the time and resources.
              just setup your wireless using linksys wrt54g/gs like this instruction:
              http://www.linksysonline.com/content/view/30/43/

              then have two client with same mac connect.
              both client will not connect to the same repeater.
              but each client can connect to different repeater.

              http://www.GoBlogLah.com

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                If the repeater clones his mac for all clients connected to it it can break things anyway. However I don't have a wrt54g to test anyway  ;) but there were a lot of discussions at the m0n0 list concerning that device and problems with captive portal with several different firmwares. If you really want to shut that down you have to change your wireless setup to prevent this. The pfSense only can see a macadress and an IP. If something of this or even both is faked how should it tell which one is the original and which one is the fake? Your problem is a wireless authentication/association problem, not a pfSense problem or at least nothing that can be fixed/workaround from the pfSense side in this setup.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.