Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Static arp vs mac cloning

    DHCP and DNS
    2
    6
    4052
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rexster last edited by

      how static arp handles mac cloning?
      what happen when the original mac 12:34:56:78:90:ab connect first.
      then some one clone that mac and then connect.
      will both connect or the first one disconnected??

      tia
      rex

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Your switch will probably go nuts as this causes layer2 trouble (at least if both machines are running at the same time).

        1 Reply Last reply Reply Quote 0
        • R
          rexster last edited by

          it happened to me.

          someone tries to steal internet access in my network.
          (here, internet is quite slow and expensive…)

          first. here's my network again:
          adsl router >> pfsense >> wireless ap --- repeater a --- repeater b

          utp cable
          --- wireless (wds)

          client a with legit mac connect to repeater a.
          then someone clone the mac tries to connect.
          because it's the same mac, it cant connect to repeater a. it connects (maybe) to repeater b.

          both can connect at the same time.
          i didnt have time to check how pfsense response when that happened.

          but, it can happen.

          so, maybe there should be something in pfsense to prevent it?

          rgds,
          rex

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            2 times the same macs can't exist in the same layer2 network. It will break and there is nothing to prevent this with your setup unless you are using some kind of other additional athentication maybe even at accesspoint level to let the fake client simply not associate.

            1 Reply Last reply Reply Quote 0
            • R
              rexster last edited by

              it does happen.
              theory and practice not always match…

              i bet you can reproduce this if you have the time and resources.
              just setup your wireless using linksys wrt54g/gs like this instruction:
              http://www.linksysonline.com/content/view/30/43/

              then have two client with same mac connect.
              both client will not connect to the same repeater.
              but each client can connect to different repeater.

              1 Reply Last reply Reply Quote 0
              • H
                hoba last edited by

                If the repeater clones his mac for all clients connected to it it can break things anyway. However I don't have a wrt54g to test anyway  ;) but there were a lot of discussions at the m0n0 list concerning that device and problems with captive portal with several different firmwares. If you really want to shut that down you have to change your wireless setup to prevent this. The pfSense only can see a macadress and an IP. If something of this or even both is faked how should it tell which one is the original and which one is the fake? Your problem is a wireless authentication/association problem, not a pfSense problem or at least nothing that can be fixed/workaround from the pfSense side in this setup.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy