Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPad keeps getting new IP (using different MAC address) even after reservation

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfnovice
      last edited by

      Hello. I have been using pfsense for about a month now, and am very impressed with it. Everything just works!

      What I have set up recently is scheduling internet access times for my children. Looking through this forum, I was able to set a specific window for them to have internet access, and it works as intended:

      • DHCP reservation for all devices that will use the firewall rule
      • set an alias for these devices
      • set a schedule (for allowing access rather than restricting)
      • create firewall rule and use alias + schedule to allow access
      • create firewall rule to deny access for alias (for rest of the day)

      I have however noticed one thing: one of the iPads keeps getting a new IP address. Its MAC address keeps changing (the first few hex digits only) so the reserved IP address is no longer the active one.

      iPad details:

      • iPad2, ios v9.1, not jailbroken

      Questions:

      • is there a way to fix the iPad to keep the reserved IP address as active?
      • is there a way to suppress iPad generating different MAC addresses?

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        My iphones and ipads do not do such a thing..  Changing the first 3 would be changing the vendor..

        So when you go into general about, it will show you the wifi address (mac)  Your saying this changes?  Lets see the screen shots of this please…

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pfnovice
          last edited by

          Haven't looked at the devices, but here is what pfsense dhcp is showing:

          pfsense_dhcp.png
          pfsense_dhcp.png_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            showing what???  That you have some apple devices?  Why are you obscuring mac??  Do you think I am going to look up some mac db on who bought what device and get your address?  Someone been watching too much tv/movies..

            mac address tells me nothing..  It might be possible to look up mac of say your wifi router in war driving database like https://wigle.net/

            But client - come on…

            02:0f:b5 is not a valid vendor mac that I can see.. Are you using some sort of wifi extender in your network... A google for that mac comes up with netgear wifi extenders..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              pfnovice
              last edited by

              I am using a wifi extender…. didnt realise it would forward different mac addresses. Thanks for the tip.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Would all depend on how the extender works..  Never been a fan of them - they are normally clients that repeat the signal which = /2 on your bandwidth.

                If you need better wifi coverage the better thing to do would be to deploy a AP in that area via a wire.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • P
                  pfnovice
                  last edited by

                  Good point. I'll look into it. Many thanks for your input.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    So you have a netgear wifi extender?  Which model if you don't mind me asking, or is it some other maker.. Curious why they are using that non registered mac..  You would think they would use their netgear mac vendor portion and then the rest of it should duplicate your devices mac.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfnovice
                      last edited by

                      I have the Netgear WN3000RPv3 - and can see in the admin -> Network devices page, a list of:

                      IP address, MAC address, Virtual MAC address, Device Name (should have checked here first….)

                      Virtual MAC address replaces the first 3 fields with 02:0F:B5

                      All good now. I added the netgear MAC addresses to DHCP reservation list, and to the alias, and devices are now enforced with firewall rule as intended.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.