IPad keeps getting new IP (using different MAC address) even after reservation



  • Hello. I have been using pfsense for about a month now, and am very impressed with it. Everything just works!

    What I have set up recently is scheduling internet access times for my children. Looking through this forum, I was able to set a specific window for them to have internet access, and it works as intended:

    • DHCP reservation for all devices that will use the firewall rule
    • set an alias for these devices
    • set a schedule (for allowing access rather than restricting)
    • create firewall rule and use alias + schedule to allow access
    • create firewall rule to deny access for alias (for rest of the day)

    I have however noticed one thing: one of the iPads keeps getting a new IP address. Its MAC address keeps changing (the first few hex digits only) so the reserved IP address is no longer the active one.

    iPad details:

    • iPad2, ios v9.1, not jailbroken

    Questions:

    • is there a way to fix the iPad to keep the reserved IP address as active?
    • is there a way to suppress iPad generating different MAC addresses?

    Any help would be appreciated.


  • LAYER 8 Global Moderator

    My iphones and ipads do not do such a thing..  Changing the first 3 would be changing the vendor..

    So when you go into general about, it will show you the wifi address (mac)  Your saying this changes?  Lets see the screen shots of this please…



  • Haven't looked at the devices, but here is what pfsense dhcp is showing:



  • LAYER 8 Global Moderator

    showing what???  That you have some apple devices?  Why are you obscuring mac??  Do you think I am going to look up some mac db on who bought what device and get your address?  Someone been watching too much tv/movies..

    mac address tells me nothing..  It might be possible to look up mac of say your wifi router in war driving database like https://wigle.net/

    But client - come on…

    02:0f:b5 is not a valid vendor mac that I can see.. Are you using some sort of wifi extender in your network... A google for that mac comes up with netgear wifi extenders..



  • I am using a wifi extender…. didnt realise it would forward different mac addresses. Thanks for the tip.


  • LAYER 8 Global Moderator

    Would all depend on how the extender works..  Never been a fan of them - they are normally clients that repeat the signal which = /2 on your bandwidth.

    If you need better wifi coverage the better thing to do would be to deploy a AP in that area via a wire.



  • Good point. I'll look into it. Many thanks for your input.


  • LAYER 8 Global Moderator

    So you have a netgear wifi extender?  Which model if you don't mind me asking, or is it some other maker.. Curious why they are using that non registered mac..  You would think they would use their netgear mac vendor portion and then the rest of it should duplicate your devices mac.



  • I have the Netgear WN3000RPv3 - and can see in the admin -> Network devices page, a list of:

    IP address, MAC address, Virtual MAC address, Device Name (should have checked here first….)

    Virtual MAC address replaces the first 3 fields with 02:0F:B5

    All good now. I added the netgear MAC addresses to DHCP reservation list, and to the alias, and devices are now enforced with firewall rule as intended.


Log in to reply