I've been trying to figure out how to do this on OPNsense but can't seem to find instructions on how to do so without using DHCP. I'm trying to limit my connected devices to only the things that I have made static DHCP leases for and this is stopping me from being able to lock things down.
I have a laptop and a desktop that have two network ports. The laptop, of course, has a WiFi nic and a LAN port which I use to connect to LAN when I'm at home and the desktop has two nics that I want to use.
In PFsense, I could create two lease entries with the same IP for both connections and it works, on OPNsense I just get this error:
This Hostname, IP, MAC address or Client identifier already exists.
Not sure if I am doing something that nobody else does or would ever do but any help to figure this out would be really appreciated.
			
			
			
				You cannot lock things down with IP address restrictions within the same subnet. Addresses are easy to set or spoof. You need VLAN separation.
Bart...
			
			
			
				Quote from: R@sM!ke on August 23, 2019, 02:52:36 AM
In PFsense, I could create two lease entries with the same IP for both connections and it works, on OPNsense I just get this error:
Same IP assigned to two mac addresses? Sounds more like a bug in pfSense if this works or they use other dhcp server. The ISC dhcp deamon complains if you assign the same hardware ether address (mac) to more than one ip and vice versa.
And why the same ip for two nics? Do you always switch nics? Just keep one connected and disable the other or if your switch supports lacp, create an interface bonding. Then you can use both nics with double speed or just one of each.
			
 
			
			
				Understood.
I was looking for a way to be able to dock my laptop with a lan connection and not having to turn off the WiFi every single time while.
For my desktop, I was hoping to be able to use both NICS in a one for incoming one for outgoing traffic.
Was also looking to enable the Deny unknown clients options.
Back to the drawing board.
			
			
			
				Quote from: R@sM!ke on August 23, 2019, 04:39:21 PM
one for incoming one for outgoing traffic
All recent network cards operate in full-duplex mode with equal bandwidth for traffic in both directions. As hbc mentioned, you can use bonding to increase the maximum throughput, but that is only useful if you have traffic to other host(s) that exceed the single port speed of your switch (usually 1 Gbps). E.g. if you do backups to a NAS that also has a bonded interface. The other advantage is guarding against failure of a network card, but that is pretty rare and more suited for server interfaces where you have dual switch stacks to avoid single points of failure and traffic streams to many clients that can exceed a single port throughput.
Bart...
			
 
			
			
				Quote from: R@sM!ke on August 23, 2019, 04:39:21 PM
I was looking for a way to be able to dock my laptop with a lan connection and not having to turn off the WiFi every single time 
Usually vendors like Lenovo, Fujitsu, etc. provide tools to automatically switch off wlan when connected wired. Sometimes there is even an BIOS options and Windows provides a group policy to force the use of just one nic.
			
 
			
			
				Thanks for the feedback folks. Not sure how to mark this as resolved.