OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: Amanaki on January 06, 2019, 09:54:27 pm
-
Hi All,
I'm trying to understand why the DHCP server on one of my VLAN networks is still handing out addresses to unknown clients when I have the "Deny Unknown Clients" option checked on my network settings.
My basic understanding is that this setting is a security feature that prevents unknown clients from gaining access to ones network and that only the devices setup with static addresses will be handed IP addresses from the DHCP server.
Not sure if its relevant but this network is connected to a decommissioned router which is used as an external WiFi access point for our IoT devices.
Setup as follows:
VLAN_20
Static IP: 10.34.20.1/24
DHCP Range: 10.34.20.100 -> 10.34.20.199
For each IoT device on the above network, I have entered the device MAC address and static IP address outside of the above range. For example, device # 1 = 10.34.20.200 and so forth..
I am running OPNsense 18.7.9-amd64 and have enclosed a screenshot of my settings in the GUI confirming that this option is selected.
Ideas anyone?
-
Same DHCP config page, "Enable static ARP entries" ?
-
chemlud - thanks for reply.
Presently, this option is not selected. Do I need to have this option selected as well?
-
Yes you need to enable "Static ARP entries" option as per the question you asked.
This is all as per my testing because i had the similar issue:
Normal when you enable "Deny unknown client" option it do block the client but it only look for leftmost 6 digit in MAC address (AA:AA:AA:BB:BB:BB) which you specify either in list in allow / deny or static entries.
So to only allow mac from static entries you need to enable "Static ARP entries" option.
-
Thanks manjeet. That works good now.