Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] DHCP - Deny Unknown Clients Issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] DHCP - Deny Unknown Clients Issue (Read 6575 times)
Amanaki
Newbie
Posts: 39
Karma: 2
[SOLVED] DHCP - Deny Unknown Clients Issue
«
on:
January 06, 2019, 09:54:27 pm »
Hi All,
I'm trying to understand why the DHCP server on one of my VLAN networks is still handing out addresses to unknown clients when I have the "
Deny Unknown Clients
" option checked on my network settings.
My basic understanding is that this setting is a security feature that prevents unknown clients from gaining access to ones network and that only the devices setup with static addresses will be handed IP addresses from the DHCP server.
Not sure if its relevant but this network is connected to a decommissioned router which is used as an external WiFi access point for our IoT devices.
Setup as follows:
VLAN_20
Static IP: 10.34.20.1/24
DHCP Range: 10.34.20.100 -> 10.34.20.199
For each IoT device on the above network, I have entered the device MAC address and static IP address outside of the above range. For example, device # 1 = 10.34.20.200 and so forth..
I am running OPNsense 18.7.9-amd64 and have enclosed a screenshot of my settings in the GUI confirming that this option is selected.
Ideas anyone?
«
Last Edit: January 08, 2019, 12:56:16 am by Amanaki
»
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: DHCP - Deny Unknown Clients Issue
«
Reply #1 on:
January 06, 2019, 10:51:07 pm »
Same DHCP config page, "Enable static ARP entries" ?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Amanaki
Newbie
Posts: 39
Karma: 2
Re: DHCP - Deny Unknown Clients Issue
«
Reply #2 on:
January 06, 2019, 11:22:01 pm »
chemlud - thanks for reply.
Presently, this option is not selected. Do I need to have this option selected as well?
Logged
manjeet
Jr. Member
Posts: 54
Karma: 4
Re: DHCP - Deny Unknown Clients Issue
«
Reply #3 on:
January 07, 2019, 08:29:03 am »
Yes you need to enable "Static ARP entries" option as per the question you asked.
This is all as per my testing because i had the similar issue:
Normal when you enable "Deny unknown client" option it do block the client but it only look for leftmost 6 digit in MAC address (AA:AA:AA:BB:BB:BB) which you specify either in list in allow / deny or static entries.
So to only allow mac from static entries you need to enable "Static ARP entries" option.
Logged
Amanaki
Newbie
Posts: 39
Karma: 2
Re: DHCP - Deny Unknown Clients Issue
«
Reply #4 on:
January 08, 2019, 12:55:56 am »
Thanks manjeet. That works good now.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
[SOLVED] DHCP - Deny Unknown Clients Issue