Reply

Re: EX7000 Virtual MAC Address problems

maddavo
Luminary

EX7000 Virtual MAC Address problems

I want to disable the EX7000's allocation of virtual MAC addresses to devices on my network but I cannot find anywhere how do do this.  I am coming to the conclusion that it is not possible.  The virtual MAC addresses are causing me problems.

 

I have a DHCP server on my network.  The DHCP server allocates reserved IP addresses to devices on my network.  Some devices are wired, some are Wifi.  I bought the EX7000 to extend the range of my wifi network.  The problem is that when a device moves from the existing wifi network to the EX7000's extended wifi network then the MAC address changes to the virtual MAC address.  The DHCP server CANNOT allocate/reserve a single IP address to multiple MAC addresses.  Therefore the devices cannot keep the same DHCP-allocated IP address when moving across wifi networks.  This is extremely frustrating.  Why do we have to use virtual MAC addresses anyway?

 

I could manually set a static IP address on each device on the two saved wifi networks - but this defeats the purpose of having the DHCP server in the first place.

 

Is there a way to turn off the EX7000's Virtual MAC address feature or some other way to configure the above network so that devices can move between the wifi and extended-wifi networks whilst keeping their unique DHCP-allocated IP address?

Message 1 of 12
netwrks
Master

Re: EX7000 Virtual MAC Address problems

Check out the link below. If you have MAC Filtering enabled on your base router, just disable it. There is no Security in MAC Filtering. The best security is a strong password.

 

https://community.netgear.com/t5/WiFi-Range-Extenders-Repeaters/virtual-MAC-addresses/m-p/494762#U49...

Message 2 of 12
maddavo
Luminary

Re: EX7000 Virtual MAC Address problems

Thanks, but the issue does not have to do with MAC Filtering.  I do not use MAC filtering on my router.  The issue is getting the right IP Address allocated to the right device (which is done by the DHCP server based on MAC Address).  The DHCP server can only reserve a single IP address to a single MAC address - a one-to-one relationship.  The 'Virtual' MAC Address causes devices to have multiple MAC Addresses which then means single static IP address allocation is not possible automatically as far as I can see.

Message 3 of 12
netwrks
Master

Re: EX7000 Virtual MAC Address problems

Yes, that's what the EX7000 and other extender's do. You can't remove the virtual mac address function. Not sure if it's an option for you, but the EX7000 does support AP mode. 

Message 4 of 12
maddavo
Luminary

Re: EX7000 Virtual MAC Address problems

No, AP mode is not an option - no wired network at the EX7000 location.

 

So in summary, there is no solution to my problem.  Virtual MAC addresses cannot be turned off so there is no way for the DHCP server to allocate the same reserved IP addresses to wireless devices across the Wi-Fi and extended Wi-Fi networks.  Either each wireless device must be set to manual IP address (not using the DHCP server) OR the DHCP server has to have two IP addresses reserved for each device.

Message 5 of 12
kochin
Luminary

Re: EX7000 Virtual MAC Address problems

Netgear really needs to provide a way to turn Virtual MAC Address feature off. It creates problems on the network. When I move from one extender to the router, my device often fails to acquire an IP address due to the change of MAC. I wonder why Netgear needs to use Virtual MACs. Isn't MAC unique for a device?

Message 6 of 12
netwrks
Master

Re: EX7000 Virtual MAC Address problems

It turns off in AP mode (which you can't use). So yes, if you are trying to make this setup roam, you need to reserve an IP address to the virtual MAC address. The short version. For each connected client, the extender creates a separate session with the upstream Wireless Router.  The Extender generates a virtual MAC on the Upstream side, virtual MAC that can be identified to keep sessions in check. NG is not the only vendor doing this, and is not the only vendor that does not allow disabling of the  Virtual MAC function.

Message 7 of 12
kochin
Luminary

Re: EX7000 Virtual MAC Address problems

Thank you for the detail explanation. I just don't understand why Vitural MACs are needed when MACs are unique. According to my observations, the EX7000 simply replaces the first 3 hex codes in the MAC with 02:0f:b5. I have 2 EX7000s, and both of them do the same thing with MACs. Why don't they just use original MACs? 

 

When connected to my main router R7000, the original MAC is sent to my DHCP server (dnsmasq). When connected to an extender EX7000, a Virtual MAC is sent to the DHCP server. The switch-over seems to confuse some of my WiFi devices. Often they fail to obtain a new IP address and require an off-on cycle or even re-creating profile to obtain an IP address. And, they are not receiving the IP address I assigned due to Virtual MACs. Very frustrating.

 

Is there a technical reason for requireing Virtual MAC?

 

Message 8 of 12
netwrks
Master

Re: EX7000 Virtual MAC Address problems

Yes, it is purely technical. Basically, it so that they can keep track of the WIFI sessions between Base router, extender, and client.  Nothing concise on the internet I have found that describe it.

 

 

Extenders don't realy work as AP's. It is purley an extension of your wireless network. Not designed to roam, more of connect directly to the extended SSID when you are out of range of your Base router wifi. Then you have the whole client sticking issue, which is a completely different issue

Message 9 of 12
kochin
Luminary

Re: EX7000 Virtual MAC Address problems

@maddavo

 

I solved one of the problems with Virtual MAC addresses when running my own DHCP server. The DHCP server I am using is DNSMASQ on a Linux server. DNSMASQ actually allows mapping multiple MAC addresses to one IPv4 address.

 

For example, let's say aa:bb:cc:dd:ee:ff is the MAC address of a WiFi device and 192.168.x.y is the IP to be assigned to it. The Virtual MAC for that device on EX7000 should be 02:0f:b5:dd:ee:ff. So I use the following entry for it:

aa:bb:cc:dd:ee:ff,02:0f:b5:dd:ee:ff,192.168.x.y

The line is saved in a file /etc/dsnmasq-dhcphosts and loaded into DNSMASQ server. (Actually I am using OpenMediaVault with DNSMASQ plugin.) When a DHCP request for MAC address of either aa:bb:cc:dd:ee:ff or 02:0f:b5:dd:ee:ff is received, DNSMASQ server will lease the IP address 192.168.x.y to the requesting client.

 

Now no matter my WiFi device is connected to the main router or on of the extenders, it will receive the same pre-assigned IP address.

Message 10 of 12
smallscript
Luminary

Re: EX7000 Virtual MAC Address problems

I am having exactly the same challenges using MAC addresses to assign IP addresses to centrally administer IPs at the DHCP server (gateway). It is a pain in the butt. I will switch and try the linux DHCP workaround. However, the Netgear solution for extenders is fundamentally broken.

 

They are basically building a MAC level NAT. As such, the Netgear code should have done the DHCP IP address proxying for the virtual mac addresses (since it already has to negotiate MAC address availability and collision testing as it assigns virtual MAC addresses).

 

In other words, it should have let the real MAC address straight through for DHCP queries, intercepted, and translated it back to the device with the real MAC address. It should NOT be allowing DHCP queries to go out with the virtual MAC address. That is BROKEN! I am guessing they don't want to masquerade as the real MAC address in their packet filter for DHCP proxying. If that was the case they could have introduced a service into their primary AP that did  the brokering. As it is, it is fundamentally flawed because it makes it very difficult to build a network at any scale with extenders.

 

Virtual MAC address mapping where a IP address is assigned to a pool of MAC addresses doesn't really help because they have multiple algorithms. It would be great if they had DHCP servers that were virtual MAC address aware since the virtual MAC addresses are algorithmically generated from the real primary MAC address. sigh....

Message 11 of 12
qnnskmn
Luminary

Re: EX7000 Virtual MAC Address problems

That is true there is no security in Mac Filtering. However a "good" network admin would notice a spike on the network of a particular address then investigate. Why make it easier for those who want

to do harm?

Message 12 of 12
Top Contributors
Discussion stats
  • 11 replies
  • 12495 views
  • 20 kudos
  • 5 in conversation
Announcements

Orbi WiFi 6E