The MAC addresses from are updated by the pfSense ARP (Address Resolution Protocol) table. Default is 20 minutes from last time the ARP cache saw the device in question.
You can monitor the “expiration” by logging into pfSense and go to Diagnostics > ARP Table, you will see all the devices and a second-value counting down. It is updated either when there is traffic from the device thru the router, or when a device replies to an ARP request packet on the network and the router hears it. Some things play better than others (our LG Android phones seem to not update the table as often as computers and tablets).
The expiration is set by a kernel variable which you can add a custom value to adjust if you want a shorter time. The risk if it’s too short is there will be more ARP resolution traffic on your network and things may show as “not online” when they really are. Probably not a big deal on a small home network to go as low as 5 minutes, but I found I had to go up to 6 minutes with a “consider home” of 6 minutes to avoid some phones dropping out when they are really still home.
The default value is 20 minutes for ARP purging. You can go to System > Advanced > Tunables, and modify (create) “net.link.ether.inet.max_age” value in seconds. For 6 minutes, I set it to 360.
For the Hassio tracker, I found this worked most reliably (avoiding false-negatives - I really don’t want lights and radios going on-off scaring us when we are home but phones are idle)
# pfSense device tracker
# Useful command to browse SNMP output: "snmpwalk -Os -c public -v 2c 192.168.1.1"
device_tracker:
- platform: snmp
host: 192.168.1.1
community: public
baseoid: .1.3.6.1.2.1.4.22.1.2
interval_seconds: 20
consider_home: 360
I also strongly recommend you only turn on the SNMP features you use, just to cut down on what might be exposed and what resources might be used.
Under Services > SNMP I found the only thing I needed to leave enabled was “SNMP modules: MibII” and I also restricted it only to the VLAN/Interface that my trusted network devices are sitting on.
One other note, I also found I could fiddle with the SNMP string to get Hassio to see all VLANs all devices, or only one VLAN of devices (using SNMPwalk command, looking at output) but I don’t know if it’s a predictable pattern (e.g. VLAN-ID, or ???). This could be useful if you REALLY only care about tracking devices on a specific VLAN vs tracking all VLANs.
As for hostname…I haven’t looked into that, I have duplicate hostnames because some people have the same model of phone and they all show as “BRAND-MODEL” which is useless if I can’t tell which is what. I make a “person” for each “thing” I want to track, and add the relevant MAC addresses to it. For example, my TV is “a person” so I can track if it’s on or off, as is my HTPC (with both network MAC addresses added to the “person”). The hostname thing also gets funky with stuff that doesn’t properly report a hostname (e.g. static IP devices) but the MAC addresses work on everything, nomater what.
If you really want to investigate what else you can pull, look at the snmpwalk command and you can manually browse thru everything that pfSense is reporting looking for fields of interest.