[Dnsmasq-discuss] "dhcp-ignore = myTag, #known" was not what
I thought
Simon Kelley
simon at thekelleys.org.uk
Fri Dec 5 21:00:56 GMT 2008
Mariano Absatz wrote:
> Hi,
>
> I just discovered that I got wrong what "dhcp-ignore" does... I'll try
> to explain what I want and what I did and see if someone can explain me
> what I got wrong or, better yet, a way to do what I want :-)
>
> I'm using 2.45 (but can upgrade to 2.46 if needed).
>
> I'm using dnsmasq in a firewall with three "internal" legs (2 different
> wifi networks and a local wired net).
>
> In the local wired net I'm using one class "C" network, but I have 2
> different ranges (with different treatment in my firewall). I want to
> give IP addresses in one range only to MACs I know, and in the other
> range to others, so I wrote part of my configuration as in the file
> attached... in particular:
>
>
> dhcp-range=tagIKnowYou,192.168.1.101,192.168.1.120,4h
> dhcp-ignore=tagIKnowYou,#known
This means, ignore the host if tagIKnowYou is set AND tag known is NOT
set. Since either both of the tags will be set, or neither, then the
condition is never met.
>
> dhcp-range=tagAllTheRest,192.168.1.161,192.168.1.174,4h
> dhcp-host=00:22:33:44:55:66,192.168.1.101,net:tagIKnowYou,mycompany-PC-01
> dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02
> dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03
>
>
> At first everything went the way I wanted... my three known PCs got
> their addresses from the first range (192.168.1.101, 192.168.1.102 and
> 192.168.1.103) and all the rest got address from the second range...
>
> But when we hook up a new computer and I didn't notice that my second
> range was too little, instead of rejecting the DHCPREQUEST for not
> having enough IPs, it gave it an IP from the first range (192.168.1.104).
>
> I thought that the line:
>
> dhcp-ignore=tagIKnowYou,#known
>
> would prevent this, but clearly I'm understanding it wrong... or I hit a
> bug?
Theres no bug, I think.
>
> How should I configure my dnsmasq to prevent unknown MACs from getting
> an IP in the "tagIKnowYou" range?
You don't need to set your own tags at all, just use the "known" tag,
which will be set whenever a dhcp-host matches the MAC address.
Then do
dhcp-range=net:known,192.168.1.101,192.168.1.120,4h
dhcp-range=net:#known,192.168.1.161,192.168.1.174,4h
That way, 192.168.1.101... will only be used when the MAC address is
known, and 192.168.1.161... will only be used when the MAC address is
not known.
It's important to understand the two uses of tags in dhcp-range
dhcp-range=<tag>,......
will _set_ the tag if that range is used.
dhcp-range=net:tag,.......
will _use_ the range if the tag is set.
HTH
Simon.
More information about the Dnsmasq-discuss
mailing list