[Dnsmasq-discuss] "dhcp-ignore = myTag, #known" was not what
simon at thekelleys.org.uk
Sat Dec 6 21:04:00 GMT 2008
Mariano Absatz wrote:
> Simon Kelley escribió el 05/12/08 19:00:
>> Mariano Absatz wrote:
>>> How should I configure my dnsmasq to prevent unknown MACs from
>>> getting an IP in the "tagIKnowYou" range?
>> You don't need to set your own tags at all, just use the "known" tag,
>> which will be set whenever a dhcp-host matches the MAC address.
>> Then do
>> That way, 192.168.1.101... will only be used when the MAC address is
>> known, and 192.168.1.161... will only be used when the MAC address is
>> not known.
>> It's important to understand the two uses of tags in dhcp-range
>> will _set_ the tag if that range is used.
>> will _use_ the range if the tag is set.
> Now I get it... thank you...
> now, a couple of related questions...
> 1) does "dhcp-range" allow me to match more than one tag? or to match
> one (or more) and set another one?
It allows you to match more than one, but they're combined as AND, so
dhcp-range=net:tag1, net:tag2, ......
means use that range if tag1 is set AND tag2 is set.
If you want to OR them, just repeat the ranger statement
dhcp-range=net:tag1, 192.168.0.1, 192.168.0.10
dhcp-range=net:tag2, 192.168.0.1, 192.168.0.10
will use 192.168.0.1-192.168.0.10 of tag1 is set OR tag2 is set.
You can match one (or more) tags, as above, and set a tag too
dhcp-range=net:tag1, net:tag2, newtag, ......
newtag is set when this range is used. There can only be one tag set on
> 2) when I write:
> ############# OUR PCs ##############
> I am *setting* (and not trying to */match/*) the tag "tagIKnowYou" for
> these hosts, am I?
You're setting it.
It's probably worth enumerating all the ways that tags can be set.
1) The name of the interface on which a DHCP request is recived is set
as a tag (2.46 and later only)
2) Tags can be set based on a match of circuit-id, subscriber-id and
remote-id in an RFC3046 realy agent option.
3) Tags can be set based on the MAC address with --dhcp-mac
4) If a dhcp-host line is used (or an implied one derived from
/etc/ethers) then "known" is set as a tag
5) If the used config line includes net:<tag> then that is set.
6) For BOOTP requests ONLY, tag "bootp" is set, and incoming "filename"
field (which isn't strictly an filename in BOOTP) is used as a tag
7) Tags are set based in the vendor class and user class.
At this point, if any set tags match a dhcp-ignore tag then the request
Then a dhcp-range is selected, based on the current tag set, available
IP addresses etc.
8) Any tag in the DHCP range line is set.
Finally, dhcp-options are added, filtered using the current tag set.
More information about the Dnsmasq-discuss