[Dnsmasq-discuss] "dhcp-ignore = myTag, #known" was not what
I thought
Simon Kelley
simon at thekelleys.org.uk
Sat Dec 6 21:04:00 GMT 2008
Mariano Absatz wrote:
> Simon Kelley escribió el 05/12/08 19:00:
>
>> Mariano Absatz wrote:
>>
>>>
>>> How should I configure my dnsmasq to prevent unknown MACs from
>>> getting an IP in the "tagIKnowYou" range?
>>
>>
>> You don't need to set your own tags at all, just use the "known" tag,
>> which will be set whenever a dhcp-host matches the MAC address.
>>
>> Then do
>>
>> dhcp-range=net:known,192.168.1.101,192.168.1.120,4h
>> dhcp-range=net:#known,192.168.1.161,192.168.1.174,4h
>>
>> That way, 192.168.1.101... will only be used when the MAC address is
>> known, and 192.168.1.161... will only be used when the MAC address is
>> not known.
>>
>>
>> It's important to understand the two uses of tags in dhcp-range
>>
>> dhcp-range=<tag>,......
>>
>> will _set_ the tag if that range is used.
>>
>> dhcp-range=net:tag,.......
>>
>> will _use_ the range if the tag is set.
>
> Now I get it... thank you...
>
> now, a couple of related questions...
>
> 1) does "dhcp-range" allow me to match more than one tag? or to match
> one (or more) and set another one?
It allows you to match more than one, but they're combined as AND, so
dhcp-range=net:tag1, net:tag2, ......
means use that range if tag1 is set AND tag2 is set.
If you want to OR them, just repeat the ranger statement
dhcp-range=net:tag1, 192.168.0.1, 192.168.0.10
dhcp-range=net:tag2, 192.168.0.1, 192.168.0.10
will use 192.168.0.1-192.168.0.10 of tag1 is set OR tag2 is set.
You can match one (or more) tags, as above, and set a tag too
dhcp-range=net:tag1, net:tag2, newtag, ......
newtag is set when this range is used. There can only be one tag set on
a range.
>
> 2) when I write:
>
> ############# OUR PCs ##############
> dhcp-host=00:22:33:44:55:01,192.168.1.101,net:tagIKnowYou,mycompany-PC-01
> dhcp-host=00:22:33:44:55:02,192.168.1.101,net:tagIKnowYou,mycompany-PC-02
> dhcp-host=00:22:33:44:55:03,192.168.1.101,net:tagIKnowYou,mycompany-PC-03
>
>
> I am *setting* (and not trying to */match/*) the tag "tagIKnowYou" for
> these hosts, am I?
You're setting it.
It's probably worth enumerating all the ways that tags can be set.
1) The name of the interface on which a DHCP request is recived is set
as a tag (2.46 and later only)
2) Tags can be set based on a match of circuit-id, subscriber-id and
remote-id in an RFC3046 realy agent option.
3) Tags can be set based on the MAC address with --dhcp-mac
4) If a dhcp-host line is used (or an implied one derived from
/etc/ethers) then "known" is set as a tag
5) If the used config line includes net:<tag> then that is set.
6) For BOOTP requests ONLY, tag "bootp" is set, and incoming "filename"
field (which isn't strictly an filename in BOOTP) is used as a tag
7) Tags are set based in the vendor class and user class.
At this point, if any set tags match a dhcp-ignore tag then the request
is discarded.
Then a dhcp-range is selected, based on the current tag set, available
IP addresses etc.
8) Any tag in the DHCP range line is set.
Finally, dhcp-options are added, filtered using the current tag set.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list