[Dnsmasq-discuss] "dhcp-ignore = myTag, #known" was not what I thought

Simon Kelley simon at thekelleys.org.uk
Sat Dec 6 21:04:00 GMT 2008

Mariano Absatz wrote:
> Simon Kelley escribió el 05/12/08 19:00:
>> Mariano Absatz wrote:
>>> How should I configure my dnsmasq to prevent unknown MACs from 
>>> getting an IP in the "tagIKnowYou" range?
>> You don't need to set your own tags at all, just use the "known" tag, 
>> which will be set whenever a dhcp-host matches the MAC address.
>> Then do
>> dhcp-range=net:known,,,4h
>> dhcp-range=net:#known,,,4h
>> That way, will only be used when the MAC address is 
>> known, and will only be used when the MAC address is 
>> not known.
>> It's important to understand the two uses of tags in dhcp-range
>> dhcp-range=<tag>,......
>> will _set_ the tag if that range is used.
>> dhcp-range=net:tag,.......
>> will _use_ the range if the tag is set.
> Now I get it... thank you...
> now, a couple of related questions...
> 1) does "dhcp-range" allow me to match more than one tag? or to match 
> one (or more) and set another one?

It allows you to match more than one,  but they're combined as AND, so

dhcp-range=net:tag1, net:tag2, ......

means use that range if tag1 is set AND tag2 is set.

If you want to OR them, just repeat the ranger statement


will use of tag1 is set OR tag2 is set.

You can match one (or more) tags, as above, and set a tag too

dhcp-range=net:tag1, net:tag2, newtag, ......

newtag is set when this range is used. There can only be one tag set on 
a range.

> 2) when I write:
> ############# OUR PCs ##############
> dhcp-host=00:22:33:44:55:01,,net:tagIKnowYou,mycompany-PC-01
> dhcp-host=00:22:33:44:55:02,,net:tagIKnowYou,mycompany-PC-02
> dhcp-host=00:22:33:44:55:03,,net:tagIKnowYou,mycompany-PC-03
> I am *setting* (and not trying to */match/*) the tag "tagIKnowYou" for 
> these hosts, am I?
You're setting it.

It's probably worth enumerating all the ways that tags can be set.

1) The name of the interface on which a DHCP request is recived is set 
as a tag (2.46 and later only)

2) Tags can be set based on a match of circuit-id, subscriber-id and 
remote-id in an RFC3046 realy agent option.

3) Tags can be set based on the MAC address with --dhcp-mac

4) If a dhcp-host line is used (or an implied one derived from 
/etc/ethers) then "known" is set as a tag

5) If the used config line includes net:<tag> then that is set.

6) For BOOTP requests ONLY, tag "bootp" is set, and incoming "filename" 
field (which isn't strictly an filename in BOOTP) is used as a tag

7) Tags are set based in the vendor class and user class.

At this point, if any set tags match a dhcp-ignore tag then the request 
is discarded.

Then a dhcp-range is selected, based on the current tag set, available 
IP addresses etc.

8) Any tag in the DHCP range line is set.

Finally, dhcp-options are added, filtered using the current tag set.



More information about the Dnsmasq-discuss mailing list