[Dnsmasq-discuss] Block dhcp from serving to specific device

Jeff Boyce jboyce at meridianenv.com
Fri Oct 16 17:39:31 BST 2020


Greetings -

     I am having an issue on my home network with Apple devices getting 
assigned addresses to vlans that are not desired.  Not sure of if 
dnsmasq will be helpful in resolving the issue, but thought I would 
inquire here as I am exploring many options.  I am running dnsmasq as 
part of my pfSense gateway device, but if dnsmasq can solve this then I 
am sure I can get it implemented in the pfSense interface.

     The issue is that I have two iPhones on my home wireless network, 
and have two vlans for my wireless network.  One vlan is for setup for 
the parents, while the other vlan is setup for kids and guests with 
different firewall and access restrictions between the two vlans.  All 
known devices are assigned static IP's via dnsmasq, with guest devices 
assigned dynamic IP addresses.  The parent iPhone is configured to use 
the parent wireless vlan.  The kid iPhone only has the ssid and password 
for the kid wireless vlan remembered on the phone, and has not been 
given the password for the parent wireless vlan.

     The issue occurs when occasionally I find the kid iPhone being 
assigned a dynamic IP address on the parent wireless vlan.  When this 
happens I tell the kid iPhone to forget that network, and it goes back 
to the kid wireless vlan.  I am certain that the kid is not the one 
making the change to the parent wireless network.

     I have tracked the issue to an Apple feature, that synchronizes 
wireless access point information between phones on the same account.  
The kids iPhone happens to be under the same Apple account as the iPhone 
of one of the parents, so when Apple synchronizes all iPhones on the 
account the kids phone gets the information for the ssid and password of 
the parent wireless vlan.  The kids iPhone will connect to the parent 
wireless vlan when dhcp is renewed if the parent wireless vlan happens 
to have a stronger signal than the kid wireless vlan (my assumption on 
signal strength being the determining factor, it may be the the reply 
comes back quicker from the parent wireless vlan).  When this happens 
the kids iPhone gets assigned a dynamic IP address from the parents 
wireless vlan.  I have gone through all the options with Apple to try 
and resolve this, and nothing works because it is an intended feature 
that is supposed to not be broken.

     So I am wondering if there is a configuration setting that I can 
add to my dhcp server that would refuse a specific device from 
connecting to a specific vlan.  If possible, then I would be able to 
block the kids iPhone from connecting to the parent wireless vlan, thus 
forcing it back to the kids wireless vlan.  Thanks.

Jeff




More information about the Dnsmasq-discuss mailing list