[Dnsmasq-discuss] Block dhcp from serving to specific device
Jeff Boyce
jboyce at meridianenv.com
Fri Oct 16 17:39:31 BST 2020
Greetings -
I am having an issue on my home network with Apple devices getting
assigned addresses to vlans that are not desired. Not sure of if
dnsmasq will be helpful in resolving the issue, but thought I would
inquire here as I am exploring many options. I am running dnsmasq as
part of my pfSense gateway device, but if dnsmasq can solve this then I
am sure I can get it implemented in the pfSense interface.
The issue is that I have two iPhones on my home wireless network,
and have two vlans for my wireless network. One vlan is for setup for
the parents, while the other vlan is setup for kids and guests with
different firewall and access restrictions between the two vlans. All
known devices are assigned static IP's via dnsmasq, with guest devices
assigned dynamic IP addresses. The parent iPhone is configured to use
the parent wireless vlan. The kid iPhone only has the ssid and password
for the kid wireless vlan remembered on the phone, and has not been
given the password for the parent wireless vlan.
The issue occurs when occasionally I find the kid iPhone being
assigned a dynamic IP address on the parent wireless vlan. When this
happens I tell the kid iPhone to forget that network, and it goes back
to the kid wireless vlan. I am certain that the kid is not the one
making the change to the parent wireless network.
I have tracked the issue to an Apple feature, that synchronizes
wireless access point information between phones on the same account.
The kids iPhone happens to be under the same Apple account as the iPhone
of one of the parents, so when Apple synchronizes all iPhones on the
account the kids phone gets the information for the ssid and password of
the parent wireless vlan. The kids iPhone will connect to the parent
wireless vlan when dhcp is renewed if the parent wireless vlan happens
to have a stronger signal than the kid wireless vlan (my assumption on
signal strength being the determining factor, it may be the the reply
comes back quicker from the parent wireless vlan). When this happens
the kids iPhone gets assigned a dynamic IP address from the parents
wireless vlan. I have gone through all the options with Apple to try
and resolve this, and nothing works because it is an intended feature
that is supposed to not be broken.
So I am wondering if there is a configuration setting that I can
add to my dhcp server that would refuse a specific device from
connecting to a specific vlan. If possible, then I would be able to
block the kids iPhone from connecting to the parent wireless vlan, thus
forcing it back to the kids wireless vlan. Thanks.
Jeff
More information about the Dnsmasq-discuss
mailing list