[Dnsmasq-discuss] Block dhcp from serving to specific device
    Andrew Miskell 
    andrewmiskell at mac.com
       
    Fri Oct 16 22:00:35 BST 2020
    
    
  
David has the right answer, there’s two way to resolve it.
1. Disable keychain sync to iCloud on the kid’s device, however, the kids can re-enable it at any time without your intervention. Plus this has a downside of the kids having a copy of every stored password you may have saved to your iCloud account.
2. Create an iCloud account for the kids and link them to your iCloud account via Family Sharing (https://www.apple.com/family-sharing/ <https://www.apple.com/family-sharing/>). It keeps your passwords and WiFi networks off the children’s devices but still allows you to do things like share purchases, track child devices, etc, etc. 
Denying an IP address when connected to the parent’s SSID wouldn’t normally force the device to the other SSID. It’ll likely just make the phone assign an APIPA (169.254.x.x) address and then complain about being connected to a network with no internet access. You’d have to then manually switch to the children’s SSID in order to get network access. This is because the parent’s WiFi network would have higher priority so the phone will want to stay connected to that SSID.
Using Family Sharing would be the appropriate solution in this scenario. 
> On Oct 16, 2020, at 2:44 PM, David Kerr <david.a.kerr at gmail.com> wrote:
> 
> Have you tried disabling keychain sync to iCloud on the kids iPhones?  WiFi passwords are stored in there and if you sync keychain across devices then that is why the kids iPhones are picking up your WiFi passwords.
> 
> They will also be getting all your saved userids and passwords... Do you really want your kids having your bank account credentials?
> 
> It would be best for your kids to have their own Apple IDs -- unless they are still too young for that.
> 
> David.
> 
> ---------- Forwarded message ---------
> From: Jeff Boyce <jboyce at meridianenv.com <mailto:jboyce at meridianenv.com>>
> Subject: [Dnsmasq-discuss] Block dhcp from serving to specific device
> Date: October 16, 2020 at 11:39:31 AM CDT
> To: DNSmasq Mailing List <dnsmasq-discuss at lists.thekelleys.org.uk <mailto:dnsmasq-discuss at lists.thekelleys.org.uk>>
> 
> Greetings -
> 
>     I am having an issue on my home network with Apple devices getting assigned addresses to vlans that are not desired.  Not sure of if dnsmasq will be helpful in resolving the issue, but thought I would inquire here as I am exploring many options.  I am running dnsmasq as part of my pfSense gateway device, but if dnsmasq can solve this then I am sure I can get it implemented in the pfSense interface.
> 
>     The issue is that I have two iPhones on my home wireless network, and have two vlans for my wireless network.  One vlan is for setup for the parents, while the other vlan is setup for kids and guests with different firewall and access restrictions between the two vlans.  All known devices are assigned static IP's via dnsmasq, with guest devices assigned dynamic IP addresses.  The parent iPhone is configured to use the parent wireless vlan.  The kid iPhone only has the ssid and password for the kid wireless vlan remembered on the phone, and has not been given the password for the parent wireless vlan.
> 
>     The issue occurs when occasionally I find the kid iPhone being assigned a dynamic IP address on the parent wireless vlan.  When this happens I tell the kid iPhone to forget that network, and it goes back to the kid wireless vlan.  I am certain that the kid is not the one making the change to the parent wireless network.
> 
>     I have tracked the issue to an Apple feature, that synchronizes wireless access point information between phones on the same account.  The kids iPhone happens to be under the same Apple account as the iPhone of one of the parents, so when Apple synchronizes all iPhones on the account the kids phone gets the information for the ssid and password of the parent wireless vlan.  The kids iPhone will connect to the parent wireless vlan when dhcp is renewed if the parent wireless vlan happens to have a stronger signal than the kid wireless vlan (my assumption on signal strength being the determining factor, it may be the the reply comes back quicker from the parent wireless vlan).  When this happens the kids iPhone gets assigned a dynamic IP address from the parents wireless vlan.  I have gone through all the options with Apple to try and resolve this, and nothing works because it is an intended feature that is supposed to not be broken.
> 
>     So I am wondering if there is a configuration setting that I can add to my dhcp server that would refuse a specific device from connecting to a specific vlan.  If possible, then I would be able to block the kids iPhone from connecting to the parent wireless vlan, thus forcing it back to the kids wireless vlan.  Thanks.
> 
> Jeff
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss <http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss>
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20201016/593be97a/attachment-0001.html>
    
    
More information about the Dnsmasq-discuss
mailing list