Todd Sankey
2017-03-15 20:14:06 UTC
Our setup has two wifi networks with different network addresses, one for
employees and one for guests. On the employee network, the hosts all have
static host entries that include IP addresses. The guest network has no
static host entries. What we would like to do is prevent the employee
machines from getting any assignment on the guest network.
We tried using "tag:!known" in the dhcp-range configuration, and we have
tried a tag-if statement that sets a tag based on the guest network
interface and known followed by a dhcp-ignore. Neither works.
Looking through the code, I think it is because when looking for a
dhcp_config entry, the search is filtered by whether the assigned address
is valid for the interface the request was received on. Since the static
assignments are only valid for the employee network, when a request is
received on the guest network, the static assignments are not valid so the
"known" tag is never set. As a result, neither the dhcp-range tag filter
nor the tag-if filter has the desired effect.
I next tried having dhcp-host entries for every employee machine, one with
a static assignment on the employee network, and one with a static
assignment on guest network and appending "ignore" to the guest network
entry. This seems to have the desired behaviour in that employee machines
cannot get on the guest network. However, this obviously doubles the work
of maintaining the host list. I am also not sure what this does to the
guest address range having these static but ignored assignments.
Is there a better way to do this in the current version (2.76)?
If not, would it be a reasonable feature request to extend the handling of
dhcp-host settings so that if there is an IP assignment and "ignore" is
specified, then the host is ignored on networks where the IP assignment is
not valid?
employees and one for guests. On the employee network, the hosts all have
static host entries that include IP addresses. The guest network has no
static host entries. What we would like to do is prevent the employee
machines from getting any assignment on the guest network.
We tried using "tag:!known" in the dhcp-range configuration, and we have
tried a tag-if statement that sets a tag based on the guest network
interface and known followed by a dhcp-ignore. Neither works.
Looking through the code, I think it is because when looking for a
dhcp_config entry, the search is filtered by whether the assigned address
is valid for the interface the request was received on. Since the static
assignments are only valid for the employee network, when a request is
received on the guest network, the static assignments are not valid so the
"known" tag is never set. As a result, neither the dhcp-range tag filter
nor the tag-if filter has the desired effect.
I next tried having dhcp-host entries for every employee machine, one with
a static assignment on the employee network, and one with a static
assignment on guest network and appending "ignore" to the guest network
entry. This seems to have the desired behaviour in that employee machines
cannot get on the guest network. However, this obviously doubles the work
of maintaining the host list. I am also not sure what this does to the
guest address range having these static but ignored assignments.
Is there a better way to do this in the current version (2.76)?
If not, would it be a reasonable feature request to extend the handling of
dhcp-host settings so that if there is an IP assignment and "ignore" is
specified, then the host is ignored on networks where the IP assignment is
not valid?