Block wired LAN connection from DHCP

Installing and Using OpenWrt Network and Wireless Configuration
1

Happy user of openWRT here for a few years, running 24.10 on Archer C7. I have "private" wired and both "private" and "guest" WiFi networks; "private" and "guest" use different network segments.

I have a dock for laptops (wired network and monitors), this works perfectly with my personal equipment.

However, I want to use my employer's laptop (belongs on "guest" network) via the dock, when I connect it gets wired DHCP onto the private network as well as WiFi DHCP to the guest one. This is obviously not desirable!

I have tried to set Firewall traffic rules to block this, to no avail. Unplugging cable works but is clunky.

Is it possible to block the wired link to a specific MAC address, if so please can someone advise how to do it?

Many thanks

Richard

2

Whatever goes through the dock get the MAC of the dock's RJ45.

You've got nothing unique to filter/trigger on, unless you kill the wired connection (diable the Ethernet interface, pull the cable, etc) and force the work laptop to use wifi instead.

3

Hmm, good point. I thought it used a pass-through mode for MAC - I will have to check that out.

As I have it at present, the work laptop DHCP request gets through and gets a reply, even though I have tried to block it. Why does this not block the MAC address that it sees (and which I see in the logs)?

image
image662×608 43 KB

image
image662×608 51.9 KB

Thanks in advance

Richard

4

You can ignore a specific mac address so that it will not get an ip address


# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
5

Thanks for the suggestion, but where does this go? Putting in the DHCP-options box just broke my DHCP!

Cheers, Richard

image
image1059×560 66.2 KB

6

@frollic Indeed Pass-through mode is disabled at present, thanks for pointing that out!

Cheers

Richard

7

@egc Looking more closely at the links you provided, MAC filtering suggests connecting via SSH and trying something like this:

uci add dhcp host
uci set dhcp.@host[-1].name="mydesktop"
uci set dhcp.@host[-1].mac="00:11:22:33:44:55"
uci set dhcp.@host[-1].ip="ignore"
uci commit dhcp
service dnsmasq restart

Is this the way to go?

R.

8

That's not the place where it should go, but in Network->DHCP->Leases.
There it would look like this:

dhcp
dhcp3133×1041 266 KB

Or you can add this in the config file /etc/config/dhcp, where it should look like this:

config host
        option name 'mydesktop'
        option mac '00:11:22:33:44:55'
        option ip 'ignore'
9

Many thanks,

I added in SSH as you show, then I see that this pops up in DHCP -> static leases, and I could have entered it directly.

I just need to get LAN pass-through configured and I'm done, this issue is solved.

Many thanks all.

Richard