Disable dynamic DHCP and serve only static leases

yens77 · November 30, 2019, 10:23am

Hello everybody,
From the graphic interface I can do:
(1) Network / Interfaces / LAN / DHCP Server / Advanced settings - in the options I uncheck the Dynamic DHCP and save. Then reboot the router. Doing so, only the static DHCP leases are served after the reboot.
(2) Network / Interfaces / LAN / DHCP Server / Advanced settings - in the options I check the Dynamic DHCP and save. Doing so, the dynamic DHCP clients are served again.

I would like to know if there is a way to do the above with terminal command or script, or with other words, I want that at a given moment the dynamic leases are dropped and for a certain period of time only static leases are served.

trendy · November 30, 2019, 11:54am

Try this script

#!/bin/sh
uci set dhcp.lan.dynamicdhcp=0
uci commit dhcp
service dnsmasq restart

Obviously dynamicdhcp=1 will enable it back.

yens77 · November 30, 2019, 7:11pm

Thanks a lot for the answer. Your script worked partially, I should change the last line
service dnsmasq restart
to
/etc/init.d/network restart

PP: I tried also
/etc/init.d/dnsmasq restart
or
/etc/init.d/odhcpd restart
but it didn't work, i.e. the dynamic clients are not disconnected.

trendy · November 30, 2019, 7:26pm

/etc/init.d/network restart will restart the network, not the dhcp service. Most likely dnsmasq restarts itself automatically upon detecting that network restarted, but I think it is overkill.
dnsmasq is the Ipv4 dhcp server and odhcpd the ipv6 server.
You cannot exactly disconnect the dynamic clients. They will continue to work until their lease time is over.

yens77 · November 30, 2019, 9:51pm

OK, I understand your point but the only way I found to disconnect the dynamic clients is to restart the network, and after the restart they do not reconnect. This is what I have now:

#!/bin/sh
uci set dhcp.lan.dynamicdhcp=0
uci commit dhcp
/etc/init.d/network restart

If I try it with dhcp server restart, the "old" clients stay connected after the restart, I assume it will prevent only new clients to connect:

#!/bin/sh
uci set dhcp.lan.dynamicdhcp=0
uci commit dhcp
/etc/init.d/dnsmasq restart

trendy · November 30, 2019, 10:00pm

I think this will only work for wireless clients. By restarting the network you turn off the Access Point and kick out the clients, forcing them to reconnect and keep out the dynamic ones.
If the clients are connected by wire it may or may not work, depending on your infrastructure.
It is not so elegant though for the static clients. A workaround would be to lower the lease time to minimum 2 minutes, then run the script with restart of the dnsmasq and wait for a couple of minutes.

yens77 · December 1, 2019, 11:35am

Actually I have the DHCP clients on the wireless, the static clients are all wired.
One option would be with wifi restart and not network restart but lowering the lease time seems the most suitable.
In fact what I want is to have the dynamic clients "kicked out" at 19:00 every day. I would then set up lease time 1h and set cron job with the sript (incl. dnsmasq restart) at 18:00 - this would make sure that latest at 19:00 no more dynamic clients are served.

mpa · December 3, 2019, 10:40pm

If the purpose is to limit network access based on time of day, maybe this could be better solved with a time-based firewall rule?

Name	Type	Required	Default	Description
start_time	time (hh:mm:ss)	no	(always)	If specified, only match traffic after the given time of day (inclusive).
stop_time	time (hh:mm:ss)	no	(always)	If specified, only match traffic before the given time of day (inclusive).

trendy · December 4, 2019, 11:03am

It could be a solution, but will apply to new connections only and a hack of iptables is needed to avoid that.

system · December 14, 2019, 11:04am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.