Static leases based on MAC without GATEWAY and DNS?

czezz · February 4, 2021, 8:06am

Hi,
According to the documentation this is how to configure static lease for host with specific MAC.
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration


config host 
  option ip 192.168.1.22 
  option mac 00:11:22:33:44:55
  option name mydesktop

Question:
How can I specify that this host get no GATEWAY and DNS (or set fake parameters)?

frollic · February 4, 2021, 8:15am

Check the Client classifying and individual options section in the link you used.

Option 3 is the gateway, if I remember correctly, and 6 is DNS.

https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

vgaetera · February 4, 2021, 9:08am

czezz · February 5, 2021, 9:36am

Hi guys,
Thank you for your replies.

That sounds about right with classifier and tagged network and also option 3 and 6.
I would use the following commands.
However, is there a way to translate following UCI commands into pure entries that i would simply add to /etc/config/dhcp ?

uci set dhcp.mac_vpn="mac"
uci set dhcp.mac_vpn.mac="00:11:22:33:44:55"
uci set	dhcp.mac_vpn.ip="192.168.1.22"
uci set dhcp.mac_vpn.networkid="vpn"
uci add_list dhcp.mac_vpn.dhcp_option="3,0.0.0.0"
uci add_list dhcp.mac_vpn.dhcp_option="6,0.0.0.0"
uci add_list dhcp.mac_vpn.dhcp_option="44"
uci commit dhcp
/etc/init.d/dnsmasq restart

Im just not sure if UCI will simply add entries to /etc/config/dhcp OR will do some other modifications in other files.

vgaetera · February 5, 2021, 9:42am

That's correct.

czezz · February 5, 2021, 10:30am

Yes, that did add entries to /etc/config/dhcp (hopefuly only there). Thanks!

config mac 'mac_vpn'
        option mac '00:11:22:33:44:55'
        option ip '192.168.1.22'
        option networkid 'vpn'
        list dhcp_option '3'
        list dhcp_option '6'
        list dhcp_option '44'

One remark:
Dont specify 0.0.0.0 (for GW and DNS) as it will not work.
Either specify IP out of your subnet OR better - keep it empty.

What is not working is assigning specific IP to the MAC (in my case 192.168.1.22)
Any idea why is that?

czezz · February 5, 2021, 11:05am

UPDATE: I have found out that ci set dhcp.norouting.dhcp_option="3" and ci set dhcp.norouting.dhcp_option="6" cannot co-exist. Why and how to keep both of them?

I will partly answer it by myself.
Apparently it requires different approach with UCI.
Note! for some reason following entries cannot co-exist together:
uci set dhcp.norouting.dhcp_option="3"
uci set dhcp.norouting.dhcp_option="6"

Config file will keep the later one only (6 in this case).
Event hough I added later manually option dhcp_option '3' to /etc/config/dhcp, only the last entry will work (so 3 in that case, and 6 will have o effect).
I have no idea why and how to overcome it.

UCI commands:


uci set dhcp.printer="host"
uci set dhcp.printer.name="printer"
uci set dhcp.printer.mac="08:00:27:45:60:e0"
uci set dhcp.printer.ip="192.168.1.22"
uci set dhcp.printer.tag="norouting"
uci set dhcp.norouting="tag"
uci set dhcp.norouting.dhcp_option="3" <--- this one will be overwritten by next entries (6)
uci set dhcp.norouting.dhcp_option="6"
uci commit dhcp
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

Final result in /etc/config/dhcp:

config host 'printer'
        option name 'printer'
        option mac '00:11:22:33:44:55'
        option ip '192.168.1.22'
        option tag 'norouting'

config tag 'norouting'
        option dhcp_option '6'
        option dhcp_option '3' <--- I add it as another manually entry, but it will overwrites previous one. Why and how to keep both of them?

trendy · February 5, 2021, 11:43am

It should be a list, not an option.

vgaetera · February 5, 2021, 11:52am

Actually, firewall is more suitable to manage network access permissions:

uci -q delete firewall.fwd_deny
uci set firewall.fwd_deny="rule"
uci set firewall.fwd_deny.name="Deny-Forward"
uci set firewall.fwd_deny.src="lan"
uci add_list firewall.fwd_deny.src_mac="08:00:27:45:60:e0"
uci set firewall.fwd_deny.dest="wan"
uci set firewall.fwd_deny.proto="all"
uci set firewall.fwd_deny.target="REJECT"
uci commit firewall
/etc/init.d/firewall restart

czezz · February 5, 2021, 12:22pm

Hi,

@trendy
YES! It seems that first entry can be kept as option and another shall be added as list.
That will allow to use both options 3 (GW) and 6 (DNS).
Thank you.

There is final entry listing:

config host 'printer'
        option name 'printer'
        option mac '08:00:27:45:60:e0'
        option ip '192.168.1.22'
        option tag 'norouting'

config tag 'norouting'
        option dhcp_option '3'
        list dhcp_option '6'

@vgaetera
That is interesting approach. Thanks.
Any chance you have plain text entries for that? (otherwise, I think i will build some test-system)

vgaetera · February 5, 2021, 1:38pm

You can skip the commit command.
Instead, use the export command to see resulting config.
And then the revert command to cancel runtime changes.

system · February 15, 2021, 1:38pm

This topic was automatically closed 0 minutes after the last reply. New replies are no longer allowed.