Since 6.45beta6 version RouterOS support vendor class id matcher. The vendor class is used by DHCP clients to optionally identify the vendor and configuration.
| Property | Description |
|---|---|
| name (string; Default: ) | Self explained |
| sever (string; Default: all) | Specific DHCP server to match |
| address-pool (string; Default: ) | Address pool for a particular Vendor ID (VID) |
| vid (string; Default: ) | Vendor Class ID matcher |
In the following configuration example, we will give an IP address from a particular pool for an Android based mobile phone. We will use the RouterBOARD with a default configuration
/ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 add name=pool-for-VID ranges=172.16.16.10-172.16.16.120
Configure vendor-class-id matcher. DHCP servers configuration remains default
/ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge name=defconf /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dhcp-server vendor-class-id add address-pool=pool-for-VID name=samsung server=defconf vid=android-dhcp-9
Connect your mobile phone to the device to receive an IP address from 172.16.16.0 network
[admin@mikrotik] > /ip dhcp-server lease print detail
Flags: X - disabled, R - radius, D - dynamic, B - blocked
0 D address=172.16.16.120 mac-address=30:07:4D:F5:07:49 client-id="1:30:7:4d:f5:7:49" address-lists="" server=defconf dhcp-option=""
status=bound expires-after=8m55s last-seen=1m5s active-address=172.16.16.120 active-mac-address=30:07:4D:F5:07:49
active-client-id="1:30:7:4d:f5:7:49" active-server=defconf host-name="Galaxy-S8"
If you do not know your devices Vendor Class ID, you can turn on DHCP debug logs with /system logging add topics=dhcp. Then in the logging entries, you will see Class-ID
10:30:31 dhcp,debug,packet defconf received request with id 4238230732 from 0.0.0.0 10:30:31 dhcp,debug,packet secs = 3 10:30:31 dhcp,debug,packet ciaddr = 0.0.0.0 10:30:31 dhcp,debug,packet chaddr = 30:07:4D:F5:07:49 10:30:31 dhcp,debug,packet Msg-Type = request 10:30:31 dhcp,debug,packet Client-Id = 01-30-07-4D-F5-07-49 10:30:31 dhcp,debug,packet Address-Request = 172.16.16.120 10:30:31 dhcp,debug,packet Server-Id = 192.168.88.1 10:30:31 dhcp,debug,packet Max-DHCP-Message-Size = 1500 10:30:31 dhcp,debug,packet Class-Id = "android-dhcp-9" 10:30:31 dhcp,debug,packet Host-Name = "Galaxy-S8" 10:30:31 dhcp,debug,packet Parameter-List = Subnet-Mask,Router,Domain-Server,Domain-Name,Interface-MTU,Broadcast-Address,Address-Time,Ren ewal-Time,Rebinding-Time,Vendor-Specific 10:30:31 dhcp,info defconf assigned 172.16.16.120 to 30:07:4D:F5:07:49 10:30:31 dhcp,debug,packet defconf sending ack with id 4238230732 to 172.16.16.120 10:30:31 dhcp,debug,packet ciaddr = 0.0.0.0 10:30:31 dhcp,debug,packet yiaddr = 172.16.16.120 10:30:31 dhcp,debug,packet siaddr = 192.168.88.1 10:30:31 dhcp,debug,packet chaddr = 30:07:4D:F5:07:49 10:30:31 dhcp,debug,packet Msg-Type = ack 10:30:31 dhcp,debug,packet Server-Id = 192.168.88.1 10:30:31 dhcp,debug,packet Address-Time = 600 10:30:31 dhcp,debug,packet Domain-Server = 192.168.88.1,10.155.0.1,10.155.0.126
通过设置vcendor classes,让苹果手机获取到不同的IP段,然后不给这个IP段设置伪装上网。它就上不了网了!
ROS的IP/dhcp server通过限制设备的Vendor Classes来使某些品牌的手机上不了网
原文:https://www.cnblogs.com/itfat/p/13095531.html