DHCP: Deny known GREEN clients from obtaining IP from BLUE

Hi folks!

I’m using GREEN for my home network, and assigning fixed DHCP leases to known devices with a small pool for unknown devices. The home network is a mix of wired and wifi with WPA-2 password.

I’m using BLUE for my guest WiFi network (no password, throttled, etc).

Is there a way to prohibit all fixed-lease clients on GREEN from obtaining an IP address on BLUE? I want to prevent the kids from simply choosing to connect to BLUE to circumvent the protections (web proxy, url filtering, etc) on GREEN.

I see the “Deny known clients” option for DHCP for both GREEN and BLUE, but it isn’t clear if that will deny all known clients from both BLUE and GREEN, or just known clients from the same network only.


It will deny all known clients from green or blue from getting a dynamic lease from blue if it is ticked on blue.

That is what I have on my system and occasionally I want to test my blue network with one of my green machines with a fixed lease and it often takes me a few failed attempts to get an ip before I remember that I have the “Deny known clients” ticked.

1 Like

Thanks - enabling “Deny known clients” for Blue works like a charm!


1 Like

Question: How reliably does it work with the “Limit IP Address Tracking” being enabled on iPhones?
I recognize that even I have the native and one fictitious MAC address listed on the DHCP server for green the phone is able to obtain an address from blue.

I have no idea about the iPhone. I don’t have one so I can’t comment on it directly.

I have an Android phone and I have switched off the randomised MAC address option on it so it has a permanent native MAC address. That has worked fine for me with the Deny known clients.

Can you switch off the randomised MAC address option on an iPhone? If not then you will always have a problem as periodically the phone will change the MAC Address again and again.

Android did have plans to change the Randomised MAC option into a permanent one which could not be changed by the user but after a big outcry that plan looks to have never been implemented. There has always been an option to maintain the Native MAC address and I am now on Android 11.

On Android I can also choose for each wifi connection whether it uses the Randomised or Phone MAC address.

I would expect, although I don’t have any specific knowledge on this, that the iPhone should be able to do the same.

Thanks for your swift reply. If I’m disabling the feature it’s working, but the issue is with the phone of my daughter where I have very limited to no access to.
I was just looking for a reliable way to avoid access to blue considering this feature. What I understood this isn’t possible.