Saving the multiple DHCP Static Lists and Custom Client Lists from 3006 Routers with Guest Network Pro?

[jksmurf]

As noted a few times in various posts I’ve been using WinSCP and just saving several files from the router containing dhcp reservation details, then copying them back into /jffs/nvram, for many years, without issue.

For one fixed DHCP list (under the LAN, DHCP tab) that 3004 FW had, it worked fine for me (although I will admit @Tech9 noted some concerns).

There are currently (now) 4 methods I know of for saving just the DHCP Lists (excluding Backupmon which does a wholescale backup). These are:

1. Via SSH (putty etc.) using the nvram commands summarised in this post; credit to @ColinTaylor
2. Using WinSCP by just copying (drag and drop) the dhcp_staticlist and custom_clientlist files from /jffs/nvram across to a local drive (and back when you needed to); this was my preferred option, see attachment.
3. Via the YazDHCP Addon, which I do not use, so I have no idea how it works; I am loathe to install it just for the backup feature and as RMerlin noted here, Guest Network Pro adds Static Lists for Guest Networks, so YazDHCP is less relevant in that regard.
4. Via amendments to the dnsmasq.conf.add file that already exists in /jffs/config/ used by Jeffrey Young who references this source for format.
   
   Line format is:
   

   dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]

   
   Example from Jeffrey Young, with lease time:
   

   dhcp-host=00:90:A9:3B:5F:01,192.168.0.14,homecloud,3600

However with the advent of additional lists in Guest Network Pro VLANs (see attachments), albeit only 32# for each VLAN (think lots of IoT devices...), I am unsure where these additional lists are saved. I looked in the dhcp_staticlist and custom_clientlist files but they are not populated with Guest or IoT VLAN DHCP details. The original ones (for the Primary Network) remain unchanged however.

So, does anyone know:

(i) where these new lists are kept; and
(ii) can I download them or access them as before and upload replacements if I ever do a factory reset, without borking the entire system?

It's no good exporting the Client List from the Network Map (even though you can do this), because that is just a snapshot of what is online at any one time and you can't put it back anyway.

I am happy to input most setup details from screencaps, but the total 64# DHCP in the primary network PLUS now up to 32# (times five VLANs???) is a lot of IP Addresses and Custom Names to enter back by hand.

Ta.

[EDIT] To add the very useful and still reasonably simply dnsmasq.conf.add approach used by Jeffrey Young

 

[dave14305]

where these new lists are kept

It looks like there should be new nvram variables named dhcpres*_rl that are numbered with the sdn index.

 

[bennor]

Has anyone tried creating a /jffs/scripts/dnsmasq.postconf file to manually assign IP addresses to Asus-Merlin 3006.102_x Guest Network Pro clients? If it works, similar or the same as it does under the 3004 firmware (when using YazFi), it may provide another way to backup the GNP manual reservations (when "Use same subnet as main network" is disabled in GNP's settings).

Was waiting for the Asus-Merlin firmware to hit beta on the RT-AX86U Pro before trying to take a stab at a dnsmasq.postconf file for Guest Network Pro IP reservations.

 

[Jeffrey Young]

I have always used a dnsmasq.conf.add file to add my static dhcp entries. Easy to maintain, and easy to keep a backup copy. With 3006 out, there is a dnsmasq instance per SDN now. Merlin has added a dnsmasq-INDEX.conf.add so you can add to each instance.

 

[jksmurf]

I have always used a dnsmasq.conf.add file to add my static dhcp entries. Easy to maintain, and easy to keep a backup copy. With 3006 out, there is a dnsmasq instance per SDN now. Merlin has added a dnsmasq-INDEX.conf.add so you can add to each instance.

Nice, thank you. This would be a new way to do it for me.

I could WinSCP the dnsmasq.conf.add file and dnsmasq-INDEX.conf.add files (one for each VLAN) from the /jffs/config directory on the router to my desktop, add or amend lines with a little help from some concatenation/parsing/sorting in Excel, copy back to the dnmasq text file and then re-upload it to /jffs/config. Does it have any issues with existing dhcp entries or does it just start afresh each time?

Quick question, this SDN Index, is that the VLAN No? So e.g. if I have VLAN 53 it would be dnsmasq-53.conf.add?

 

[bennor]

In addition to the dnsmasq-INDEX.conf.add mentioned above, there is also dnsmasq-sdn.postconf. From the 3006 change log:

3006.102.1 (28-Jun-2024)
- NEW: Added dnsmasq-INDEX.conf.add and stubby-INDEX.yml.add, which are appended to SDN config files (INDEX = SDN index number)
- NEW: Added dnsmasq-sdn.postconf and stubby-sdn.postconf.
They take two arguments:
- path to the config file for that SDN's instance
- the SDN index number (1 for the first SDN instance)

 

[jksmurf]

In addition to the dnsmasq-INDEX.conf.add mentioned above, there is also dnsmasq-sdn.postconf. From the 3006 change log:

3006.102.1 (28-Jun-2024)
- NEW: Added dnsmasq-INDEX.conf.add and stubby-INDEX.yml.add, which are appended to SDN config files (INDEX = SDN index number)
- NEW: Added dnsmasq-sdn.postconf and stubby-sdn.postconf.
They take two arguments:
- path to the config file for that SDN's instance
- the SDN index number (1 for the first SDN instance)

Thanks bennor...hmmm OK ... well of those, I think I only understand (now) what dnsmasq-INDEX.conf.add does.

If the other items are needed for the swift backup and reload of dhcp static reservations, or at least useful for them, I think my feeble brain is going to need some more explanation and some examples to clarify them, for the purposes of this particuar query .

[EDIT] Another quick question, will these entries in dnsmasq.conf.add or dnsmasq-INDEX.conf.add show up in the WebGUI? A separate thread suggests no, is this still the case? Maybe I had looked at this approach a long time ago and was probably why I stuck with the simple dhcp_staticlist and custom_clientlist transfers, which "do" populate the GUI with entries (or they always did for me anwyay). I'd really like the GUI to be populated, the limit of 64 (Primary) and 32 (per VLAN) notwithstanding.

 

[Jeffrey Young]

You can add static DHCP entries using either the /jffs/configs/dnsmasq.conf.add config file or the /jffs/scripts/dnsmasq.postconf script.

The dnsmasq.conf.add is useful if you are just looking to add additional config options to the dnsmasq config file that are not normally dynamically added by Asus during the startup process. In this case, the dhcp-host= directive is generally not a dynamically built option at startup, so adding an example like this in a dnsmasq.conf.add file is usually nice and easy.

dhcp-host=50:7b:9d:31:2f:c2,192.168.189.6,nc,86400
dhcp-host=00:1B:A9:BF:12:8E,192.168.189.13,printer,86400
dhcp-host=E8-FB-1C-DC-B9-AB,08-26-AE-33-52-64,192.168.189.16,slyjay-ltop,3600

Since the file is not a script, you don't need to add any execute permission or the she-bang (#!).

The dnsmasq.postconf script is an actual script and is best used when you are looking to alter or delete a configuration option in the dnsmasq configuration that is normally dynamically added during startup. This script is called right after the router dynamically builds the default config file for dnsmasq, but before dnsmasq is started. So, in addition to changing options in the config file, you could also run other functions, if you needed too, before letting dnsmasq start. Merlin has a number of helper scripts to assist with this. So, to use the dnsmasq.postconf script, you would add something like this...

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_append "dhcp-host=50:7b:9d:31:2f:c2,192.168.189.6,nc,86400" $CONFIG
pc_append "dhcp-host=E8-FB-1C-DC-B9-AB,08-26-AE-33-52-64,192.168.189.16,slyjay-ltop,3600" $CONFIG

as an example of how I use the dnsmasq.postconf script to delete all the extra config options that Asus puts in for the br1 and br2 bridges that I don't use, I have this for my dnsmasq.postconf script;

#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_delete "br1" $CONFIG
pc_delete "br2" $CONFIG

. /opt/share/diversion/file/post-conf.div # Added by Diversion
cat /jffs/addons/YazFi.d/.dnsmasq >> /etc/dnsmasq.conf # YazFi

Notice how JackYaz uses this script to append dnsmasq options to the actual dnsmasq config file for his YazFi script (adds the DHCP server options for the guest network).

I don't believe the GUI will be updated as that info comes from the nvram settings. For the 3006 firmware, I beleive the INDIX number is the SDN number and not the VLAN ID. I suspect the first SDN is INDEX 1, the second SDN would be INDEX 2, and so forth. I would have to wait until I upgrade to the 3006 base before I am certain.

 

[jksmurf]

Thank you, really appreciate you taking the time to explain that in the level of detail you have. Will need to try, with some trepidation, hopefully I will not stuff up my current lists.

Even if they do not actually populate the GUI reservations, presumably the dnsmasq.conf.add dhcp details still show up in ASUS (often flaky*) Network client list screen, so you can still see which device is online?

I will probably experiment with all this once the format of the INDEX files is more well defined, along with the new nvram variables for GNP VLAN manually assigned dhcps that dave14305 mentioned briefly above, which (???) could potentially be copied back and forth like dhcp_list and custom_clientlist.

* As an aside I’m seeing devices I have assigned to the VLAN and set addresses for there e.g. 192.168.53.33 that have attached themselves to a mesh node, show up (incorrectly IMO) in the client list of the Primary LAN which is my 192.168.9.x subnet. VLAN Clients that latch on to the primary router Wi-Fi list themselves correctly. Odd.

[EDIT] Rambling…

Not being ungrateful, I do very much appreciate that you’ve shown there is a way to achieve what I’m after. While all those methods are certainly doable and I think I could personally work it out, gee wouldn’t it be great if there was a simple GUI utility or failing that, an Addon (DHCP_IO_Mon?) in amtm whose sole purpose was to easily and reliably export and import all the DHCP lists in csv or txt format, ones that did populate the GUI (even with the limitations on numbers), so that we don’t all need to go clonking around under the hood?

I appreciate many of you network specialists (which I am definitely not) prefer ssh, working with files with indecipherable names and meanings, the flexibility it provides and all that, but I’m thinking in this day and age, surely these things could be a wee bit simpler?

 

[Jeffrey Young]

Speaking from the school of hard knocks!! When you start down the path of experimenting, I suggest that you follow this order;

1. Find out what dnsmasq processes are running on your router. From an SSH shell, do a ps | grep dnsmasq and note the output.
2. Make your dnsmasq.conf.add file or dnsmasq.postconf script.
3. Test it by restarting dnsmasq (service restart_dnsmasq), then check that the process is alive (ps | grep dnsmasq). You should get the same output as in step 1.

If you mucked up something in your config file, and that is not hard to do - you just need to forget a comma or have a malformed MAC address, dnsmasq will fail to start. When that happens, your devices won't be able to get a DHCP lease. If you do run into troubles, check your syslog to see what dnsmasq is reporting. Being already connected to the router is a big help. The first time I mucked something up, I did not find out about it until after I signed off and closed my computer. I had to assign my laptop a static IP address in my LAN's subnet so I could SSH back into the router and find out where I goofed - it was a period inserted instead of a comma.

 

[Jeffrey Young]

Not being ungrateful, I do very much appreciate that you’ve shown there is a way to achieve what I’m after. While all those methods are certainly doable and I think I could personally work it out, gee wouldn’t it be great if there was a simple GUI utility or failing that, an Addon (DHCP_IO_Mon?) in amtm whose sole purpose was to easily and reliably export and import all the DHCP lists in csv or txt format, ones that did populate the GUI (even with the limitations on numbers), so that we don’t all need to go clonking around under the hood?

Well, you do have to remember the target audience for Asus when it comes to these routers. It is not us techy's! There is much better hardware on the market that will do what you are looking for, but they are not always as easy to set up as they are geared to the tech heads. Merlin just spoils us by giving a wee glimpse at what true commercial grade routers are capable of

 

[jksmurf]

Just updating this thread for completeness as @bennor has provided a very nice example in a separate post.

So, if not using dnmasq.postconf scripts (or YazDHCP**), just create a few simple files that you can create offline, populated with MAC, IP and name, and upload via WinSCP:

• For the primary network you can (I) still upload dhcp_staticlist and custom_clientlist files to /jffs/nvram/ (see above) or (ii) add a dnsmasq.conf.add file to /jffs/configs/
• For VLANs you can now create dnsmasq-INDEX.conf.add files, where INDEX=SDN number i.e simply the 1st, 2nd etc VLAN created (not VLAN ID), to /jffs/configs/.

** the developer version of which which only works on the Primary LAN I believe.

 

[jksmurf]

@bennor and @Jeffrey Young

Just a note to say thanks for the direction on this (across various threads). Unfortunately I did not have the same success as bennor. This is what I have done:

• I installed the addon YazDHCP (developer 1.07, after the j7 1.06 install via amtm) for the Primary WAN Devices and have given these devices both a custom client name and (a few) custom icons to see how that works (and because YazDHCP can export/import them). All good.
• Would it be correct to say that YazDHCP does not support Guest VLANs in the same way? but wouldn't that be great if it did!
• I then used your advice to create two dnsmasq-x.conf.add files, one for the Guest VLAN and one for my IoT VLAN, the one that came up across memory limitations. I discovered using @Jeffrey Young's ps | grep dnsmasq CMD above, which showed me (prior to any changes or additions) that the current manual assignments I had made in the GUI of GNP (Advanced Settings) were available in dhcp-host= lines in the /etc/dnsmasq-2.conf file (my IoT SDN).
• The original ps | grep dnsmasq CMD showed 7 files,
  • grep dnsmasq,
  • dnsmasq --log-async (twice, once for my login and once for nobody)
  • dnsmasq -c /etc/dnsmasq-1.conf --log-async (twice, once for my login and once for nobody)
  • dnsmasq -c /etc/dnsmasq-2.conf --log-async (twice, once for my login and once for nobody)
• The format of the dhcp-host lines from these (log?) files was this:

  • dhcp-host=xx:xx:xx:xx:xx:xx,set:xx:xx:xx:xx:xx:xx,devicename,192.168.xx.yy

• so it was actually a bit different to the required dnsmaq.conf.add format, so it didn't quite save me as much typing as I thought, although a little parsing/concatentation in Excel helped.

  • dhcp-host=xx:xx:xx:xx:xx:xx,192.168.xx.yy,devicename

• I wasn't sure how to set "permissions 0644" that @bennor referred to in the linked post above but WinSCP allows you to check/uncheck RW permissions so I could see Octal numbers close to 644 but never quite. However in WinSCP I saw there was an existing dnsmasq.conf.add file in /jffs/configs/ so I just figured that I could duplicate that file, empty it and save it as dnsmasq-x.conf.add and it would replicate the permissions.
• As I had already input 21 (of the 32) manual assignments into the GUI, I just copied and pasted these to the dnsmasq-2.conf.add file open on the router; same for my Guest VLAN. I appended each line with the lease time of 86400.
• I then ran the service restart_dnsmasq CMD (holding my breath). The IoT devices did not come up. Meh.
• A check using ps | grep dnsmasq as outlined above suggested that while dnsmasq -c /etc/dnsmasq-1.conf --log-async was present dnsmasq -c /etc/dnsmasq-2.conf --log-async had gone awol. Oops. I rebooted the router just to be sure (and briefly lost my USB, panic), but nope, I have lost the IoT network. hmmm. I have double-triple-checked the dnsmasq-2.conf.add. I have deleted the files to revert to the GUI ones for now (but the hostnames have gone whacko).

Couple of questions if I may:

• If I add, as above, manual assignments to .conf.add files, but I already have (i.e. I did not delete) the assignments that are already in GNP, will there be a conflict? i.e. should I do (have done) that first? Where is that assignment information (that you enter via the GUI) actually stored?
• Are custom_client names and icons available in GNP VLANs via these conf.add files or by some other mechanism?
• When I left in an old custom_client file (in /jffs/nvram) which had a bunch of older custom_client MAC Address vs Names, I saw that both Primary DHCP and even the GNP VLAN devices assumed these names. Is this is a possible way todo it? The format of the custom_client list seems to just be

  • Custom_NAME>MA:AC:AD:DR:ES:S1>0>XX>>>>><Custom_NAME2>MA:AC:AD:DR:ES:S2>0>YY>>>>>REPEAT

• I am not sure what the "XX" and "YY" numbers are, but if it's logical, could I use an existing custom_client file and just append to it? Would this have any adverse effects anywhere else?
• How about custom icons, is there any way to refer to those like for the Primary Network DHCPs listings; or, similar to the nomal icons? I saw a Dir in /jffs/configs called SavedUserIcons (empty though).

[EDIT1]

OK so I tried a ONE-line entry in dnsmasq-2.conf.add, ran ps | grep dnsmasq and it now shows BOTH dnsmasq -c /etc/dnsmasq-1.conf --log-async AND dnsmasq -c /etc/dnsmasq-2.conf --log-async . Progress.
What format is each line, continuous? I used a new entry on each line. If continuous, what separates the entries?

[EDIT2]

So I tried with one, then two, then several random lines from my 23 entries, some entries worked, some caused dnsmasq to fail.

The sys logs below are showing duplicate entries, so this might answer my question, if the duplicate entries are manual assignments I put in the GUI and they conflict with the dnsmasq-2.conf.add entries in the file in /jffs/configs/, then that could explain why it is not working. Oddly, only some entries cause it to fail, so I am assuming it is just the ones that are active. Next step, delete all the GUI entries.

Apr 11 16:33:49 dnsmasq[13827]: using 43912 more local addresses
Apr 11 16:33:49 dnsmasq[13827]: using 32 more nameservers
Apr 11 16:34:17 rc_service: watchdog 2693:notify_rc start_dnsmasq 2
Apr 11 16:34:17 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Apr 11 16:34:17 custom_config: Appending content of /jffs/configs/dnsmasq-2.conf.add.
Apr 11 16:34:17 dnsmasq[14426]: duplicate dhcp-host IP address 192.168.53.100 at line 43 of /etc/dnsmasq-2.conf
Apr 11 16:34:17 dnsmasq[14426]: FAILED to start up
Apr 11 16:34:48 rc_service: watchdog 2693:notify_rc start_dnsmasq 2
Apr 11 16:34:48 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Apr 11 16:34:48 custom_config: Appending content of /jffs/configs/dnsmasq-2.conf.add.
Apr 11 16:34:48 dnsmasq[14967]: duplicate dhcp-host IP address 192.168.53.100 at line 43 of /etc/dnsmasq-2.conf
Apr 11 16:34:48 dnsmasq[14967]: FAILED to start up

[EDIT3] Success!