Restricting ONT's Ethernet port to singe active IP address

Frank Bulk frnkblk at iname.com
Wed Apr 22 20:23:45 UTC 2009


Jeremiah:

Thanks for the recommendations. 

I don't think "mac limit" is an ISC dhcp directive, sounds more like
something from an access vendor.  Unfortunately our access vendor doesn't
have a MAC address limit we can configure, but the software/hardware
currently supports 16.

It sounds like you have some practical experience -- does 2 leases do the
trick, and how often do you have someone call in to say they can't get an IP
(because they're playing musical chairs with their broadband routers)?  Have
you measured how many of your customers have two IP addresses?

Ideally if the second lease was issued the DHCP server would flush the
first, but that doesn't help because the client still thinks it's a valid
lease and would try to communicate with that IP.

Frank

-----Original Message-----
From: Jerimiah Cole [mailto:jcole at tbtc.net] 
Sent: Wednesday, April 22, 2009 3:07 PM
To: frnkblk at iname.com; Users of ISC DHCP
Subject: Re: Restricting ONT's Ethernet port to singe active IP address

Frank Bulk wrote:
> Option 82 support seems like the closest way to get it done, by creating 
> classes and handing out an static IP, but I understand the process 
> correctly, it requires generating a class for each Option 82 string and 
> assigning a static IP address.  That has the negatives of creating 
> classes in advance and giving out statics when I don't want to give out 
> statics.

Enter ISC's "spawning class" concept:

class "tbtc-dsl-occam" {
   match if substring(option agent.remote-id,0,5) = "Occam";
   spawn with concat(option agent.remote-id, " ", option agent.circuit-id);
   lease limit 2;
}

The "spawn with x" option dynamically creates a class for each unique 
"x", in my case the concatenation of the remote-id and circuit-id.

The lease limit is 2 to permit people to swap out devices without having 
to release.

I'd also recommend "mac limit 2" in your access profiles.

Jerimiah




More information about the dhcp-users mailing list