Restricting ONT's Ethernet port to singe active IP address

Wed Apr 22 20:44:03 UTC 2009

> Jeremiah:
>
> Thanks for the recommendations.
>
> I don't think "mac limit" is an ISC dhcp directive, sounds more like
> something from an access vendor.  Unfortunately our access vendor doesn't
> have a MAC address limit we can configure, but the software/hardware
> currently supports 16.
>
> It sounds like you have some practical experience -- does 2 leases do the
> trick, and how often do you have someone call in to say they can't get an
> IP
> (because they're playing musical chairs with their broadband routers)?
> Have
> you measured how many of your customers have two IP addresses?
>
> Ideally if the second lease was issued the DHCP server would flush the
> first, but that doesn't help because the client still thinks it's a valid
> lease and would try to communicate with that IP.
>
> Frank
>
> -----Original Message-----
> From: Jerimiah Cole [mailto:jcole at tbtc.net]
> Sent: Wednesday, April 22, 2009 3:07 PM
> To: frnkblk at iname.com; Users of ISC DHCP
> Subject: Re: Restricting ONT's Ethernet port to singe active IP address
>
> Frank Bulk wrote:
>> Option 82 support seems like the closest way to get it done, by creating
>> classes and handing out an static IP, but I understand the process
>> correctly, it requires generating a class for each Option 82 string and
>> assigning a static IP address.  That has the negatives of creating
>> classes in advance and giving out statics when I don't want to give out
>> statics.
>
> Enter ISC's "spawning class" concept:
>
> class "tbtc-dsl-occam" {
>    match if substring(option agent.remote-id,0,5) = "Occam";
>    spawn with concat(option agent.remote-id, " ", option
> agent.circuit-id);
>    lease limit 2;
> }
>
> The "spawn with x" option dynamically creates a class for each unique
> "x", in my case the concatenation of the remote-id and circuit-id.
>
> The lease limit is 2 to permit people to swap out devices without having
> to release.
>
> I'd also recommend "mac limit 2" in your access profiles.
>
> Jerimiah
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
I'm not sure what you're using for the FTTH transport, but there's usually
a way to limit this in the transport equipment.  We use the FiberDrive
500, F5, and C7 Calix/OSI, and there are profiles that we configure for
DHCP that sets the number of addresses we allow to be pulled by the NID. 
As an aside, we set ours to 1 more than the customer needs so our field
techs can plug in and test without our intervention to clear leases.

Milton Schober, Jr.
NTS Communications, Inc.