Restricting ONT's Ethernet port to singe active IP address

Jerimiah Cole jcole at
Wed Apr 22 21:12:27 UTC 2009

Frank Bulk wrote:
> I don't think "mac limit" is an ISC dhcp directive, sounds more like
> something from an access vendor.  Unfortunately our access vendor doesn't
> have a MAC address limit we can configure, but the software/hardware
> currently supports 16.

You're right.  I thought this came from a different mailing list :)

The config I pasted works on all kinds of gear though.  We do the same
thing on ATM based DSL by spawning with the PVC information included in
the Option 82 data:

class "qwest-dsl" {
   match if binary-to-ascii(10,8,".",substring(option
agent.remote-id,4,4)) = "<";
   spawn with option agent.remote-id;
   lease limit 2;

> It sounds like you have some practical experience -- does 2 leases do the
> trick, and how often do you have someone call in to say they can't get an IP
> (because they're playing musical chairs with their broadband routers)?

It's been a few years since I worked the support desk, but as I recall,
it was quite rare.  It was rarer still that somebody was actually trying
to use more than two.

> Have
> you measured how many of your customers have two IP addresses?

Right now on one server, 3 out of 1889 active leases.

> Ideally if the second lease was issued the DHCP server would flush the
> first, but that doesn't help because the client still thinks it's a valid
> lease and would try to communicate with that IP.

Ideally we could uniquely identify clients based on things other than
'client-id' or 'hardware'.  Thats a different conversation though :)

In my experience, 'lease limit 1' created too many support calls.
'lease limit 2' is good enough.  Most people who have more than one
device also have more than two.


More information about the dhcp-users mailing list