Limiting addresses per user for users with more than one circuit-id

Niall O'Reilly niall.oreilly at
Mon Dec 15 17:36:36 UTC 2014

At Mon, 15 Dec 2014 13:48:28 +0200,
Ilkka Virta wrote:
> Hi,
> We have users (student apartments) who get addresses from DHCP, and we
> need to limit the number of addresses given to each user, so that
> nobody can hoard all the addresses in the network. We have a somewhat
> convoluted system in place for doing this, but I was thinking if it
> could be made simpler with the built-in limiting in dhcpd.

  After a quick look at, the following thoughts come to me.
  They may not make sense; I'm just brainstorming.

  Perhaps DHCP is "not the [droid] you're looking for".
  Have you considered whether RADIUS fits your use-case?

  Otherwise (and if I recall correctly), there are LDAP and/or SQL
  extensions to ISC DHCP which might be what you need to build on.
  Latency would need attention case of either of these, or indeed of
  any external program.

  A different approach could work if the number of customers and the
  number of likely active circuit-id tags are roughly the same
  multiple (or perhaps fraction) of the number of addresses you have
  to share out.  Then using the circuit-id would be strictly unfair,
  but practically close enough.

  Another option would be to build a tunnel service after the manner
  of SixXS, where each client gets just one tunnel with the associated
  persistent address.

  If DHCP is still the closest fit, perhaps running a custom DHCP
  relay (maybe upstream of the embedded relay instances in your
  routers), which could mangle the circuit-ids as you suggest, would
  be the way to build a solution.

  Best regards,
  Niall O'Reilly

More information about the dhcp-users mailing list