We are starting to get a bit short on IPv4 addresses. One problem we face from time to time is customers plugging the cable into the LAN port instead of the WAN port on their router. This allows them to pull a public address for each Device on their network.
I plan to set up IPv6 with nated IPv4. But until then is there any way to only allow one dynamic IPv4 address per LUID?
I could set up NAT on each SM but we have 2000+ of them. That is what I currently do as a band aid when I find them.
I know that some big ISPs only allow DHCP to the mac addresses of their routers. The problem is that we have an open router policy. We do not restrict what router the customers use.
I have thought of getting a list of router Companies Mac addresses and only allowing that. But My list might not be comprehensive enough.
Are there any settings that can be set on PMP to help with this problem?
There is no way to configure the AP/SM to only allow a single DHCP request per SM. You can filter DHCP, but that would block all DHCP requests, which doesn't help you in this scenario.
We do have an option that would provide this information to your DHCP server (if it can use it).
On the AP, under the Configuration -> General tab, there's a DHCP Relay Agent section. For the DHCP Relay Agent, turn on "Enable - Only Insert Option 82".
This will not enable full DHCP Relay, so the DHCP messages will simply have option 82 inserted as they pass through the AP. When the AP inserts option 82:
Sub-option 1, Circuit ID (circuit-id) contains the MAC address of the AP
Sub-option 2, Agent ID (agent-id) contains the MAC address of the SM
If it's possible to configure your DHCP server to make decisions based on agent-id, you may be able to restrict it to giving out only one IP address per agent. This way, if your customer plugged into the wrong port, only the first device would get an address. They'd have to wait until the lease timed out (or you otherwise cleared it from the server) before getting one for a different device.
Should it not be possible to configure your DHCP server in this way, the best alternative is probably going to be restricting based on MAC address, as you have been considering.
