If nobody else has mentioned it, translation bridging is what will do this as well.
-----Original Message----- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Wednesday, March 11, 2015 10:52 AM To: af@afmug.com Subject: Re: [AFMUG] DHCP backfeed DHCP: On Canopy go to filters, check uplink and bootp server. On most others make a firewall rule dropping port 67 I would also say it's safe and desirable to drop multicast traffic and rate limit broadcast traffic. ....both of which are built-in features on Canopy. Limiting to one IP in bridge mode is a frustrating problem. On some platforms (ePMP) you can set a maximum number of bridge table entries. That might be the best way, but it's a depressingly uncommon feature. On Canopy, or other platforms that support DHCP option 82, you can set up a rule in your DHCP server saying that one SM MAC address gets one lease. The only trouble with that is if you change what's plugged in, then you have to wait for the old lease to expire before you get a new IP, so a very short lease time is mandatory. You can do one form or another of static assignments, but that's my least favorite thing in the world. It becomes more and more obnoxious the more customers you have. You can also go to NAT mode, and that's my second most least favorite thing in the world. > I’m curious what everyone does to prevent a customer from pulling more than > one IP address without using PPPoE, and how do you prevent their router from > backfeeding it’s DCHP server onto your network if they plug in the cable to a > LAN port instead of the WAN port? > > Thank you, > Brett A Mansfield > Silver Lake Internet
