[c-nsp] Limiting DHCP on a Bridge Group
Garry
gkg at gmx.de
Wed Feb 10 12:50:09 EST 2010
Hi,
I've got a setup that could use some tweaking ...
CPE is a 876W, with the 4 wired switch ports (read: VLAN1) and the WLAN
being in a bridge group, LAN ip on the BVI1 interface.
LAN ports are only for designated boxes, while there are select users
that may use the WLAN link to connect. For those, the router is running
as a DHCP server, too.
Anyway, I would like to limit the DHCP answers to just the WLAN link. I
know I could go ahead and just split up the bridge group, with routing
between the networks, but due to some other requirements, WLAN and wired
lan needs to be in the same broadcast domain (at least unless the
customer goes through some major reconfiguration).
I've received some suggestion as to using a policy map with class maps
matching on proto dhcp and the incoming interfaces, dropping the traffic
when it matched, while still forwarding the class default ... anyway, I
tried setting that up, but still got DHCP on the FE ports ...
Any other suggestions? Or some hint on what I missed? Here's an excerpt
from the config ...
---
class-map match-all NODHCP
match protocol dhcp
match input-interface FastEthernet0
class-map match-all NODHCP1
match protocol dhcp
match input-interface FastEthernet1
class-map match-all NODHCP2
match protocol dhcp
match input-interface FastEthernet2
class-map match-all NODHCP3
match protocol dhcp
match input-interface FastEthernet3
policy-map NODHCP
class NODHCP
drop
class NODHCP1
drop
class NODHCP2
drop
class NODHCP3
drop
class class-default
!
interface BVI1
ip address 10.1.1.1 255.255.255.0
service-policy input NODHCP
Help appreciated, -garry
More information about the cisco-nsp
mailing list