[c-nsp] Limiting DHCP on a Bridge Group

Garry gkg at gmx.de
Wed Feb 10 14:38:46 EST 2010


On 10.02.2010 20:30, David Prall wrote:
> I think the match interface is looking at where the policy is assigned. I
> know the policy isn't supported on the physical interfaces. I have to do all
> my QoS on fa4 inbound.
> 
> Why not place an acl on the vlan interface for the wired ports. Not sure if
> it would be hit first, or if the bvi would capture it.

I recon it ends up in the BVI, as adding the access-list to vlan1 ends
up with no hits, while adding the same to the BVI increases the hit
counter correctly, and dhcp requests are blocked ... but BVI won't help
as it would also block the requests on wlan ...


More information about the cisco-nsp mailing list