[c-nsp] Limiting DHCP on a Bridge Group
David Prall
dcp at dcptech.com
Wed Feb 10 14:46:35 EST 2010
Garry,
Wondering if you could do the wireless and vlan1 as unnumbered to a
loopback. Then they are two distinct interfaces, on the same subnet. Or
could always split the subnet into two distinct /25's instead of a single
/24.
David
--
http://dcp.dcptech.com
> -----Original Message-----
> From: Garry [mailto:gkg at gmx.de]
> Sent: Wednesday, February 10, 2010 2:39 PM
> To: David Prall
> Cc: 'c-nsp'
> Subject: Re: [c-nsp] Limiting DHCP on a Bridge Group
>
> On 10.02.2010 20:30, David Prall wrote:
> > I think the match interface is looking at where the policy is
> assigned. I
> > know the policy isn't supported on the physical interfaces. I have to
> do all
> > my QoS on fa4 inbound.
> >
> > Why not place an acl on the vlan interface for the wired ports. Not
> sure if
> > it would be hit first, or if the bvi would capture it.
>
> I recon it ends up in the BVI, as adding the access-list to vlan1 ends
> up with no hits, while adding the same to the BVI increases the hit
> counter correctly, and dhcp requests are blocked ... but BVI won't help
> as it would also block the requests on wlan ...
More information about the cisco-nsp
mailing list