[c-nsp] dhcp relay trusted interfaces on ios-xe/asr-1000
Mike
mike-cisconsplist at tiedyenetworks.com
Thu Feb 11 17:46:06 EST 2016
Hi,
I have a tengig interface with a subinterface configured that
handles dhcp relay. If I disable ip dhcp relay trusted globally, and
then add 'ip dhcp relay information trusted' to the sub-interface, the
output of 'sh ip dhcp relay information trusted-sources' tells me that
only TenGigabitEthernet itself is a trusted source:
List of trusted sources of relay agent information option:
TenGigabitEthernet
I am expecting to be able to limit to just the sub-interface since there
are many vlans here and some I don't want to trust. My sub-inteface is
configured thusly:
interface TenGigabitEthernet0/1/0.100400
encapsulation dot1Q xxx second-dot1q yyy
ip dhcp relay information trusted
ip address xxx.yyy.zzz.1 255.255.224.0
ip helper-address xxx.yyy.xxx.10
ipv6 enable
end
The primary tengig is this in case it matters:
interface TenGigabitEthernet0/1/0
mtu 9216
no ip address
plim ethernet vlan filter disable
service instance 24 ethernet
encapsulation dot1q 24
rewrite ingress tag pop 1 symmetric
bridge-domain 24
!
end
Any clue on this?
Thanks in advance.
More information about the cisco-nsp
mailing list