[c-nsp] dhcp relay trusted interfaces on ios-xe/asr-1000

Mike mike-cisconsplist at tiedyenetworks.com
Thu Feb 11 17:46:06 EST 2016


     I have a tengig interface with a subinterface configured that 
handles dhcp relay. If I disable ip dhcp relay trusted globally, and 
then add 'ip dhcp relay information trusted' to the sub-interface, the 
output of 'sh ip dhcp relay information trusted-sources' tells me that 
only TenGigabitEthernet itself is a trusted source:

List of trusted sources of relay agent information option:

I am expecting to be able to limit to just the sub-interface since there 
are many vlans here and some I don't want to trust. My sub-inteface is 
configured thusly:

interface TenGigabitEthernet0/1/0.100400
  encapsulation dot1Q xxx second-dot1q yyy
  ip dhcp relay information trusted
  ip address xxx.yyy.zzz.1
  ip helper-address xxx.yyy.xxx.10
  ipv6 enable

The primary tengig is this in case it matters:

interface TenGigabitEthernet0/1/0
  mtu 9216
  no ip address
  plim ethernet vlan filter disable
  service instance 24 ethernet
   encapsulation dot1q 24
   rewrite ingress tag pop 1 symmetric
   bridge-domain 24

Any clue on this?

Thanks in advance.

More information about the cisco-nsp mailing list