IOS Bridging Config & DHCP ACL/MAC Filtering

Unanswered Question
Dec 6th, 2002
User Badges:

I have a configuration question regarding Bridging in IOS and would welcome feedback on how I can approach this.


Two Ethernet interfaces on 1 physical router, both in the same bridge group and bridging is enabled.

We then have two physical segments, i.e. e1 and e2

We have a windows workstation and dhcp server on e1 segment

The workstation will broadcast for the DHCP server and, server will respond as normal


To deny all DHCP packets/frames from entering the e2 segment, by denying through a MAC or ACL filter.


Is it possible to deny broadcast packets when bridging is enabled?

And if so;

Would you use a extended IP ACL or a MAC filter?

(Would IOS allow this as it seems to me to break bridging logic?).

Thanks in advance,




Client IP Address

Server IP Address

GI Address

Packet Source MAC Address 0005.DCC9.C640

Packet Source IP Address

Client UDP Source Port 68

Packet Destination MAC Address ffff.ffff.fffff (broadcast)

Packet Destination IP Address

Client UDP Dest Port 67

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rsissons Sun, 12/08/2002 - 18:33
User Badges:
  • Bronze, 100 points or more

I am not clear from your question whether you are bridging or routing your IP traffic.

If you are routing it, the default, then the mac level filter will not apply and you will need to use an extended ip filter. However, by default, broadcast traffic, ie dest address, is not forwarded anyway. You have to explicitly configure the router to do this, 'ip forward-protocol' etc.

If you are bridging the ip traffic, 'no ip routing' global command specified, and NOT recommended, then you would need to use a mac level filter since ip access lists no longer apply.


This Discussion