I have a configuration question regarding Bridging in IOS and would welcome feedback on how I can approach this.
Scenario:
Two Ethernet interfaces on 1 physical router, both in the same bridge group and bridging is enabled.
We then have two physical segments, i.e. e1 and e2
We have a windows workstation and dhcp server on e1 segment
The workstation will broadcast for the DHCP server and, server will respond as normal
Goal:
To deny all DHCP packets/frames from entering the e2 segment, by denying through a MAC or ACL filter.
Question;
Is it possible to deny broadcast packets when bridging is enabled?
And if so;
Would you use a extended IP ACL or a MAC filter?
(Would IOS allow this as it seems to me to break bridging logic?).
Thanks in advance,
Craig.
I.e.
Packet DHCPDISCOVER
Client IP Address 0.0.0.0
Server IP Address 0.0.0.0
GI Address 0.0.0.0
Packet Source MAC Address 0005.DCC9.C640
Packet Source IP Address 0.0.0.0
Client UDP Source Port 68
Packet Destination MAC Address ffff.ffff.fffff (broadcast)
Packet Destination IP Address 255.255.255.255
Client UDP Dest Port 67