I need to make sure that on 1 trunk port all DHCP request/responses will not pass. In the documentation for 3750 they say that extended ip ACL can be assigned to L2 port as input ACL, if the port is trunk then traffic for all VLANs will be filtered. To prove it I created following ip extended ACL:
permit udp any eq bootps any
permit ip any any
and I assigned it as ip access-group ACL on L2 trunk port.
However I can not see any match and also permit ip any any hits are far away from all incoming packets counter that interface. Am I missing something?
I suspect that the counters are not reliable because most of the processing is being done in the ASIC. I know, for example, that if you put a service policy on an interface and do a show policy-map interface, the counters are rubbish.
I don't know how you would get round this. Perhaps do a service policy with a drop on DHCP class, and then use the QoS accounting tools to view the counters.
Thanks, but I do not really care about the counters, I just need confirmation that assigning IP acl to L2 trunk interface with right deny (deny udp any bootps any bootpc) will filter DHCP responses from server on that port.
I've had success blocking NetBIOS like this on Catalyst 2940, 2960, and 3560 switches.
Another option specific to DHCP might be to turn on DHCP snooping and make the specific port untrusted (thus allowing DHCP requests to come from the port, but not DHCP assignments). Hopefully I'm understanding your scenario correctly.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.