Running NXOS 4.2(3) on 7K x2 with hsrp between the two each has two identical VDC.
VLAN 162 supports a network with a /23 DHCP scope. VLAN interfaces both have 'ip dhcp relay address X.X.X.X' configured.
Current scope exhausted and looking for a short term fix to limit devices based on vendor mac addresses. (WIFI network)
Created port based mac access-lists and applied to physical ports that connect to WLC. Added mac packet-classify.
This works to block the vendor macs I targeted from communicating only after they get an IP address. It doesn't stop them from getting an IP address initially. Manual client exclusion is a pain on the WLC.
I think the DHCP RELAY process must be served before the access-list is inspected.
Has anyone else run into this or can think of a work-around?
oh, I couldn't get vlan filter to work either.