Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
1
Replies

ip dhcp relay and mac access-list on Nexus

adenter
Level 1
Level 1

‎11-04-2010 04:34 PM - edited ‎03-06-2019 01:53 PM

Running NXOS 4.2(3) on 7K x2 with hsrp between the two each has two identical VDC.

VLAN 162 supports a network with a /23 DHCP scope.  VLAN interfaces both have 'ip dhcp relay address X.X.X.X' configured.

Current scope exhausted and looking for a short term fix to limit devices based on vendor mac addresses.  (WIFI network)

Created port based mac access-lists and applied to physical ports that connect to WLC.  Added mac packet-classify.

This works to block the vendor macs I targeted from communicating only after they get an IP address.  It doesn't stop them from getting an IP address initially.  Manual client exclusion is a pain on the WLC.

I think the DHCP RELAY process must be served before the access-list is inspected. 

Has anyone else run into this or can think of a work-around?

oh, I couldn't get vlan filter to work either.

Labels:
0 Helpful
1 Reply 1

Ian Jay
Level 1
Level 1

‎11-04-2010 11:16 PM

Hi Adam,

Can you be a little clearer on the symptoms you are seeing? Is DHCP succeeding and IP being blocked? Or is the ACL not working at all?

DHCP packets should be blocked as they are non-IP packets. Using MAC ACL with the packet classify disabled should block DHCP and allow you to preserve your scoped addresses.

The only other option would be MAB, but this is not a short term solution.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_4.2_chapter13.html

/ijay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card