Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NX-OS DHCP relay - get rid of VACL filtering?

Hello,

   Nexus dhcp relay does filter DISCOVER|OFFER broadcasts at layer 2.

Is there a way to get rid of those filters?

Adding dhcp relay addresses is not a viable option, since we don't

even know the addresses of all dhcp servers in all subnets.

Currently we have one 10G port per building and Nexus;  vlans do

span several buildings. Thus, l2 filtering is rather pointless.

Moreover, dhcp VACLs seem to interfere with RPF checks as well as

with regular l3 ip ACLs, at least when using multiple routers per vlan

(HSRP). DHCP OFFERs seeminly get dropped when routed across the

"wrong" Nexus (i.e., not the one originally having forwarded the

DISCOVER).

Any helpful ideas?

Regards,

   J. Vreemann

1 REPLY
New Member

NX-OS DHCP relay - get rid of VACL filtering?

Oops - the "ACL interference" phenomenon is not related to dhcp relay.

In an "out" ip ACL,

  40 remark ---- dhcp replies

  50 permit udp any eq 67 any

works, while

  40 remark ---- dhcp replies

  50 permit udp any any eq 68

does not. Uh...

--JV

361
Views
0
Helpful
1
Replies