Re: ACLs on bridged FastEthernet

d.bigerstaff · ‎08-11-2006

I am using a 2811 router with the following configuration:

bridge irb

interface FastEthernet0/0

description internal network connection

no ip address

duplex auto

speed auto

bridge-group 1

interface FastEthernet0/1

no ip address

duplex auto

speed auto

bridge-group 1

interface BVI1

ip address 192.168.10.10 255.255.255.0

access-list 110 deny udp any eq bootpc any

access-list 110 deny udp any eq bootps any

access-list 110 permit tcp any any

access-list 110 permit udp any any

access-list 110 permit ip any any

bridge 1 protocol ieee

bridge 1 route ip

I also have the DHCP service turned on. The set up I am aiming for is for DHCP to be enabled only on fa0/1.

My problem is that i cant apply that ACL to either fa0/0 or fa0/1 but only bvi1 which effects both.

Is there any way i can do this with bridging?

Kevin Dorrell · ‎08-11-2006

Unfortunately not. The ACL controls IP, and so is applied to a layer 3 interface. In this case the layer 3 interface is the BVI. The two FastEthernet interfaces are effectively just a two-port switch (or three-port if you count the BVI as well.)

Kevin Dorrell

Luxembourg

d.bigerstaff · ‎08-11-2006

Earlier this morning i had the router bridged without the BVI with fa0/0 and fa0/1 on sequential IPs, with IP Routing turned off. With this setup DHCP wouldnt work.

I'm trying to set this up because this router has call manager on it and we're wanting to use it as a demo unit. We're trying to set it up so we can just remove it from our network, which has dhcp via alternate means, but when we take it out there's DHCP on the other port.