MAC filtering - DHCP issue

gdevesco — Sun, 04 Jul 2021 16:37:07 GMT

Hi all,i'm experincing some trouble about a 1100 access point and a/b/g cardbus adapters AIR-CB21AG-E-K9.The AP seems to work correctly with WLAN clients statically IP addressed, but the client doesn't obtain a DHCP address. Tried to disable MAC filtering, the problem disappears, but the policy of my customer is that the MAC filtering is to be enabled.Maybe i'm wrong,i've 3 client adapters and applied their MAC list to the radio interface. Here the AP config, can you help me ?

Thanks

Giovanni

Using 2367 out of 32768 bytes

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname ap

enable secret xxxxxxx

username xxx password xxxx

ip subnet-zero

bridge irb

interface Dot11Radio0

no ip address

no ip route-cache

encryption key 1 size 128bit xxxxxxxxxxxxxxxxxxxxxxxxxx transmit-key

encryption mode wep mandatory mic

ssid YYYYYYYYYY

authentication open

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.

54.0

rts threshold 2312

station-role root

l2-filter bridge-group-acl

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

interface BVI1

ip address 10.236.8.10 255.255.255.0

ip access-group 101 in

no ip route-cache

ip default-gateway 10.236.8.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/ea

/ivory/1100

ip radius source-interface BVI1

access-list 101 permit icmp any any

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq www

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq telnet

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq 22

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq www

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq telnet

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq 22

access-list 101 deny ip any any

access-list 700 permit 0040.96a2.9077 0000.0000.0000

access-list 700 permit 0040.96a2.8be6 0000.0000.0000

access-list 700 permit 0040.96a2.907d 0000.0000.0000

access-list 700 deny 0000.0000.0000 ffff.ffff.ffff

bridge 1 route ip

line con 0

line vty 0 4

line vty 5 15

Re: MAC filtering - DHCP issue

kmarrero — Mon, 10 May 2004 13:06:40 GMT

The DHCP request is a layer 2 and layer 3 broadcast which you are filtering.

The server sends a DHCPACK response and it is a L3 broadcast and a L2 unicast as well. You need to allow UDP ports 67 and 68 through your ACL.

Re: MAC filtering - DHCP issue

gdevesco — Mon, 10 May 2004 15:14:17 GMT

Thanks for your reply,Kyle.Sorry but i've not understood where i could allow those ports: i thought

that ACL 700 as configured is only to permit in input to the radio intf the traffic of the frames with the source and destination MAC of my wireless clients and L3 is not to be checked.I thought also that FFFF.FFFF.FFFF is to be passed, where i'm wrong ? (i'm new to L2 ACLs)

Thanks for your patience

Giovanni

topic Re: MAC filtering - DHCP issue in Wireless

MAC filtering - DHCP issue

Re: MAC filtering - DHCP issue

Re: MAC filtering - DHCP issue