Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1163
Views
0
Helpful
0
Replies

DHCP MAC filtering

Ed Groves
Level 1
Level 1

‎11-25-2015 05:22 AM - edited ‎03-01-2019 02:57 PM

How do you get round this when trying to specify devices for dhcp based on MAC address 

 

mac access-list extended RUCKUS

deny    F0B0.5200.0000  0000.00FF.FFFF  any

deny    E010.7F00.0000  0000.00FF.FFFF  any

deny    D468.4D00.0000  0000.00FF.FFFF  any

deny    C410.8A00.0000  0000.00FF.FFFF  any

deny    C401.7C00.0000  0000.00FF.FFFF  any

deny    C0C5.2000.0000  0000.00FF.FFFF  any

deny    C08A.DE00.0000  0000.00FF.FFFF  any

deny    AC67.0600.0000  0000.00FF.FFFF  any

deny    94F6.6500.0000  0000.00FF.FFFF  any

deny    8C0C.9000.0000  0000.00FF.FFFF  any

deny    8418.3A00.0000  0000.00FF.FFFF  any

deny    7491.1A00.0000  0000.00FF.FFFF  any

deny    6CAA.B300.0000  0000.00FF.FFFF  any

deny    6892.3400.0000  0000.00FF.FFFF  any

deny    58B6.3300.0000  0000.00FF.FFFF  any

deny    5893.9600.0000  0000.00FF.FFFF  any

deny    543D.3700.0000  0000.00FF.FFFF  any

deny    50A7.3300.0000  0000.00FF.FFFF  any

deny    38FF.3600.0000  0000.00FF.FFFF  any

deny    2CE6.CC00.0000  0000.00FF.FFFF  any

deny    2CC5.D300.0000  0000.00FF.FFFF  any

deny    2C5D.9300.0000  0000.00FF.FFFF  any

deny    24C9.A100.0000  0000.00FF.FFFF  any

deny    044F.AA00.0000  0000.00FF.FFFF  any

deny    0025.C400.0000  0000.00FF.FFFF  any

deny    0024.8200.0000  0000.00FF.FFFF  any

deny    0022.7F00.0000  0000.00FF.FFFF  any

deny    001F.4100.0000  0000.00FF.FFFF  any

deny    001D.2E00.0000  0000.00FF.FFFF  any

deny    0013.9200.0000  0000.00FF.FFFF  any

permit  any     any

 

ip access-list extended DHCP

permit udp any any eq bootps

 

class-map match-all RUCKUS-DHCP

match access-group name DHCP

match access-group name RUCKUS

 

policy-map RUCKUS-DHCP

class RUCKUS-DHCP

police cir 32000 bc 64 be 64 conform-action drop exceed-action drop violate-action drop

 

int vlan 1

service-policy input RUCKUS-DHCP

 

ip dhcp excluded-address 172.16.10.1 172.16.11.0

!

ip dhcp pool RUCKUS-DHCP

network 172.16.10.0 255.255.254.0

default-router 172.16.10.1

dns-server 8.8.8.8 8.8.4.4

 

This is what i get when trying to do this:

CORE class-map match-all RUCKUS-DHCP

CORE(config-cmap)#match access-group name DHCP

CORE(config-cmap)#match access-group name RUCKUS

%Ip match criteria such as DSCP, precedence, IP v4/v6 ACL not supported with MAC ACL in the same class map.

%Command rejected!

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents