Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
1
Replies

NX-OS DHCP relay - get rid of VACL filtering?

jvreemann
Level 1
Level 1

‎08-29-2012 02:36 AM - edited ‎03-07-2019 08:35 AM

Hello,

   Nexus dhcp relay does filter DISCOVER|OFFER broadcasts at layer 2.

Is there a way to get rid of those filters?

Adding dhcp relay addresses is not a viable option, since we don't

even know the addresses of all dhcp servers in all subnets.

Currently we have one 10G port per building and Nexus;  vlans do

span several buildings. Thus, l2 filtering is rather pointless.

Moreover, dhcp VACLs seem to interfere with RPF checks as well as

with regular l3 ip ACLs, at least when using multiple routers per vlan

(HSRP). DHCP OFFERs seeminly get dropped when routed across the

"wrong" Nexus (i.e., not the one originally having forwarded the

DISCOVER).

Any helpful ideas?

Regards,

   J. Vreemann

Labels:
0 Helpful
1 Reply 1

jvreemann
Level 1
Level 1

‎08-29-2012 05:38 AM

Oops - the "ACL interference" phenomenon is not related to dhcp relay.

In an "out" ip ACL,

  40 remark ---- dhcp replies

  50 permit udp any eq 67 any

works, while

  40 remark ---- dhcp replies

  50 permit udp any any eq 68

does not. Uh...

--JV

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card