Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
2
Replies

Aironet 1100 ACL Question

andrewjackson
Level 1
Level 1

‎08-13-2003 10:53 AM - edited ‎07-04-2021 08:56 AM

Good Morning,

Our 1100ap is setup as a DHCP server. I've attempted to add an access-list to f0 that blocks bootpc and bootps requests from coming on that interface so that addresses will only be assigned on requests coming in on the Dot11Radio0 interface:

interface FastEthernet0

no ip address

ip access-group 111 in

Extended IP access list 111

deny udp any host xxx.xxx.xxx.23 eq bootpc

deny udp any host xxx.xxx.xxx.23 eq bootps

permit ip any any

Unfortunately this does not work. IP addresses are still being assigned to machines on the f0 side of the AP. Neither does setting the access-group to outbound work. My understanding of ACLs on switches is that the explicit denys have to come before the permit statements. Not much experience with ACLs yet, but I'm learning.

Thanks,

Andrew

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎08-21-2003 07:18 AM

I think this is a good document to start learning,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12211ja/i12211sc/s11filt.htm

0 Helpful

MATTHEW BALYUZI
Level 1
Level 1

‎08-26-2003 06:45 AM

But the initial dhcp request from the wired (f0) side will not be to xxx.xxx.xxx.23, it will be a broadcast (from 0.0.0.0 to 255.255.255.255). You need to block those requests too.

Hope that helps,

Matt

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card