08-13-2003 10:53 AM - edited 07-04-2021 08:56 AM
Good Morning,
Our 1100ap is setup as a DHCP server. I've attempted to add an access-list to f0 that blocks bootpc and bootps requests from coming on that interface so that addresses will only be assigned on requests coming in on the Dot11Radio0 interface:
interface FastEthernet0
no ip address
ip access-group 111 in
Extended IP access list 111
deny udp any host xxx.xxx.xxx.23 eq bootpc
deny udp any host xxx.xxx.xxx.23 eq bootps
permit ip any any
Unfortunately this does not work. IP addresses are still being assigned to machines on the f0 side of the AP. Neither does setting the access-group to outbound work. My understanding of ACLs on switches is that the explicit denys have to come before the permit statements. Not much experience with ACLs yet, but I'm learning.
Thanks,
Andrew
08-21-2003 07:18 AM
I think this is a good document to start learning,
08-26-2003 06:45 AM
But the initial dhcp request from the wired (f0) side will not be to xxx.xxx.xxx.23, it will be a broadcast (from 0.0.0.0 to 255.255.255.255). You need to block those requests too.
Hope that helps,
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide