Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
2
Helpful
2
Replies

MAC filtering - DHCP issue

gdevesco
Level 1
Level 1

‎05-07-2004 01:30 AM - edited ‎07-04-2021 09:37 AM

Hi all,i'm experincing some trouble about a 1100 access point and a/b/g cardbus adapters AIR-CB21AG-E-K9.The AP seems to work correctly with WLAN clients statically IP addressed, but the client doesn't obtain a DHCP address. Tried to disable MAC filtering, the problem disappears, but the policy of my customer is that the MAC filtering is to be enabled.Maybe i'm wrong,i've 3 client adapters and applied their MAC list to the radio interface. Here the AP config, can you help me ?

Thanks

Giovanni

Using 2367 out of 32768 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret xxxxxxx

!

username xxx password xxxx

ip subnet-zero

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption key 1 size 128bit xxxxxxxxxxxxxxxxxxxxxxxxxx transmit-key

encryption mode wep mandatory mic

!

ssid YYYYYYYYYY

authentication open

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.

54.0

rts threshold 2312

station-role root

l2-filter bridge-group-acl

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 10.236.8.10 255.255.255.0

ip access-group 101 in

no ip route-cache

!

ip default-gateway 10.236.8.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/ea

/ivory/1100

ip radius source-interface BVI1

access-list 101 permit icmp any any

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq www

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq telnet

access-list 101 permit tcp host 10.236.8.29 host 10.236.8.10 eq 22

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq www

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq telnet

access-list 101 permit tcp host 10.236.8.30 host 10.236.8.10 eq 22

access-list 101 deny ip any any

access-list 700 permit 0040.96a2.9077 0000.0000.0000

access-list 700 permit 0040.96a2.8be6 0000.0000.0000

access-list 700 permit 0040.96a2.907d 0000.0000.0000

access-list 700 deny 0000.0000.0000 ffff.ffff.ffff

bridge 1 route ip

!

!

line con 0

line vty 0 4

login local

line vty 5 15

login

!

Labels:
0 Helpful
2 Replies 2

kmarrero
Level 4
Level 4

‎05-10-2004 06:06 AM

The DHCP request is a layer 2 and layer 3 broadcast which you are filtering.

The server sends a DHCPACK response and it is a L3 broadcast and a L2 unicast as well. You need to allow UDP ports 67 and 68 through your ACL.

gdevesco
Level 1
Level 1
In response to kmarrero

‎05-10-2004 08:14 AM

Thanks for your reply,Kyle.Sorry but i've not understood where i could allow those ports: i thought

that ACL 700 as configured is only to permit in input to the radio intf the traffic of the frames with the source and destination MAC of my wireless clients and L3 is not to be checked.I thought also that FFFF.FFFF.FFFF is to be passed, where i'm wrong ? (i'm new to L2 ACLs)

Thanks for your patience

Giovanni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card