|
Posted by Piotr on September 26, 2008, 8:44 am
I've applied following config to the cat3750POE switch:
mac access-list extended Allowed_MACs
permit host 0007.3bc2.a111 any
permit host 001d.0900.8a14 any
permit host 0007.3bc2.4da4 any
permit host 0007.3bc2.3fea any
deny any any
interface range FastEthernet1/0/25 - 30
[CUT]
mac access-group OpenSpace_HotDesks_Allowed in
To problem is that I'm still able to get IP address from DHCP server -
ip helper address is configured. Further access
(pings/traceroute/tcp/udp) is blocked as excpected.
Is it a default behaviour or a bug? I suspect ip helper address catching
DHCP messages before the MAC ACL.
I would like to make complete traffic filtering based on MACs without
ability to get IP from DHCP. Also I want users to be able to plug into
any of those 5 ports with MAC listed on the ACL.
Any ideas?
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map