[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cisco-nsp
Subject:    [c-nsp] dhcp relay trusted interfaces on ios-xe/asr-1000
From:       Mike <mike-cisconsplist () tiedyenetworks ! com>
Date:       2016-02-11 22:46:06
Message-ID: 56BD0F2E.2010702 () tiedyenetworks ! com
[Download RAW message or body]

Hi,

     I have a tengig interface with a subinterface configured that 
handles dhcp relay. If I disable ip dhcp relay trusted globally, and 
then add 'ip dhcp relay information trusted' to the sub-interface, the 
output of 'sh ip dhcp relay information trusted-sources' tells me that 
only TenGigabitEthernet itself is a trusted source:


List of trusted sources of relay agent information option:
TenGigabitEthernet

I am expecting to be able to limit to just the sub-interface since there 
are many vlans here and some I don't want to trust. My sub-inteface is 
configured thusly:


interface TenGigabitEthernet0/1/0.100400
  encapsulation dot1Q xxx second-dot1q yyy
  ip dhcp relay information trusted
  ip address xxx.yyy.zzz.1 255.255.224.0
  ip helper-address xxx.yyy.xxx.10
  ipv6 enable
end


The primary tengig is this in case it matters:

interface TenGigabitEthernet0/1/0
  mtu 9216
  no ip address
  plim ethernet vlan filter disable
  service instance 24 ethernet
   encapsulation dot1q 24
   rewrite ingress tag pop 1 symmetric
   bridge-domain 24
  !
end


Any clue on this?

Thanks in advance.

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]