Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ACL to filter ports by DHCP scope on same subnet

Jon Ferrara
Occasional Contributor

ACL to filter ports by DHCP scope on same subnet

I am in the preliminary stages of setting up a NAC (Network access control) solution. My goal is to set up multiple DHCP scopes (Authorized, restricted, and quarantined) based on authentication.

My question is, can I set up ACLs based upon a range of IP addresses or must they be setup by network (ie create additional networks on my lan, and issues DHCP to each network). I would like to keep my routing config as is and just use 3 ranges in my existing subnet. Any help or direction is much appreciated.

Jon
1 REPLY
Dmitry G. Spitsyn
Trusted Contributor

Re: ACL to filter ports by DHCP scope on same subnet

Hi, Jon !

IMHO it's better to configure 3 VLANs (authorized, restricted, and quarantined) for 3 different subnets appropriately and use helper address to enable access to DHCP server in management VLAN.
Authorized users shouldn't be in the same broadcast domain as restricted or quarantined.
You can use ACLs then to control access for the users (devices) flexibly.

Good luck,
Dmitry