topic Re: ACL for DHCP in Network Security

ACL for DHCP

Kane Smith — Tue, 11 Jun 2019 11:56:49 GMT

Re: ACL for DHCP

kuldeep_dubey — Tue, 11 Jun 2019 12:00:01 GMT

Hi Kane,
Since we have DHCP in picture, you cannot have specific IP addresses in the ACL. Therefore, your ACL should look like:
"access-list ABC extended permit udp any any eq 53 ". This should be applied in INBOUND direction on the interface connected to the LAN with lower Security-level.
AND, "access-list abc extended permit udp any eq 53 any" in INBOUND direction on interface connected to the LAN in which you have the DHCP server.

Regards
Kuldeep

Re: ACL for DHCP

kuldeep_dubey — Tue, 11 Jun 2019 12:08:24 GMT

OR
access-list abc line 1 extended permit udp host 0.0.0.0 host 255.255.255.255 eq domain ---> on OUT interface in IN direction.
and
access-list abc line 2 extended permit udp host <DHCP_server_IP> eq domain host 255.255.255.255 ----> on IN interface in IN direction.

(Only in case of Cisco Devices)