cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1286
Views
0
Helpful
2
Replies

ACL for DHCP

Kane Smith
Level 1
Level 1
 
2 Replies 2

kuldeep_dubey
Cisco Employee
Cisco Employee
Hi Kane,
Since we have DHCP in picture, you cannot have specific IP addresses in the ACL. Therefore, your ACL should look like:
"access-list ABC extended permit udp any any eq 53 ". This should be applied in INBOUND direction on the interface connected to the LAN with lower Security-level.
AND, "access-list abc extended permit udp any eq 53 any" in INBOUND direction on interface connected to the LAN in which you have the DHCP server.

Regards
Kuldeep

OR
access-list abc line 1 extended permit udp host 0.0.0.0 host 255.255.255.255 eq domain ---> on OUT interface in IN direction.
and
access-list abc line 2 extended permit udp host <DHCP_server_IP> eq domain host 255.255.255.255 ----> on IN interface in IN direction.

(Only in case of Cisco Devices)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: