Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
0
Helpful
2
Replies

ACL for DHCP

Kane Smith
Level 1
Level 1

‎06-11-2019 04:33 AM - edited ‎06-11-2019 04:56 AM

 
Labels:
0 Helpful
2 Replies 2

kuldeep_dubey
Cisco Employee
Cisco Employee

‎06-11-2019 05:00 AM

Hi Kane,
Since we have DHCP in picture, you cannot have specific IP addresses in the ACL. Therefore, your ACL should look like:
"access-list ABC extended permit udp any any eq 53 ". This should be applied in INBOUND direction on the interface connected to the LAN with lower Security-level.
AND, "access-list abc extended permit udp any eq 53 any" in INBOUND direction on interface connected to the LAN in which you have the DHCP server.

Regards
Kuldeep
0 Helpful

kuldeep_dubey
Cisco Employee
Cisco Employee
In response to kuldeep_dubey

‎06-11-2019 05:08 AM

OR
access-list abc line 1 extended permit udp host 0.0.0.0 host 255.255.255.255 eq domain ---> on OUT interface in IN direction.
and
access-list abc line 2 extended permit udp host <DHCP_server_IP> eq domain host 255.255.255.255 ----> on IN interface in IN direction.

(Only in case of Cisco Devices)
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card