09-26-2003 12:18 PM - edited 02-20-2020 09:22 PM
my outside nat interface e0 is configured to receive its address via dhcp, from the outside network. How do I configure an access list to allow the address assignment to make it back to the router? As long as I don't assign an inbound access list it is assigned and IP address.
09-28-2003 05:28 AM
If you are configuring an inbound access list, then you need to permit the DHCP ports. These ports are UDP 67 and UDP 68.
Hope this helps,
09-29-2003 12:55 PM
Configuring the inbound list for UDP 67 and 68 works if the interface currently has an IP address, it does not work if the router is rebooted, or the interface command 'shut', then, 'no shut' is given, and it does not have a current IP address. perhaps a particular protocol id needs to be passed through the access list. Any other thoughts or ideas are appreciated.
09-30-2003 02:42 PM
Those protocols and ports should be fine. However, you are probably going to need to open it up to 'any any' like this:
access-list 101 permit udp any any eq 67
access-list 101 permit udp any any eq 68
Is this what you had?
Scott
09-30-2003 03:20 PM
I had specific DHCP server addresse as in. The segment is open to the internet so I don't want anyone with a server handing me an address, only the trusted one.
access-list 101 permit udp host x.x.x.x any eq 67
access-list 101 permit udp host x.x.x.x any eq 68
The problem, (I think), is the initial state of the port, with no IP address. With the access list removed from the interface the port gets it's DHCP'd address.
10-06-2003 09:21 PM
Does anyone else have any thoughts? I haven't tried this yet, but I'm wondering if perhaps adding the IP Helper-address with the IP of the trusted server will do anything.
10-07-2003 02:45 AM
Hi -
You are on the right track, use IP helper address with the trusted IP address of your DHCP server.
Thanks -
10-07-2003 03:11 AM
Hi -
IP Helper address
> ip helper-address
> no ip helper-address
The above configures IP address to which certain broadcast UDP packets are forwarded, by default it is disabled on the router.
The ip helper-address command sets the helper address to address,. The helper address should be the address of a host that can answer UDP requests from other hosts. The router sees these requests broadcast on a LAN interface and forwards them to the helper address (generally a unicast address) if one is defined. A helper is particularly useful for DHCP requests; without some kind of forwarding, DHCP requires you to have a seperate server on every subnet. By itself, this command forwards packets for the BOOTP (DHCP), DNS, TFTP, TACACS, TIME and also NetBIOS name and datagram services. The ip forward-protocol command can be used to forward additional UDP services.
Example of configuration on interface Ethernet0 to have a helper address:
> interface ethernet0
> ip address 10.10.1.2 255.255.255.0
> ip helper address 10.10.2.5
I hope this helps out on you issue, let me know how you get on.
Thanks - Jay.
10-26-2003 08:52 PM
Unfortunately this didn't help. We have decided to use a static address. I'll visit this one again, and hopefully figure it out. Thanks for all your suggestions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide