cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
5
Helpful
2
Replies

ACL keeps stopping dhcp?

jasonbrown23
Level 1
Level 1

hey I'm adding an ACL to my wan interface that gets a public ip from my isp. but when ever i add it i can no longer get my ip via dhcp 

!
interface GigabitEthernet0/1
bandwidth 115000
ip address dhcp
ip access-group 110 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in max-reassemblies 1000
load-interval 30
duplex auto
speed auto
no cdp enable
!

at first i had it like 

access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any redirect log
access-list 110 deny icmp any any mask-request
access-list 110 permit ip any any

I know that "deny ip host 0.0.0.0 any" is suposed to stop dhcp but why is my list also stopping it 

!

right now all i have is to at least not reply to pings

!

access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any
access-list 110 permit ip any any 

!

 

 

1 Accepted Solution

Accepted Solutions

Collin Clark
VIP Alumni
VIP Alumni

Try adding the following ACE-

access-list 110 permit udp any any eq bootpc

View solution in original post

2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

Try adding the following ACE-

access-list 110 permit udp any any eq bootpc

ok so i added back 

!

access-list 110 permit udp any any eq bootpc
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any redirect log
access-list 110 deny icmp any any mask-request
access-list 110 permit ip any any
!

and after a shut no shut the interface got an IP!!!! thanks a ton!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: