12-17-2015 04:53 PM - edited 03-05-2019 02:57 AM
hey I'm adding an ACL to my wan interface that gets a public ip from my isp. but when ever i add it i can no longer get my ip via dhcp
!
interface GigabitEthernet0/1
bandwidth 115000
ip address dhcp
ip access-group 110 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in max-reassemblies 1000
load-interval 30
duplex auto
speed auto
no cdp enable
!
at first i had it like
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any redirect log
access-list 110 deny icmp any any mask-request
access-list 110 permit ip any any
!
I know that "deny ip host 0.0.0.0 any" is suposed to stop dhcp but why is my list also stopping it
!
right now all i have is to at least not reply to pings
!
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any
access-list 110 permit ip any any
!
Solved! Go to Solution.
12-17-2015 05:30 PM
Try adding the following ACE-
access-list 110 permit udp any any eq bootpc
12-17-2015 05:30 PM
Try adding the following ACE-
access-list 110 permit udp any any eq bootpc
12-18-2015 06:25 AM
ok so i added back
!
access-list 110 permit udp any any eq bootpc
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 deny icmp any any echo log
access-list 110 deny icmp any any redirect log
access-list 110 deny icmp any any mask-request
access-list 110 permit ip any any
!
and after a shut no shut the interface got an IP!!!! thanks a ton!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide