Cisco Community
English
Register
We have 1 million community members! Join the celebration! Learn how.
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
946
Views
0
Helpful
1
Replies
Joe Lee
Beginner
Beginner
‎03-31-2015 07:15 PM
‎03-31-2015 07:15 PM

DHCP Port Open

Hello,

 

We configured two subnets on the switch, one is for employee, one is for student. We don't want the student student access to the employee subnet. The DHCP server is setup at employee subnet - 192.168.100.2.  We are not able to pull the IP address from the DHCP server at the VLAN20, but when we remove the "ip access-group 100 in" at VLAN 20, and it works fine. What ports should we open at the access list 100. Please advise.

 

Thanks,

Joe

 

Int vlan 2

ip address 192.168.100.1 255.255.255.0

!

int vlan 20

ip address 192.168.200.1 255.255.255.0

ip access-group 100 in

ip helper-address 192.168.100.2

!

access-list 100 permit udp 192.168.0.0 0.0.255.255 host 192.168.100.2 67

access-list 100 permit udp 192.168.0.0 0.0.255.255 host 192.168.100.2 68

access-list 100 deny any any

Labels:
0 Helpful
1 REPLY 1
Charles Hill
Rising star
Rising star
‎03-31-2015 08:05 PM
‎03-31-2015 08:05 PM

Hello Joe Lee,

Try adding the line below to your acl.

 

access-list 100 permit udp any eq bootpc and eq bootps

 

 

UDP port 67 is for the dhcp server

UDP port 68 is for the dhcp client

 

The link below gives more detail concerning allowing dhcp traffic via a acl.

https://supportforums.cisco.com/discussion/11442541/acl-allow-only-dhcp-server

 

Hope this helps.,

if so, please rate.

0 Helpful
Latest Contents
(Podcast) S8|E38 The Predictive Internet
Created by Amilee San Juan on 09-22-2021 09:19 AM
0
0
0
0
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach... view more
(Podcast) S8|E37 Cisco Champion Unfiltered: I'll Fix That La...
Created by Amilee San Juan on 09-17-2021 01:12 PM
0
0
0
0
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw... view more
Hear how great partnerships make smart building solutions
Created by Kelli Glass on 09-16-2021 03:33 PM
0
0
0
0
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th... view more
Demystifying OSPF DR Network LSA
Created by meddane on 09-15-2021 05:48 AM
0
0
0
0
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig... view more
Cisco DNA Center ATXs FAQ
Created by dilthaku on 09-12-2021 06:32 PM
0
0
0
0
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend. Q. I have a Cisco Appl... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Event
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad