Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
2
Replies

overloading an access-group

Go to solution
lcaruso
Level 6
Level 6

‎02-03-2011 02:58 PM - edited ‎03-04-2019 11:18 AM

On a 1811 running 12.4 I have the following which I have not seen before. The same identifier is used for an access list and a dhcp pool. The only place that identifier is referenced is under a vlan definition. My question: is this access-group statment referring to the access-list or the dhcp pool or both? Does it actually use both?

interface FastEthernet8
switchport access vlan 99
 duplex full

interface Vlan99
 description Internet Only VLAN
 ip address 192.x.x.254 255.255.255.0
 ip access-group Internet_Only in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452

ip access-list extended Internet_Only
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.15.255.255
 deny   tcp any host 192.x.x.254 eq telnet
 deny   tcp any host 192.x.x.254 eq 22
 deny   tcp any host 192.x.x.254 eq www
 deny   tcp any host 192.x.x.254 eq 443
 deny   udp any host 192.x.x.254 eq snmp
 deny   udp any host 192.x.x.254 eq snmptrap
 deny   tcp any any eq smtp
 permit ip any any

ip dhcp pool Internet_Only
   network 192.x.x.0 255.255.255.0
   default-router 192.x.x.254 
   dns-server 208.67.222.222
   lease 0 8
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6

‎02-03-2011 03:11 PM

The access-group is just for access-list.

For dhcp , It you dont need any command under the vlan interface , unless the interface itself is getting ip address from another ios dhcp server.

check this link out for more info on DHCP config in IOS.

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html#wp1001297

Manish

View solution in original post

0 Helpful
2 Replies 2

Go to solution
manish arora
Level 6
Level 6

‎02-03-2011 03:11 PM

The access-group is just for access-list.

For dhcp , It you dont need any command under the vlan interface , unless the interface itself is getting ip address from another ios dhcp server.

check this link out for more info on DHCP config in IOS.

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html#wp1001297

Manish

0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to manish arora

‎02-03-2011 03:17 PM

Thanks for the explanation and the link.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card