Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1251
Views
0
Helpful
0
Replies

Q: CBS250 ACL for DHCP Server

Hubsi-Smith
Level 1
Level 1

‎03-08-2022 11:27 PM

Hello,
I have a understanding problem with my ACL for contacting a DHCP server.

Here are my used Server:

1. Fritzbox with DHCP server (IP: 192.168.100.65/27

2. CBS250 VLAN-1 (IP: 192.168.100.66/27)

3. Clients with Port-Range (192.168.100.70 - 192.168.100.80/27)

 

First problem:

Clients must contact the Fritzbox to get there IP from the Fritzbox DHCP server. My Input ACL looks like:

permit udp any any 192.168.100.65 0.0.0.0 67-68 ace-priority 1

 

Looks for me okey, but the client is unable to get an IP from the DHCP server. When I change the wildcard from the IP 192.168.100.65 0.0.0.0 into 255.255.255.255 it will works fine. I don´t understand why

 

 

Second problem is, if I put more than 4 ACE into an ACL, I got the Message:

Cannot apply - TCP/UDP port range egress amount exceeded

ACL-error.PNG

My Clients Port-Range (192.168.100.70 - 192.168.100.80/27) is fix. Question is, there are some more device in the subnetz,  how can I limit an ACE for exactly this port-range?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents