ACL to isolate traffic Wireless VLAN subnet

Earl Granger IV · ‎04-20-2015

Guys,

I'm not sure why my ACL is not working but I created a extended ACL so I can allow a new network to the DC at ports 67 68 and 53 (DHCP and DNS)

Then access to the firewall only. However, when we connect to the wireless SSID we are not getting DHCP. I was wondering what am I missing.

Thanks

Krishnendu AR · ‎04-20-2015

Hi Earl,

Can you please share the ACL configuration.

Keep in mind that DNS and DHCP use UDP ports, not TCP port.

Krishna

Earl Granger IV · ‎04-20-2015

ip access-list extended Wireless

permit ip x.x.x.x 0.0.0.255 host x.x.x.x (firewall)

permit udp any any eq bootps

permit udp any eq bootps any

permit udp any any eq bootpc

permit udp any eq bootpc any

permit ip x.x.x.x (subnet) host x.x.x.x (DC) option 53

permit udp any eq domain any

Krishnendu AR · ‎04-20-2015

Hi Earl,

Do you see matches for the ACL? Is the DHCP server in a remote subnet/VLAN? Do you have IP helper command configured in interface?

Can you please post the interface configuration as well.

Krishna