04-20-2015 06:29 AM - edited 03-07-2019 11:38 PM
Guys,
I'm not sure why my ACL is not working but I created a extended ACL so I can allow a new network to the DC at ports 67 68 and 53 (DHCP and DNS)
Then access to the firewall only. However, when we connect to the wireless SSID we are not getting DHCP. I was wondering what am I missing.
Thanks
04-20-2015 06:36 AM
Hi Earl,
Can you please share the ACL configuration.
Keep in mind that DNS and DHCP use UDP ports, not TCP port.
Krishna
04-20-2015 08:05 AM
ip access-list extended Wireless
permit ip x.x.x.x 0.0.0.255 host x.x.x.x (firewall)
permit udp any any eq bootps
permit udp any eq bootps any
permit udp any any eq bootpc
permit udp any eq bootpc any
permit ip x.x.x.x (subnet) host x.x.x.x (DC) option 53
permit udp any eq domain any
04-20-2015 08:15 AM
Hi Earl,
Do you see matches for the ACL? Is the DHCP server in a remote subnet/VLAN? Do you have IP helper command configured in interface?
Can you please post the interface configuration as well.
Krishna
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide