Solved: ACLs for DHCP

t. prophet · ‎04-17-2013

We are configuring ACLs for a dhcp pool on Sw3750

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

And, here is dhcp pool:

ip dhcp excluded 192.168.1.1 192.168.1.3

ip dhcp pool Name

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

But when a PC try to obtain IP automatically, it doesn't work.

Pls help me.

Thks in advanced

Harold Ritter · ‎04-17-2013

Hi,

This is because the DHCP discovery and request message are sent with a source address of 0.0.0.0 and a destibnation address of 255.255.255.255. Try modifying your ACL as follow:

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

permit udp any eq bootpc any eq bootps

Hope this helps

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

t. prophet · ‎04-17-2013

In case When i remove ACLs, that PC can get IP and connected to network.

Harold Ritter · ‎04-17-2013

Hi,

This is because the DHCP discovery and request message are sent with a source address of 0.0.0.0 and a destibnation address of 255.255.255.255. Try modifying your ACL as follow:

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

permit udp any eq bootpc any eq bootps

Hope this helps

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

t. prophet · ‎04-17-2013

That's great. Its working. Thks Harold Ritter very much