Solved: ACLs for DHCP

t. prophet · ‎04-17-2013

We are configuring ACLs for a dhcp pool on Sw3750

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

And, here is dhcp pool:

ip dhcp excluded 192.168.1.1 192.168.1.3

ip dhcp pool Name

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

But when a PC try to obtain IP automatically, it doesn't work.

Pls help me.

Thks in advanced

Harold Ritter · ‎04-17-2013

Hi,

This is because the DHCP discovery and request message are sent with a source address of 0.0.0.0 and a destibnation address of 255.255.255.255. Try modifying your ACL as follow:

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

permit udp any eq bootpc any eq bootps

Hope this helps

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

t. prophet · ‎04-17-2013

In case When i remove ACLs, that PC can get IP and connected to network.

Harold Ritter · ‎04-17-2013

Hi,

This is because the DHCP discovery and request message are sent with a source address of 0.0.0.0 and a destibnation address of 255.255.255.255. Try modifying your ACL as follow:

ip access-list extended Test

permit ip any 192.168.1.0 0.0.0.31

permit ip any host 172.16.1.1

permit udp any eq bootpc any eq bootps

Hope this helps

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

t. prophet · ‎04-17-2013

That's great. Its working. Thks Harold Ritter very much