cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
473
Views
4
Helpful
5
Replies

Computer Doesn't get IP from Core SW when the ACL is on

CISCOTUMBA
Level 1
Level 1

Hello All,

 

I have a question, I built the following DHCP pool and ACL on the Cisco core. When the ACL is on the computer doesn't able to get IP address from DHCP but when I turn off the ACL it works perfectly fine. So here is the question when computer gets IP and I turn on the ACL it works fine. Do I need to do anything without turning off and on the ACL computer gets IP? 

 

ip dhcp pool Unsupported_OS
network 10.40.94.0 255.255.255.0
domain-name ahmchealth.net
dns-server 10.54.4.10 10.54.4.4
default-router 10.40.94.1
option 224 ip 10.30.12.155
option 42 ip 10.100.201.4
lease 8

---------------------------------------------------------------

Extended IP access list UNSUPPORTED-OS
10 permit ip 10.40.94.0 0.0.0.255 10.0.0.0 0.255.255.255 (15215 matches)
20 permit ip 10.40.94.0 0.0.0.255 172.26.0.0 0.0.255.255 (37 matches)
30 permit ip 10.40.94.0 0.0.0.255 129.204.62.0 0.0.0.255
40 deny ip 10.40.94.0 0.0.0.255 any (8460 matches)

 

 

 

1 Accepted Solution

Accepted Solutions

permit udp any eq bootpc any eq bootps

Add this line to your ACL and check again

MHM

View solution in original post

5 Replies 5

permit udp any eq bootpc any eq bootps

Add this line to your ACL and check again

MHM

I believe that MHM has a good suggestion. To understand this we should remember a basic aspect of access lists: at the end of every access list is an implied entry denying everything that has not been permitted. So in the acl of this post the permits are based on specific IP source address. But the incoming DHCP request does not have an IP in 10.40.94.0 and so is denied.

With this aspect in mind we can say that this line is not needed: " deny ip 10.40.94.0 0.0.0.255 any (8460 matches)". Having it in the config is not a problem. But if that line were removed things would continue to operate just as they have been.

HTH

Rick

Hello MHM,

Thank you for your help. I added that line on my ACL and works very well. 

Thanks for the update. Glad to know that it works now.

HTH

Rick

No problem, so far so good, Thank you guys for the help.

Review Cisco Networking for a $25 gift card