Solved: Re: Concerning ACL with DHCP. - Page 2

thonghawkyen · ‎02-17-2009

I have a router with 2 FE interfaces :

(1) interface FastEthernet0/0

=> ip address 137.55.70.1 255.255.255.0

=> duplex auto

=> speed auto

Note : This interface/subnet i hv a DHCP server connected as 137.55.70.2.

(2) interface FastEthernet0/1

=> ip address 137.55.71.1 255.255.255.0

=> ip helper-address 137.55.70.2

=> duplex auto

=> speed auto

Scenario (1) - OK

-------------------------

(1) I hv defined ACLs as followed :

=>access-list 101 permit ip 137.55.71.0 0.0.0.255 host 137.55.70.2

=>access-list 104 permit udp 137.55.71.0 0.0.0.255 host 137.55.70.2 eq bootpc

=>access-list 104 permit udp 137.55.71.0 0.0.0.255 host 137.55.70.2 eq bootps

(2) Applied to F0/0 :

=>ip access-group 104 out

Result : Clients connected to F0/1 subnet get DHCP IP addresses.

Scenario (2) - Not OK

--------------------------------

(1) Use the same ACL applied to F0/1 :

=> ip access-group 104 in

(2) And added the following line in the global configuration mode :

=>ip forward-protocol udp

(3) Remove 104 and applied 101 to F0/1 :

=> ip access-group 101 in

Result : Clients connected to F0/1 subnet CANNOT get DHCP IP addresses.

P/S : It is not as simple as i thought. Appreciate if anyone can help. Thank you very much.

Richard Burts · ‎03-03-2009

Thong

I am glad that it is working and that our explanations have helped you to understand it better. Thank you for using the rating sytstem to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that responses did resolve the question.

HTH

Rick

HTH

Rick

Leo Laohoo · ‎02-18-2009

Thanks Rick.