Solved: DHCP and ACL Problem

blackswans · ‎12-08-2013

Hi,

Why the clients in vlan 30 cannot get ip from DHCP (192.168.1.3 and 4) when the ACL is applied to the vlan 30? When the ACL is removed clients can get ip from dhcp.

Thanks

10 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.3

20 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.4

80 permit tcp host 192.168.3.21 eq 3389 host 192.168.1.1

90 permit tcp host 192.168.3.21 host 192.168.1.1 range 2221 2222

100 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

120 permit ip 192.168.3.0 0.0.0.255 any

interface Vlan30

ip address 192.168.3.253 255.255.255.0

ip access-group 130 in

ip helper-address 192.168.1.3

ip helper-address 192.168.1.4

Rolf Fischer · ‎12-08-2013

You should add a line for the client's initial DHCP DISCOVERs, e.g.:

5 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

HTH

Rolf

View solution in original post

Sandeep Choudhary · ‎12-08-2013

Hi ,

Can u check the Access List group number which u assigned on vlan interface.

interface Vlan30

ip address 192.168.3.253 255.255.255.0

ip access-group 130 in

ip helper-address 192.168.1.3

ip helper-address 192.168.1.4

I did not see any access list 130??

Regards

blackswans · ‎12-08-2013

This is the extended ACL 130.

ip access-list extended 130