Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
10
Helpful
3
Replies

DHCP not recieved by host

Go to solution
arun.stha
Level 1
Level 1

‎10-01-2012 04:26 AM - edited ‎03-07-2019 09:12 AM

L3 Switch as dhcp:

ip dhcp pool wifi_pool_1

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

   dns-server 192.168.0.180

ip access-list extended LAN_ONLY

permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255

interface Vlan20

ip address 192.168.10.1 255.255.255.0

I want to block internet to  host connected to AP and only permit the internal network, my internal network are in range of 192.168.0.0/16, ACL was created as above, but the host that connects to AP arent able to obtain ip address provided by DHCP.

IP is obtain by host if i put ace as "permit ip any any"  but this is not my requirement because this leads host to access internet also.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎10-01-2012 04:34 AM

you could add the following line to your ACL to generally allow DHCP-traffic:

permit udp any eq bootpc any eq bootps

It could be more specific but this line is quite often used for that task.

EDIT: Cadets Solution is more specific and though better then mine ... ;-)

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎10-01-2012 04:34 AM

Hi,

Do this:

ip access-list extended LAN_ONLY

permit udp any eq bootpc  host 255.255.255.255 eq bootps

permit udp any eq bootpc  host 192.168.10.1 eq bootps

permit ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
Karsten Iwen
VIP
VIP

‎10-01-2012 04:34 AM

you could add the following line to your ACL to generally allow DHCP-traffic:

permit udp any eq bootpc any eq bootps

It could be more specific but this line is quite often used for that task.

EDIT: Cadets Solution is more specific and though better then mine ... ;-)

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
arun.stha
Level 1
Level 1

‎10-02-2012 06:26 PM

Thank you, cadet and Karsten both of u, It worked well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card