Having trouble moving ACL from Dell N3000 to Cisco 9300 - DHCP Only

ADynes · ‎10-13-2021

Think I figured it out. Please delete.

Georg Pauwen · ‎10-13-2021

Hello,

the below should work:

ip access-list DMZDeny
10 permit udp host 0.0.0.0 host 255.255.255.255 eq bootpc
20 deny ip 10.1.40.0 0.0.0.255 10.1.10.0 0.0.0.255
30 deny ip 10.1.40.0 0.0.0.255 10.1.20.0 0.0.0.255
40 deny ip 10.1.40.0 0.0.0.255 10.1.30.0 0.0.0.255
40 permit ip 10.1.40.0 0.0.0.255 any
!
interface vlan 40
ip access-group DMZDeny in 1

ADynes · ‎10-14-2021

I played with it for a while through the web ui and I think I got it. It doesn't match what you have exactly but it's close and it seems to work:

ip access-list extended DMZDeny
10 permit udp 10.1.40.0 0.0.0.255 eq bootps host 10.1.30.50 eq bootps
20 deny ip 10.1.40.0 0.0.0.255 10.1.10.0 0.0.0.255
30 deny ip 10.1.40.0 0.0.0.255 10.1.20.0 0.0.0.255
40 deny ip 10.1.40.0 0.0.0.255 10.1.30.0 0.0.0.255
40 permit ip 10.1.40.0 0.0.0.255 any

interface vlan 40
ip access-group DMZDeny in

Thanks! Now to figure out VoIP QoS.