Trying to Configure an ACL for one of our Fex. More specifically I want to create an ACL that allows the only VLAN on the Fex to our two DHCP servers.
Nexus 5k
system image file is: bootflash:///n6000-uk9.7.3.2.N1.1.bin
The below config does not work. I have a windows laptop that sends out requests and never obtains an IP from the DHCP server.
Int Config:
!Command: show running-config interface Vlan101
interface Vlan101
description
no shutdown
ip access-group VLAN101 in
ip access-group VL101 out
ip flow monitor standard_v9netflow input sampler flowsampler
no ip redirects
ip address 10.17.0.130/25
no ipv6 redirects
ip router ospf
hsrp version 2
hsrp 101
preempt
priority 120
timers 1 4
ip 10.17.0.129
ip dhcp relay address 10.4.117.10
ip dhcp relay address 10.4.227.10
ip access-list VLAN101
1 permit udp 10.17.0.128/25 eq bootpc 10.4.117.10/32 eq bootps
2 permit udp 10.17.0.128/25 eq bootpc 10.4.227.10/32 eq bootps
3 permit udp 10.17.0.128/25 eq bootpc 255.255.255.255/32 eq bootps
4 permit udp any eq bootpc any
5 deny any any
ip access-list VL101
2 permit udp 10.4.117.10/32 eq bootps 10.17.0.128/25 eq bootpc
3 permit udp 10.4.217.10/32 eq bootps 10.17.0.128/25 eq bootpc
4 permit udp 255.255.255.255/32 eq bootps 10.17.0.128/25 eq bootpc
5 permit udp 255.255.255.255/32 eq bootps 0.0.0.0/32 eq bootpc
I left the top three lines in VLAN101 the same when I attempted to troubleshoot. The only changes I've made were to the 4th line. I've tried the following.
permit udp any eq bootpc any eq bootps
permit udp 0.0.0.0/32 eq bootpc 255.255.255.255/32 eq bootps
permit udp host 0.0.0.0 host 255.255.255.255 eq bootpc (This automatically changes hosts to 0.0.0.0/32 eq bootpc 255.255.255.255/32 ).
I also removed lines 1-3 in VLAN101 and tried all the variants I listed and still nothing. I have not adjusted anything in VL101
Removed the acl VLAN101 and VL101 from the vlan interface and DHCP works.
I appreciate any adive or suggestions.
.jpg "VIP Mentor"){kind=icon}
