Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
3
Replies

no DHCP when applying access list

Go to solution
Addey Salameh
Level 1
Level 1

‎05-09-2015 02:05 AM - edited ‎03-07-2019 11:56 PM

 
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎05-09-2015 04:05 AM

Add the following line to your ACL and DHCP should work:

ip access-list extended Block_Facebook
  1 permit udp any eq bootpc any eq bootps

View solution in original post

0 Helpful

Go to solution
houtan haddadlarijani
Level 1
Level 1

‎05-09-2015 04:24 AM

Hi,

You blocked DHCP discover packet with your current ACL, Discover packet has sender IP of 0.0.0.0 (port 68) and destination IP of 255.255.255.255 (port67) which is being blocked by this ACL. Adding line 

 permit udp any eq 68 host 255.255.255.255 eq 67

 

can solve your problem. (There are other possibilities for allow DHCP in ACLs)

 

Anyway, why u did not use "name-server" to simplify ur ACL with only 1 line to block facebook?

 

HTH,

Houtan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎05-09-2015 04:05 AM

Add the following line to your ACL and DHCP should work:

ip access-list extended Block_Facebook
  1 permit udp any eq bootpc any eq bootps
0 Helpful

Go to solution
Addey Salameh
Level 1
Level 1
In response to Karsten Iwen

‎05-09-2015 04:30 AM

Thank You guys you helped me alot :D

 

0 Helpful

Go to solution
houtan haddadlarijani
Level 1
Level 1

‎05-09-2015 04:24 AM

Hi,

You blocked DHCP discover packet with your current ACL, Discover packet has sender IP of 0.0.0.0 (port 68) and destination IP of 255.255.255.255 (port67) which is being blocked by this ACL. Adding line 

 permit udp any eq 68 host 255.255.255.255 eq 67

 

can solve your problem. (There are other possibilities for allow DHCP in ACLs)

 

Anyway, why u did not use "name-server" to simplify ur ACL with only 1 line to block facebook?

 

HTH,

Houtan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card