Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
157
Views
0
Helpful
1
Replies

Question about extended ACLs

williammax
Level 1
Level 1

‎01-22-2017 11:09 AM - edited ‎03-08-2019 09:00 AM

On packet tracer I've been tasked with the following:

Create 3-line extended ACLs on PHX-RTR-1 named PHX-LAN-1, PHX-LAN-2, and PHX-LAN-3 to prevent IP source address spoofing on these LANs. Only allow traffic that has a source address from the LAN it comes from. Allow DHCP requests:

1. Allow the IP Range for the LAN

2. Allow BOOTPS

3. Deny all other traffic

the PHX-LAN-1 address range is 172.25.65.128/26

I made the following access-list (which is wrong)

Extended IP access list PHX-LAN-1

10 permit udp any any eq bootps

20 permit ip 172.25.65.128 0.0.0.63 any

30 deny ip any any

I'm not sure what I'm doing wrong. Would appreciate any help, thanks!

Labels:
0 Helpful
1 Reply 1

Dennis Mink
VIP Alumni
VIP Alumni

‎01-22-2017 05:29 PM

to what interface did you apply this ACL?

also you could use port 67/udp (server)  and 68/udp   (client, which is probably what you want to allow coming FROM your LAN).

also, did you check it your acl is getting hit, by adding the log statement at the end?

cheers

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card