Access-list for block the DHCP request.

Unanswered Question
May 13th, 2007
User Badges:

Dear All,

How can I block a DHCP request on cisco 2950 switches, I tried given below access list but it was not working so plz suggest

interface FastEthernet0/4

no ip address

ip access-group 102 in


Extended IP access list 102

deny udp host any eq bootpc

permit ip any any

IOS : Version 12.1(19)EA1c,

Thank you in anticipation,



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gmarogi Mon, 05/21/2007 - 06:05
User Badges:
  • Bronze, 100 points or more

The access-list which you have created is correct except the tu need to add one more statement to the list

access-list 102 deny udp any host any eq 67

access-list 102 deny udp any host any eq 68

Richard Burts Mon, 05/21/2007 - 06:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


The syntax that you suggest may be better but it does not address the problem of trying to assign an IP access list to an interface that is not processing IP. I do not believe that you can do this filtering on a 2950 layer 2 switch.



luqmankondeth Mon, 05/21/2007 - 06:13
User Badges:

depending on the switch IOS, you can filter layer3/4 information on the 2950 on an interface that is not processing IP itself.


This Discussion