Access-list for block the DHCP request.

Unanswered Question
May 13th, 2007
User Badges:

Dear All,


How can I block a DHCP request on cisco 2950 switches, I tried given below access list but it was not working so plz suggest


interface FastEthernet0/4

no ip address

ip access-group 102 in

!


Extended IP access list 102

deny udp host 10.12.14.120 any eq bootpc

permit ip any any



IOS : Version 12.1(19)EA1c,



Thank you in anticipation,


Regards,

Dipak


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Mon, 05/21/2007 - 06:05
User Badges:
  • Bronze, 100 points or more

The access-list which you have created is correct except the tu need to add one more statement to the list


access-list 102 deny udp any host 10.12.14.120 any eq 67

access-list 102 deny udp any host 10.12.14.120 any eq 68


Richard Burts Mon, 05/21/2007 - 06:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Gabriel


The syntax that you suggest may be better but it does not address the problem of trying to assign an IP access list to an interface that is not processing IP. I do not believe that you can do this filtering on a 2950 layer 2 switch.


HTH


Rick

luqmankondeth Mon, 05/21/2007 - 06:13
User Badges:

depending on the switch IOS, you can filter layer3/4 information on the 2950 on an interface that is not processing IP itself.

Actions

This Discussion