DHCP On 4000 issue

Unanswered Question
Jul 8th, 2007


i have cisco 4006 switch with MSFC i. I have wireless access-point defined 2 SSID one for guists and one for local users i want to guest users connect to internet and DHCP(to get ip address from their scope). every thing is very good before adding the folowing access list on the VLAN interface for guests

access-list 101 permit ip any host 10.x.x.50 [ DHCP ]

access-list 101 permit ip any host 10.x.x.89 [ proxy]

after adding this access-list guist usres cann't get ip address from DHCP server


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Richard Burts Sun, 07/08/2007 - 17:48


It would be helpful if we had some more details about what you have done. In particular it would be helpful to know if this was the entire access list and if this access list was applied inbound or outbound on the VLAN interface.

Assuming that this is the entire access list and that it is applied inbound on the VLAN interface, then I think that I know what the issue is. The client request for DHCP is not sent to the address of the DHCP server but is sent to the broadcast address. Since you do not have any permits for the broadcast address then the request never gets to the DHCP server. You need to add a permit that will allow broadcast traffic to get to the DHCP server. If you do not want to open up all broadcast traffic, then you could make the permit specific for UDP with broadcast destination and with the ports needed for DHCP.



Suryakant Shant Sun, 07/08/2007 - 18:31

As Rick mentioned, the client sends the request as broadcast, not unicast to the DHCP server.

You can use one of below access-list entry to make it work:

access-list 101 permit tcp any eq 68 any eq 67

access-list 101 permit ip host host

access-list 101 permit tcp host eq 68 host eq 67


This Discussion