I am setting up a vlan access map but I cannot get dhcp to work a host cannot pickup an ip address. Here is the config.
ip address 10.79.200.1 255.255.255.0
ip helper-address 10.79.1.90
arp timeout 1
vlan access-map vm200 10
match ip address vac200
vlan filter vm200 vlan-list 200
ip access-list extended vac200
permit ip 10.79.200.0 0.0.0.255 10.79.5.144 0.0.0.15
permit ip 10.79.5.144 0.0.0.15 10.79.200.0 0.0.0.255
permit udp host 10.79.1.90 eq bootps 10.79.200.0 0.0.0.255 eq bootpc
As you can see my dhcp server 10.79.1.90, If I do an ip any any in the access list it works but I would like to lock it down.
An additional thought:
The two ACEs don't address the full scope of the issue, as some of the DHCP packets are sent with a source IP address of 0.0.0.0, and a destination IP address of 255.255.255.255 (broadcast address).
You might be better off with:
permit udp any eq bootps any eq bootpc
permit udp any eq bootpc any eq bootps
... and use DHCP Snooping for security.