block icmp-permit dhcp

Unanswered Question
Mar 24th, 2009

Dear all,

I am having 3550 switch with vlan3 and vlan5.In vlan3 I have a dhcp server which gives ip add to all the pc's in vlan3 and vlan 5 using ip helper address in vlan5.every thing is working fine. Now I want to block icmp in vlan 5.I tried using access list, it was blocked but my DHCP is not working.

Ip accesslist extened 101

Deny icmp any any

Permit ip any ip)

Please help me .I want to block icmp in vlan5 and dhcp should also work…

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 03/24/2009 - 05:59

Where have you applied the acl and in what direction. Try this -

access-list 101 deny icmp any any

access-list 101 permit ip any any

int vlan 5

ip access-group 101 in


Richard Burts Tue, 03/24/2009 - 12:48


Your access list is attempting to block ICMP and to permit DHCP. But the problem in your access list is that the DHCP request does not come in addressed to the DHCP server but comes in with the destination being the broadcast address.

So Jon's suggestion of permit ip any any would fix the problem or you could permit host and that should also work. (I suspect that if you did the access in the way that you originally tried with deny ICMP and permit DHCP, that you would find that other traffic that you really want to work would be blocked - so I believe that the suggestion from Jon is the way that you should implement it).




This Discussion