block icmp-permit dhcp

satyamothukuri · ‎03-24-2009

Dear all,

I am having 3550 switch with vlan3 and vlan5.In vlan3 I have a dhcp server which gives ip add to all the pc's in vlan3 and vlan 5 using ip helper address in vlan5.every thing is working fine. Now I want to block icmp in vlan 5.I tried using access list, it was blocked but my DHCP is not working.

Ip accesslist extened 101

Deny icmp any any

Permit ip any 172.16.5.2(dhcp ip)

Please help me .I want to block icmp in vlan5 and dhcp should also workâ€¦

Jon Marshall · ‎03-24-2009

Where have you applied the acl and in what direction. Try this -

access-list 101 deny icmp any any

access-list 101 permit ip any any

int vlan 5

ip access-group 101 in

Jon

Richard Burts · ‎03-24-2009

satya

Your access list is attempting to block ICMP and to permit DHCP. But the problem in your access list is that the DHCP request does not come in addressed to the DHCP server but comes in with the destination being the broadcast address.

So Jon's suggestion of permit ip any any would fix the problem or you could permit host 255.255.255.255 and that should also work. (I suspect that if you did the access in the way that you originally tried with deny ICMP and permit DHCP, that you would find that other traffic that you really want to work would be blocked - so I believe that the suggestion from Jon is the way that you should implement it).

HTH

Rick

HTH

Rick

satyamothukuri · ‎03-25-2009

thanks jon..i will try this....