Access list issues.

Unanswered Question
Jun 25th, 2009

New at this so be nice.

Trying to create an access list to prevent a dual homed server from sending dhcp replies out the port on our standard LAN. The dhdp is only for a vlan. I created the following access list but it doesn't seem to be working. What did I miss?

Also why can't I put in the out direction as well???

ip access-list extended Deny_DHCP

deny udp any any eq bootpc

deny udp any any eq bootps

permit ip any any

interface gi4/48

ip access-group Deny_DHCP in

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Thu, 06/25/2009 - 14:27

I guess you are configuring a port ACL.

Port ACL only uses source, destination IP and protocol number if I remember correctly. Therefore, it does not know tcp/udp port number.

Port ACLs are applied on interfaces for inbound traffic only.


This Discussion