05-30-2012 05:50 AM - edited 03-07-2019 06:58 AM
Hello Cisco support community,
I have a question regarding ACL with DHCP:
I have cisco 881 routers:
- VLAN 1 (FastEthernet 0, 1, 2 and 3): IP address 172.20.0.1/16
- FastEthernet 4 (connected to another network): IP address receivede from a DHCP server.
These router will be installed on different sites where I don't have access to the DHCP server: I don't know the IP address that FA4 will receive.
I want to make an inbound ACL to allow access to 1 host in the FA4 network to a specific port.
interface fa 4
ip access-group FILTER in
ip access-list FILTERpermit tcp host [host IP] [IP FA4] eq [port]
How can I do that kind of ACL if I don't know the IP address of FA4 in advance ?
Thank you !
Nicolas
06-03-2012 08:55 AM
hi nicolas,
if FE4 is receving dynamic IP from DHCP, you could put your ACL under VLAN 1 SVI instead.
06-03-2012 10:09 AM
Why not just put the acl on the server itself? Windows and Linux both have port filters you could activate and allow only the traffic you specify inbound.
Sent from Cisco Technical Support iPad App
06-03-2012 10:01 PM
Hi
you will need to enable DHCP to get address
ip access-list FILTERpermit udp any any eq 67
permit udp any any eq 68
permit tcp host [host IP] 172.20.0.0 0.0.255.255 eq [port]
this will enable to get dhcp address
and comunication from [host IP] to your network 172.20.0.0 0.0.255.255
dont forget to rate post if it helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide