DHCP Client and IOS firewall question

Unanswered Question
Oct 30th, 2006
User Badges:

I have an 1811 router running adv.enterprise 12.4-6T. The interface connecting to the isp receives its static ip address via dhcp. The interface config is listed here:

interface FastEthernet0

description Connection to ISP xxxx

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex full

speed auto

no cdp enable

crypto map vpn_link


I intend to enable the IOS firewall on the interface and apply an inbound access list. I have created a suitable access list that allows only a very limited amount of traffic inbound (basically just ipsec and ssh from a specific host). However, since the interface is a dhcp client, I want to know what else must the access list allow in order for the router to properly function as a dhcp client.

Thanks for the help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 11/06/2006 - 07:53
User Badges:

The access list has implicit deny by default, so the ip address which has to be allowed should be specifically mentioned in the access list configuration.

Richard Burts Mon, 11/06/2006 - 08:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


To be sure that DHCP is permitted in the inbound access list include statements that permit UDP ports 67 and 68.

You might also consider whether some other services (DNS, NTP are some that come to mind) also need to be permitted.




This Discussion