10-30-2006 11:58 AM - edited 03-03-2019 02:31 PM
I have an 1811 router running adv.enterprise 12.4-6T. The interface connecting to the isp receives its static ip address via dhcp. The interface config is listed here:
interface FastEthernet0
description Connection to ISP xxxx
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex full
speed auto
no cdp enable
crypto map vpn_link
end
I intend to enable the IOS firewall on the interface and apply an inbound access list. I have created a suitable access list that allows only a very limited amount of traffic inbound (basically just ipsec and ssh from a specific host). However, since the interface is a dhcp client, I want to know what else must the access list allow in order for the router to properly function as a dhcp client.
Thanks for the help!
11-06-2006 07:53 AM
The access list has implicit deny by default, so the ip address which has to be allowed should be specifically mentioned in the access list configuration.
11-06-2006 08:16 AM
Adam
To be sure that DHCP is permitted in the inbound access list include statements that permit UDP ports 67 and 68.
You might also consider whether some other services (DNS, NTP are some that come to mind) also need to be permitted.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: