Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
2
Replies

DHCP Client and IOS firewall question

Little_Wing
Level 1
Level 1

‎10-30-2006 11:58 AM - edited ‎03-03-2019 02:31 PM

I have an 1811 router running adv.enterprise 12.4-6T. The interface connecting to the isp receives its static ip address via dhcp. The interface config is listed here:

interface FastEthernet0

description Connection to ISP xxxx

ip address dhcp

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex full

speed auto

no cdp enable

crypto map vpn_link

end

I intend to enable the IOS firewall on the interface and apply an inbound access list. I have created a suitable access list that allows only a very limited amount of traffic inbound (basically just ipsec and ssh from a specific host). However, since the interface is a dhcp client, I want to know what else must the access list allow in order for the router to properly function as a dhcp client.

Thanks for the help!

Labels:
0 Helpful
2 Replies 2

Not applicable

‎11-06-2006 07:53 AM

The access list has implicit deny by default, so the ip address which has to be allowed should be specifically mentioned in the access list configuration.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to

‎11-06-2006 08:16 AM

Adam

To be sure that DHCP is permitted in the inbound access list include statements that permit UDP ports 67 and 68.

You might also consider whether some other services (DNS, NTP are some that come to mind) also need to be permitted.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card