I have an access-list I apply inbound on a LAN interface, ethernet0. Its purpose is to only allow hosts on that LAN to access specific destination addresses. The access-list is of the form
access-list 100 permit ip any host 10.1.1.1
then under ethernet0 I put
ip access-group 100 in
The idea being to permit hosts on ethernet0 accessing only 10.1.1.1
Ethernet0 also has
ip helper-address 10.1.1.1
To forward dhcp requests to that host.
With the acess-group command applied dhcp requests are blocked but with it off they are passed. I assume permit IP allows all tcp and udp packets so the udp dhcp request should pass. Is it being blocked because the source address will be 0.0.0.0 ? If I manually put an IP address on a client on ethernet0, i.e. No dhcp, all other traffic passes fine. I also tried adding access-list 100 permit udp any host 10.1.1.1 eq bootpc but no change. I know I'm missing something stupid here. Does ip any not match traffic from 0.0.0.0 ?