Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access-list with DHCP

Hello Cisco support community,

I have a question regarding ACL with DHCP:

I have cisco 881 routers:

     - VLAN 1 (FastEthernet 0, 1, 2 and 3): IP address 172.20.0.1/16

     - FastEthernet 4 (connected to another network): IP address receivede from a DHCP server.

These router will be installed on different sites where I don't have access to the DHCP server: I don't know the IP address that FA4 will receive.

I want to make an inbound ACL to allow access to 1 host in the FA4 network to a specific port.

interface fa 4
ip access-group  FILTER in

ip access-list FILTER

permit tcp host [host IP] [IP FA4] eq [port]

How can I do that kind of ACL if I don't know the IP address of FA4 in advance ?

Thank you !

Nicolas

Everyone's tags (2)
3 REPLIES

Access-list with DHCP

hi nicolas,

if FE4 is receving dynamic IP from DHCP, you could put your ACL under VLAN 1 SVI instead.

Re: Access-list with DHCP

Why not just put the acl on the server itself? Windows and Linux both have port filters you could activate and allow only the traffic you specify inbound.

Sent from Cisco Technical Support iPad App

Access-list with DHCP

Hi

you will need to enable DHCP to get address

ip access-list FILTER

permit udp any any eq 67

permit udp any any eq 68

permit tcp host [host IP] 172.20.0.0 0.0.255.255 eq [port]

this will enable to get dhcp address

and comunication from [host IP] to your network 172.20.0.0 0.0.255.255

dont forget to rate post if it helps

4778
Views
5
Helpful
3
Replies
CreatePlease to create content