hi ,

           i have a dhcp server 2008r2 with ip 172.20.1.5 in vlan 3. wanted it give out IPs to vlan 2 and 6. when i apply the access as shown in the config , it does not work. i then tried adding the access list ip access-group 102 out later on to check, but still not working. it works fine without any access list in vlan 2.   will be very helpful to have your guidance in setting it up..

also vlan 2 and 6 need full access to vlan 3...   plzzz help out..

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname L3-CORE

!

boot-start-marker

boot-end-marker

!

!

!

!

no aaa new-model

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip routing

ip dhcp relay information trust-all

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

switchport access vlan 3

switchport mode access

!

interface GigabitEthernet0/6

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-12

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 172.20.0.1 255.255.255.0

ip access-group 100 in

ip access-group 102 out

ip helper-address 172.20.1.5

!

interface Vlan3

ip address 172.20.1.1 255.255.255.128

ip helper-address 172.20.1.5

!

interface Vlan4

ip address 172.20.1.129 255.255.255.128

!

interface Vlan5

ip address 172.20.2.1 255.255.255.128

!

interface Vlan6

ip address 172.20.2.129 255.255.255.128

ip access-group 101 in

ip helper-address 172.20.2.129

!

interface Vlan7

ip address 172.20.3.1 255.255.255.128

!

interface Vlan8

ip address 172.20.3.129 255.255.255.128

!

interface Vlan9

ip address 172.20.4.1 255.255.255.128

!

interface Vlan10

ip address 172.20.4.129 255.255.255.128

!

interface Vlan11

ip address 172.20.5.1 255.255.255.0

!

interface Vlan12

ip address 172.20.6.1 255.255.255.128

!

ip classless

ip http server

ip http secure-server

!

ip sla enable reaction-alerts

access-list 100 permit ip any 172.20.1.0 0.0.0.127

access-list 100 permit udp any host 172.20.1.5

access-list 100 permit udp any 172.20.1.0 0.0.0.127

access-list 100 permit ip any host 172.20.0.1

access-list 100 deny   ip any any

access-list 101 permit ip any 172.20.1.0 0.0.0.127

access-list 101 permit ip any host 172.20.2.129

access-list 101 deny   ip any any

access-list 102 permit ip 172.20.1.0 0.0.0.127 any

access-list 102 permit udp 172.20.1.0 0.0.0.127 any

!

!

line con 0

line vty 5 15

!

end