Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP and ACL Problem

Hi,

Why the clients in vlan 30 cannot get ip from DHCP (192.168.1.3 and 4) when the ACL is applied to the vlan 30? When the ACL is removed clients can get ip from dhcp.

Thanks

10 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.3

20 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.4

80 permit tcp host 192.168.3.21 eq 3389 host 192.168.1.1

90 permit tcp host 192.168.3.21 host 192.168.1.1 range 2221 2222

100 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

120 permit ip 192.168.3.0 0.0.0.255 any

interface Vlan30

ip address 192.168.3.253 255.255.255.0

ip access-group 130 in

ip helper-address 192.168.1.3

ip helper-address 192.168.1.4

1 ACCEPTED SOLUTION

Accepted Solutions

Re: DHCP and ACL Problem

You should add a line for the client's initial DHCP DISCOVERs, e.g.:

5 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

HTH

Rolf

4 REPLIES
VIP Purple

DHCP and ACL Problem

Hi ,

Can u check the Access List group number which u assigned on vlan interface.

interface Vlan30

ip address 192.168.3.253 255.255.255.0

ip access-group 130 in

ip helper-address 192.168.1.3

ip helper-address 192.168.1.4

I did not see any access list 130??

Regards

New Member

DHCP and ACL Problem

This is the extended ACL 130.

ip access-list extended 130

10 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.3

20 permit ip 192.168.3.0 0.0.0.255 host 192.168.1.4

80 permit tcp host 192.168.3.21 eq 3389 host 192.168.1.1

90 permit tcp host 192.168.3.21 host 192.168.1.1 range 2221 2222

100 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

120 permit ip 192.168.3.0 0.0.0.255 any

DHCP and ACL Problem

Does the vlan svi that has the ip address of 192.168.1.x have an acl applied as well? Maybe it's not allowing the return traffic....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Re: DHCP and ACL Problem

You should add a line for the client's initial DHCP DISCOVERs, e.g.:

5 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps

HTH

Rolf

119
Views
0
Helpful
4
Replies