Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
8
Helpful
2
Replies

DHCP On 4000 issue

seegomaa
Level 1
Level 1

‎07-08-2007 12:05 AM - edited ‎03-05-2019 05:11 PM

Dears

i have cisco 4006 switch with MSFC i. I have wireless access-point defined 2 SSID one for guists and one for local users i want to guest users connect to internet and DHCP(to get ip address from their scope). every thing is very good before adding the folowing access list on the VLAN interface for guests

access-list 101 permit ip any host 10.x.x.50 [ DHCP ]

access-list 101 permit ip any host 10.x.x.89 [ proxy]

after adding this access-list guist usres cann't get ip address from DHCP server

Thanks

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎07-08-2007 05:48 PM

Mohamed

It would be helpful if we had some more details about what you have done. In particular it would be helpful to know if this was the entire access list and if this access list was applied inbound or outbound on the VLAN interface.

Assuming that this is the entire access list and that it is applied inbound on the VLAN interface, then I think that I know what the issue is. The client request for DHCP is not sent to the address of the DHCP server but is sent to the broadcast address. Since you do not have any permits for the broadcast address then the request never gets to the DHCP server. You need to add a permit that will allow broadcast traffic to get to the DHCP server. If you do not want to open up all broadcast traffic, then you could make the permit specific for UDP with broadcast destination and with the ports needed for DHCP.

HTH

Rick

HTH

Rick

Suryakant Shant
Cisco Employee
Cisco Employee
In response to Richard Burts

‎07-08-2007 06:31 PM

As Rick mentioned, the client sends the request as broadcast, not unicast to the DHCP server.

You can use one of below access-list entry to make it work:

access-list 101 permit tcp any eq 68 any eq 67

access-list 101 permit ip host 0.0.0.0 host 255.255.255.255

access-list 101 permit tcp host 0.0.0.0 eq 68 host 255.255.255.255 eq 67

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card