I have one computer connected to the 4506 that management does not want this pc to have access to anything on our network except our DHCP server and the one printer that resides on our network. I created an extended access list as follows. Our network is the 10.10.x.x and the external addresses the pc needs to access is 11.1.x.x. Once this pc is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
The biggest problem in your access list is that each of the entries specifies that the source is host 10.10.200.242. But when the PC boots and attempts to access the DHCP server it has no IP address (that is why it is trying to access the DHCP server is it not?). So the source address of the DHCP request would be 0.0.0.0
Thank you that makes sense, so 0.0.0.0 is only for the permits to the DHCP server, otherwise I would use the IP address 10.10.200.242 to access the outside network only. Just need to verify and do I need a deny statement at the end of the ACL.
Also for the interface I have
ip access-group 2000 in (name for the extended access list)
Is this all I need on the interface and do I need to also add the IP Relay Trusted statement?
This is actually a huge project that will be going out to many sites so I need to get it working correctly here at my central office.
There is an implicit deny at the end of an access list. So technically you do not need to put a deny at the end of the access list. Some people (frequently including me) do like to put the deny at the end. For one thing it makes it explicit that traffic that gets to the bottom of the access list will be denied. And with the deny configured you get a counter of how many packets have been denied. So you may configure the deny at the end or not as you choose.
There are some permit statements here that allow this host to access certain resources within your network. But I do not see anything that would allow this host to access the Internet. Probably what you should do in the access list is to permit the host access to some resources within your network, deny the host access to any other resources within your network, and then permit any.
How the address is reserved in the DHCP server so that the host always gets the same address will depend on what kind of DHCP server you are using and how it is configured. There is not anything on the 4506 that impacts this.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...