Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VACL not permitting helper-address (DHCP)

Hi,

I configured the ACL to restrict communication of one VLAN over 3560 used as VTP server. Following are the config excerpt;

interface Vlan Process

description Process VLAN

ip address x.x.84.254 255.255.255.0

ip access-group Process_in in

ip access-group Process_out out

ip helper-address x.x.82.26

Each ACLs contain "permit" entry for x.x.82.26 (DHCP Server) in both ways (I put both ways when it was not working either way).

Machines connecting to this VLAN unable to obtain lease (IP address). All other vlans are OK.

Can anyone please guide about it?

Thanks,

3 REPLIES
New Member

Re: VACL not permitting helper-address (DHCP)

Can you post the Process_in and Process_out ACLs please?

New Member

Re: VACL not permitting helper-address (DHCP)

Thanks for response.

I put DHCP permit both ways in both ACLs when it was not working one way.

Extended IP access list AFS_Process_in

permit ip any host X.X.82.10

permit ip host X.X.82.10 any

permit ip any host X.X.82.21

permit ip any host X.X.82.26 >>>[DHCP]

permit ip host X.X.82.26 any >>>[DHCP]

permit ip any host X.X.82.27

permit ip any host X.X.24.66

permit ip X.X.84.192 0.0.0.31 any

deny ip any any log

Extended IP access list AFS_Process_out

permit ip host X.X.82.10 any

permit ip any host X.X.82.10

permit ip host X.X.82.21 any

permit ip host X.X.82.26 any >>>[DHCP]

permit ip any host X.X.82.26 >>>[DHCP]

permit ip host X.X.82.27 any

permit ip host X.X.24.66 any

permit ip any X.X.84.192 0.0.0.31

deny ip any any log

Regards,

Arif

New Member

Re: VACL not permitting helper-address (DHCP)

You should do the following:

no ip access-list extended AFS_Process_out

IP access-list extended AFS_Process_out

permit ip any host X.X.82.10

permit ip any host X.X.82.26

permit ip host X.X.24.66 any

interface Vlan Process

no ip access-group Process_in in

no ip access-group Process_out out

ip access-group AFS_Process_out out

BR. Amdil

208
Views
1
Helpful
3
Replies