Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Access list issues.

New at this so be nice.

Trying to create an access list to prevent a dual homed server from sending dhcp replies out the port on our standard LAN. The dhdp is only for a vlan. I created the following access list but it doesn't seem to be working. What did I miss?

Also why can't I put in the out direction as well???

ip access-list extended Deny_DHCP

deny udp any any eq bootpc

deny udp any any eq bootps

permit ip any any

interface gi4/48

ip access-group Deny_DHCP in


Re: Access list issues.

I guess you are configuring a port ACL.

Port ACL only uses source, destination IP and protocol number if I remember correctly. Therefore, it does not know tcp/udp port number.

Port ACLs are applied on interfaces for inbound traffic only.

CreatePlease to create content