Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1859
Views
0
Helpful
4
Replies

Simple Access-List question on DHCP

Go to solution
offlinetn
Level 1
Level 1

‎03-17-2006 11:10 AM - edited ‎03-03-2019 02:20 AM

My 831 router aquires its address from comast via DHCP. I have applied an access list to the ethernet port it resides on. I am trying to figure out what I need to put in the access-list to allow comcasts DHCP server to contact my ethernet port.

I have used the following...

access-list 151 permit udp any any eq 67 log

access-list 151 permit udp any host 255.255.255.255 eq 67 log

access-list 151 deny ip any any log

They don't seem to work.

Thanks for any help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vladrac-ccna
Level 5
Level 5

‎03-20-2006 04:51 PM

the DHCP client begins broadcasting requests for configuration information. By default, these requests are on UDP port 68.

The server replies on UDP 67

So, actually the configuration for the ACL depends on the direction you are applying it.

Just dont forget about the client broadcasting on port 68 to get to the dhcp server.

HTH

Vlad

View solution in original post

0 Helpful
4 Replies 4

Go to solution
krishna.vv
Level 1
Level 1

‎03-19-2006 11:17 AM

HI, Although you have enabled the UDP on port eq 67, you are denying any IP traffic on the ethernet interface. SO although you are letting the router aquire the IP address, all IP traffic is getting denyed. Hence your router shall not respond to any IP traffic. I am sure, you see the drops on your debug.

Please apply access-list 151 permit ip any any. And it should start working.

HTH.

0 Helpful

Go to solution
vladrac-ccna
Level 5
Level 5

‎03-20-2006 04:51 PM

the DHCP client begins broadcasting requests for configuration information. By default, these requests are on UDP port 68.

The server replies on UDP 67

So, actually the configuration for the ACL depends on the direction you are applying it.

Just dont forget about the client broadcasting on port 68 to get to the dhcp server.

HTH

Vlad

0 Helpful

Go to solution
offlinetn
Level 1
Level 1
In response to vladrac-ccna

‎03-20-2006 08:04 PM

access-list 151 permit udp any any eq 67 log

Ok, this is the only thing I need in the access list since its the inbound access list on the Dialer interface, I am allowing all outbound traffic. Is there a specific command to make sure that the Dialer interface can broadcast UDP packets out of port 68?

Thanks a million for your help/

0 Helpful

Go to solution
vladrac-ccna
Level 5
Level 5
In response to offlinetn

‎03-21-2006 01:27 PM

What kind of connection do you have?

I guess this would depend on the dialer-list you have set.

I think you need it in order to make the calls , right?

I'm not very familiared with dialer stuff configuration, but could you give us more information about the topology/configs that you have?

Vlad

0 Helpful
Customers Also Viewed These Support Documents