Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Simple Access-List question on DHCP

My 831 router aquires its address from comast via DHCP. I have applied an access list to the ethernet port it resides on. I am trying to figure out what I need to put in the access-list to allow comcasts DHCP server to contact my ethernet port.

I have used the following...

access-list 151 permit udp any any eq 67 log

access-list 151 permit udp any host 255.255.255.255 eq 67 log

access-list 151 deny ip any any log

They don't seem to work.

Thanks for any help!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Simple Access-List question on DHCP

the DHCP client begins broadcasting requests for configuration information. By default, these requests are on UDP port 68.

The server replies on UDP 67

So, actually the configuration for the ACL depends on the direction you are applying it.

Just dont forget about the client broadcasting on port 68 to get to the dhcp server.

HTH

Vlad

4 REPLIES
New Member

Re: Simple Access-List question on DHCP

HI, Although you have enabled the UDP on port eq 67, you are denying any IP traffic on the ethernet interface. SO although you are letting the router aquire the IP address, all IP traffic is getting denyed. Hence your router shall not respond to any IP traffic. I am sure, you see the drops on your debug.

Please apply access-list 151 permit ip any any. And it should start working.

HTH.

Re: Simple Access-List question on DHCP

the DHCP client begins broadcasting requests for configuration information. By default, these requests are on UDP port 68.

The server replies on UDP 67

So, actually the configuration for the ACL depends on the direction you are applying it.

Just dont forget about the client broadcasting on port 68 to get to the dhcp server.

HTH

Vlad

New Member

Re: Simple Access-List question on DHCP

access-list 151 permit udp any any eq 67 log

Ok, this is the only thing I need in the access list since its the inbound access list on the Dialer interface, I am allowing all outbound traffic. Is there a specific command to make sure that the Dialer interface can broadcast UDP packets out of port 68?

Thanks a million for your help/

Re: Simple Access-List question on DHCP

What kind of connection do you have?

I guess this would depend on the dialer-list you have set.

I think you need it in order to make the calls , right?

I'm not very familiared with dialer stuff configuration, but could you give us more information about the topology/configs that you have?

Vlad

130
Views
0
Helpful
4
Replies
CreatePlease login to create content