02-17-2009 09:38 PM - edited 03-06-2019 04:05 AM
I have a router with 2 FE interfaces :
(1) interface FastEthernet0/0
=> ip address 137.55.70.1 255.255.255.0
=> duplex auto
=> speed auto
Note : This interface/subnet i hv a DHCP server connected as 137.55.70.2.
(2) interface FastEthernet0/1
=> ip address 137.55.71.1 255.255.255.0
=> ip helper-address 137.55.70.2
=> duplex auto
=> speed auto
Scenario (1) - OK
-------------------------
(1) I hv defined ACLs as followed :
=>access-list 101 permit ip 137.55.71.0 0.0.0.255 host 137.55.70.2
=>access-list 104 permit udp 137.55.71.0 0.0.0.255 host 137.55.70.2 eq bootpc
=>access-list 104 permit udp 137.55.71.0 0.0.0.255 host 137.55.70.2 eq bootps
(2) Applied to F0/0 :
=>ip access-group 104 out
Result : Clients connected to F0/1 subnet get DHCP IP addresses.
Scenario (2) - Not OK
--------------------------------
(1) Use the same ACL applied to F0/1 :
=> ip access-group 104 in
(2) And added the following line in the global configuration mode :
=>ip forward-protocol udp
(3) Remove 104 and applied 101 to F0/1 :
=> ip access-group 101 in
Result : Clients connected to F0/1 subnet CANNOT get DHCP IP addresses.
P/S : It is not as simple as i thought. Appreciate if anyone can help. Thank you very much.
Solved! Go to Solution.