Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problem with acl on controller

HI all,

we have one interface configured with a ACL and when we add a new line to it the clients don´t get an IP.

At the moment we don´t need to add a new line to the ACL, but recently we had to add some new lines like line 16 (ICMP).

After adding this new line we noticed the problem regarding the DHCP Problem on the clients.

But because we maybe have to add some new lines in the foresesable future to this ACL, we need to know how to handle this IP Problem.

Below I send you the results of the both commands:

"(Cisco Controller) >show acl summary

ACL Counter Status                       Enabled

-----------------------------------------------------------------

ACL Name                                         Applied

-----------------------------------------------------------------

meet2go                                          Yes

(Cisco Controller) >show acl detailed meet2go

                       Source                                             Destination                              Source Port                  Dest Port                                 Counter

Index  Dir     IP Address/Netmask                         IP Address/Netmask                Port            Range               Range            DSCP  Action      Counter

------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- ---------------  ----------------  --------------------------  ------------ -----------  -----------     1  In             0.0.0.0/0.0.0.0                                0.0.0.0/0.0.0.0                            6        0-65535           443-443            Any Permit             4475

   

2 Out                0.0.0.0/0.0.0.0                                0.0.0.0/0.0.0.0                            6           443-443               0-65535          Any Permit              4083

     3  In                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            6             0-65535          2598-2598           Any Permit           0

     4 Out                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            6          2598-2598             0-65535          Any Permit           0

     5  In                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                           17             0-65535            53-53                Any Permit                2215

     6 Out                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                           17            53-53                0-65535          Any Permit                2200

     7  In                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            6             0-65535          1494-1494           Any Permit                 0

     8 Out                 0.0.0.0/0.0.0.0                                0.0.0.0/0.0.0.0                            6          1494-1494              0-65535          Any Permit                  0

     9 Out                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            6          3101-3101              0-65535          Any Permit                  0

    10  In                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            6             0-65535          3101-3101           Any Permit                  0

    11 Any                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                           17            67-68               67-68               Any Permit                  0

    12  In                0.0.0.0/0.0.0.0                             10.45.0.103/255.255.255.255            6             0-65535          8080-8080           Any Permit                2276

    13 Out             10.45.0.103/255.255.255.255           0.0.0.0/0.0.0.0                            6          8080-8080              0-65535            Any Permit                2437

    14  In                 0.0.0.0/0.0.0.0                               10.45.2.2/255.255.255.255            6             0-65535            80-80                  Any Permit                 122

    15 Out               10.45.2.2/255.255.255.255              0.0.0.0/0.0.0.0                            6            80-80               0-65535          Any Permit                 141

    16 Any                 0.0.0.0/0.0.0.0                                 0.0.0.0/0.0.0.0                            1             0-65535             0-65535          Any Permit                3898

    17 Out                 0.0.0.0/0.0.0.0                           193.109.81.33/255.255.255.255            6             0-65535            0-65535          Any Permit                 0        

    18  In           193.109.81.33/255.255.255.255     0.0.0.0/0.0.0.0                            6             0-65535             0-65535                     Any Permit                  0

    19 Out                 0.0.0.0/0.0.0.0                            93.186.25.33/255.255.255.255            6             0-65535             0-65535          Any Permit                  0

    20  In            93.186.25.33/255.255.255.255               0.0.0.0/0.0.0.0                            6             0-65535             0-65535          Any Permit                  0

Thank you in advance for your help

3 REPLIES

problem with acl on controller

Jozef:

I understand that adding line 16 causes your DHCP problem? is this what you mean? what is also the relation between ICMP and line 16? it permits any to any so how will it affect DHCP or any other thing? can you please clarify a bit more?

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

problem with acl on controller

line 16 on the Access List refers to allow ICMP Pakets on the whole network.

Line 16 does not cause the DHCP Problem. When we remove line 16 from the ACL the DHCP problem persists.

It doesen´t matter what changes we apply on the ACL. We have the DHCP Problem since from the start when we added the ACL.

When the ACL is removed, we don´t have any DHCP Problems.

Thank you

problem with acl on controller

Jozef:
I can't see what is preventing DHCP traffic from your list.

But you need to make sure your DHCP server is permitted on the list.

Try adding one by one lines to the ACL and monitor DHCP activity after adding each line until you find which line that is causing the DHCP problem. That line can be further investigated then.

Good luck.

Amjad

Rating useful replies is more useful than saying "Thank you"
289
Views
0
Helpful
3
Replies
CreatePlease to create content