Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
5
Replies

ACL issue on router

Go to solution
junaid haroon
Level 1
Level 1

‎01-23-2014 04:23 AM - edited ‎03-04-2019 10:09 PM

Hi,

I have a router 2600 in my branch.Today i configured the ACL on its internal interface that users cannot acccess internet.After configuring the ACL users cannot getting the IP address from DHCP which is configured on router.Below is my ACL.

Please tell me how i configured the ACL correctly the DHCP issue can be resolved.

ip access-list extended INSIDE-IN

permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.50.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.90.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

deny ip any any

!

int fa 0/1

description inside interface

ip access-group INSIDE-IN in

!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to junaid haroon

‎01-23-2014 04:51 AM

Yes, once they get an address, they should be able to get everywhere with the "permit IP" statement.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
5 Replies 5

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎01-23-2014 04:30 AM

You need to allow dhcp requests in through the acl. You could try something like "permit udp any eq bootpc any eq bootps" at the top of the acl.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
junaid haroon
Level 1
Level 1
In response to John Blakley

‎01-23-2014 04:36 AM

Hi John.

Thanks for help

Can you please explain why this acl is Denying DHCP.And one other thing is that I implement the IP acl in such acl all UPD.TCP and ICMP shuld allow

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to junaid haroon

‎01-23-2014 04:42 AM

A dhcp broadcast/request doesn't have an ip address yet, so the source address is 0.0.0.0 and, since it's a broadcast, a destination address of 255.255.255.255. So, the source of 0.0.0.0 doesn't match any of your permit statements until it receives an address in the range of IPs that you are permitting through your acl.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
junaid haroon
Level 1
Level 1
In response to John Blakley

‎01-23-2014 04:48 AM

John,

Great i got it.

Please one last thing i wana ask from you the I told earlier in IP ACL all TCP,UDP and ICMP are allowed??am i right or not.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to junaid haroon

‎01-23-2014 04:51 AM

Yes, once they get an address, they should be able to get everywhere with the "permit IP" statement.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card