03-24-2009 05:51 AM - edited 03-04-2019 04:03 AM
Dear all,
I am having 3550 switch with vlan3 and vlan5.In vlan3 I have a dhcp server which gives ip add to all the pc's in vlan3 and vlan 5 using ip helper address in vlan5.every thing is working fine. Now I want to block icmp in vlan 5.I tried using access list, it was blocked but my DHCP is not working.
Ip accesslist extened 101
Deny icmp any any
Permit ip any 172.16.5.2(dhcp ip)
Please help me .I want to block icmp in vlan5 and dhcp should also workâ¦
03-24-2009 05:59 AM
Where have you applied the acl and in what direction. Try this -
access-list 101 deny icmp any any
access-list 101 permit ip any any
int vlan 5
ip access-group 101 in
Jon
03-24-2009 12:48 PM
satya
Your access list is attempting to block ICMP and to permit DHCP. But the problem in your access list is that the DHCP request does not come in addressed to the DHCP server but comes in with the destination being the broadcast address.
So Jon's suggestion of permit ip any any would fix the problem or you could permit host 255.255.255.255 and that should also work. (I suspect that if you did the access in the way that you originally tried with deny ICMP and permit DHCP, that you would find that other traffic that you really want to work would be blocked - so I believe that the suggestion from Jon is the way that you should implement it).
HTH
Rick
03-25-2009 10:48 PM
thanks jon..i will try this....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: