Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

block icmp-permit dhcp

Dear all,

I am having 3550 switch with vlan3 and vlan5.In vlan3 I have a dhcp server which gives ip add to all the pc's in vlan3 and vlan 5 using ip helper address in vlan5.every thing is working fine. Now I want to block icmp in vlan 5.I tried using access list, it was blocked but my DHCP is not working.

Ip accesslist extened 101

Deny icmp any any

Permit ip any 172.16.5.2(dhcp ip)

Please help me .I want to block icmp in vlan5 and dhcp should also work…

3 REPLIES
Hall of Fame Super Blue

Re: block icmp-permit dhcp

Where have you applied the acl and in what direction. Try this -

access-list 101 deny icmp any any

access-list 101 permit ip any any

int vlan 5

ip access-group 101 in

Jon

Hall of Fame Super Silver

Re: block icmp-permit dhcp

satya

Your access list is attempting to block ICMP and to permit DHCP. But the problem in your access list is that the DHCP request does not come in addressed to the DHCP server but comes in with the destination being the broadcast address.

So Jon's suggestion of permit ip any any would fix the problem or you could permit host 255.255.255.255 and that should also work. (I suspect that if you did the access in the way that you originally tried with deny ICMP and permit DHCP, that you would find that other traffic that you really want to work would be blocked - so I believe that the suggestion from Jon is the way that you should implement it).

HTH

Rick

New Member

Re: block icmp-permit dhcp

thanks jon..i will try this....

258
Views
0
Helpful
3
Replies
CreatePlease to create content