Re: Cisco 1720 Router, how do I block ports on this?

danielrhee · ‎01-19-2006

We have a Cisco 1720 connected to a T1 between two of our offices (point-to-point) for file sharing and all that good stuff.

The problem is that we both use the same range/class of IP addresses so Location #1 is running a DHCP server and Location #2 is configured statically for 25 hosts. We want to be able to run DHCP server in both locations without the network accidently picking up leases from the wrong location.

The easiest way I can think of is by blocking the DHCP ports (67/68) on the router so it won't go over the T1.

Anyone know how to do this on the Cisco 1720 router? I have no idea on how to work the internals b/c it doesn't seem to have a web-based administration.

srue · ‎01-19-2006

your router should not pass dhcp requests from one network to the other w/o the 'ip helper-address' command. dhcp is a broadcast technology, routers do not forward broadcasts by default.

danielrhee · ‎01-19-2006

It is because we have Network Bridging enabled on the the Point-to-Point, so that both networks appear as one. Which is what the original problem was in having us block the DHCP ports on the Cisco router.

pkhatri · ‎01-19-2006

Hi Daniel,

When you run bridging between interfaces, you cannot apply layer 3 (or, in your case layer 4) access-lists to filter out traffic, since the router switches based on the MAC addresses and does not look beyond that.

You can, however, filter based on the MAC address, but this will filter all traffic to/from the server. If that is what you want, let us know ...

Hope that helps - pls rate the post if it does.

Regards,

Paresh

srue · ‎01-19-2006

why not just use one dhcp server? or, put a dhcp server in each location, w/ different ranges of addresses (but still in the same subnet).

Is there a reason your point-to-point is configured in bridging mode?