Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP disabled after implementing ACL need to know how to restrict vlan 1

Status
Not open for further replies.
natenate

natenate

IS-IT--Management
Joined
Jan 16, 2004
Messages
3
Location
US
Need to know how to restrict vlans, but enable DHCP.

Currently my office has a 6513 as the Core switch and all other switches are 3550s. I have successfully configured the core to hand out DHCP addresses to the users on all of our Vlans. We need a Vlan for internet access only so I have an ACL as follows:

permit tcp x.x.x.x 0.0.0.255 host x.x.x.x eq 8080
permit udp any any eq 67

the first permit is used to only connect to the proxy server and the second is used for the bootps (server) protocol needed for dhcp, but still no dhcp once the inbound access list is applied to the vlan.

Do I need to enable other udp ports besides port 67 in order to enable DHCP?

Can someone help me out finding a solution to our internet-only vlan?
 
Sort by date Sort by votes
The DHCP server has to come back, try adding port 68

 
Upvote 0 Downvote
yep, I tried that too.
 
Upvote 0 Downvote
go to the gateway router towards the DHCP server and use interface XX
Ip Helper-address <dhcp ip addres>

router wont' forward broadcasts, the IP Helper address converts broadcasts received on it to IP-directed Broadcast, this packet will then be routed to the ip address assigned as the helper

If you are using more than one DHCP server, and have an implicit server subnet, you can point the helper address to the subnets broadcast address (i.e. 10.0.0.255) and all DHCP servers will hear the request, all will offer, client will accept the first received.

The source address of the packet sent to the helper addres will be used to determine which address pool to pull the IP from so it matches the subnet it resides on.


 
Upvote 0 Downvote
Ok, bear with me, I just want to be clear.
Would I get into the core switch and go to the interface vlan and add ip-helper address <dhcp address>
Like this:
Core#conf t
Core(conf-t)#interface vlan 53
Core(config-if)#ip helper-address 10.2.1.1

I am confused as to what ip address to enter in and to what interface to add it to.

I am not using more than one DHCP server, just the core switch. The core’s ip address is 10.2.1.1 and vlan 53’s ip address are 10.2.53.1 – 10.2.53.255

Thanks again
 
Upvote 0 Downvote
Yes.

Core#conf t
Core(config)#interface vlan 53
Core(config-if)#ip helper-address 10.2.1.1



 
Upvote 0 Downvote
Whatever subnet that is not on the same subnet as the dhcp server will need helper addresses added to them pointing to the address of the dhcp on each subnet (vlan) interfaCE.
 
Upvote 0 Downvote
Verify with cisco that your IOS version has DHCP support for unnumbered interfaces.

Just noticed that there are some that are not.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
390
badwolf1686
B
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
777
madwok
madwok
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
543
CPM86
CPM86
Luzbel
  • Locked
  • Question Question
Connecting HVAC controller to network
Replies
0
Views
564
Luzbel
Luzbel
PThomp3344
  • Locked
  • Question Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
668
nt8d09
nt8d09

Part and Inventory Search

Sponsor

Back
Top