DHCP Address to 871W Public Interface - ACL Help

Discussion in 'Cisco' started by tom, May 8, 2006.

  1. tom

    tom Guest

    I have a Cisco 871W, and I need help correctly creating an ACL that
    will allow for the public-facing interface (fa4) to receive an IP from
    my ISP.

    With no ACL, I get an IP address with no issue. With an ACL that
    actually does something (allowing some web and TS traffic), I will not
    get a DHCP address (the implicit deny at the end).

    I have tried permitting all traffic from the DHCP server (it uses a
    private IP of 172.19.97.40), but still no DHCP. I tried permitting all
    traffic from any source to ports 546 and 547, but again with no
    success.

    I can end my ACL with a permit all UDP, and I get an IP address via
    DHCP, but of course I don't want to allow this.

    My guess is that the second part of the DHCP process, where the DHCP
    server sends the client an IP address but still using the broadcast
    address, it where the problem is. I am not sure how to work around
    this.

    Thanks for your help.

    -tom
    tom, May 8, 2006
    #1
    1. Advertising

  2. tom

    tom Guest

    Figured it out -

    For what it's worth, here's what I did. Rather than rely on the
    implicit deny at the end of the ACL, I created a "deny udp any any log"
    rule, and then looked to see what was being blocked. This is how I
    found out the IP of the router in the depths of my ISP that was
    forwarding the DHCP packets (totally forgot that since the DHCP packet
    was going to be sent to 255.255.255.255, that it would have to be
    forwarded by a router there). I permitted incoming from that router to
    255.255.255.255, and all is well.

    -tom
    tom, May 8, 2006
    #2
    1. Advertising

  3. tom

    Guest

    tom wrote:
    > Figured it out -

    I permitted incoming from that router to
    > 255.255.255.255, and all is well.
    >
    > -tom


    Good job, tom. The last thing you would think that Cisco would do is
    block outside broadcasts when you have set up a PPPOE connection.

    I'm actually still having problems, but some of it could be Sprint's
    latency around here, and the fact that I have a DSL modem circa 1845
    (they're shipping a new one).

    I've blown away all of the settings for incoming and outgoing and still
    can't get a DHCP on that external dialer0 interface. I have a CCIE
    sitting next to me that is mystified as well.

    Silly Cisco... GUI is for kids!

    Can you post your successful running config for me?

    Much thanks,
    Alan
    , Jun 2, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page