2 Networks on C836: DHCP problem

Discussion in 'Cisco' started by Michael Muenz, Nov 9, 2004.

  1. Hi,

    I have 2 networks connected on my C836 configured with

    interface Ethernet0
    ip address 10.140.0.0 255.255.255.0 secondary
    ip address 10.139.0.0 255.255.255.0

    They both want to share one DSL connection, but they aren't
    allowed to see each other. So I set an access-list:

    access-list 101 deny ip 10.139.0.0 0.0.0.255 10.140.0.0 0.0.0.255
    access-list 101 deny ip 10.140.0.0 0.0.0.255 10.139.0.0 0.0.0.255
    access-list 101 permit ip any any

    and:
    interface Ethernet0
    ip access-group 101 in
    ip access-group 101 out

    All works fine, but now they both are using DHCP with source
    of course 0.0.0.0 and dest 255.255.255.255. Now I've added:

    access-list 101 deny udp any any eq bootpc
    access-list 101 deny udp any any eq bootps
    access-list 101 deny udp any eq bootpc any
    access-list 101 deny udp any eq bootps any

    That also doesn't work. Now I've added the access-lists to the FastEthernet
    switch ports (available with 12.3.? release).
    With "show ip access-lists" I don't see any matches for FastEthernet, only
    Ethernet. I also see dropped packets for DHCP, but the clients vom network
    139 gets IP's from 140 DHCP server.
    I'm searching for a method, like with Catalysts to block broadcasts on
    switchports but can't find anything.
    IOS is 12.3.11T.

    Any ideas ?

    Thx

    - Michael
     
    Michael Muenz, Nov 9, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.