2 Networks on C836: DHCP problem

Discussion in 'Cisco' started by Michael Muenz, Nov 9, 2004.

  1. Hi,

    I have 2 networks connected on my C836 configured with

    interface Ethernet0
    ip address secondary
    ip address

    They both want to share one DSL connection, but they aren't
    allowed to see each other. So I set an access-list:

    access-list 101 deny ip
    access-list 101 deny ip
    access-list 101 permit ip any any

    interface Ethernet0
    ip access-group 101 in
    ip access-group 101 out

    All works fine, but now they both are using DHCP with source
    of course and dest Now I've added:

    access-list 101 deny udp any any eq bootpc
    access-list 101 deny udp any any eq bootps
    access-list 101 deny udp any eq bootpc any
    access-list 101 deny udp any eq bootps any

    That also doesn't work. Now I've added the access-lists to the FastEthernet
    switch ports (available with 12.3.? release).
    With "show ip access-lists" I don't see any matches for FastEthernet, only
    Ethernet. I also see dropped packets for DHCP, but the clients vom network
    139 gets IP's from 140 DHCP server.
    I'm searching for a method, like with Catalysts to block broadcasts on
    switchports but can't find anything.
    IOS is 12.3.11T.

    Any ideas ?


    - Michael
    Michael Muenz, Nov 9, 2004
