clients from vlan do not get a dhcp lease?! (using access router 1721 and 4-port wic switch)

Hi,
I've a cisco 1700 router with 4port wic switch.
For 4port wic switch see:
http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet09186a00801c749d.html

The clients connected to the cisco 4port wic switch "should" get an ip
adress (lease) from the dhcp server,
which is also running on this same 1721 router.

The dhcp server works well as it is delivering to my private-lan) see config
below.
The private lan is connected via (buildin) fastethernet0 to a third-party
switch. No vlan is used on this segment! This segment uses the "ip dhcp pool
private-lan" see config below.

The client from wifi-lan do not get a lease ?

I can not see that something is blocked. So, what do you think might be the
problem?!

Here are the dhcp server settings:

no ip dhcp conflict logging
ip dhcp excluded-address 172.16.43.1 172.16.43.10
ip dhcp excluded-address 172.16.43.50 172.16.43.254
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool private-lan
network 172.16.43.0 255.255.255.0
default-router 172.16.43.1
netbios-node-type p-node
domain-name private.local
lease 3
ip dhcp pool wifi-lan
network 192.168.0.0 255.255.255.0
domain-name wifi.local
netbios-node-type p-node
default-router 192.168.0.1
lease 0 1

Here is the fastethernet port (binded to vlan20) where a client is
connected:

interface FastEthernet2
description wifi-lan-laptop
switchport access vlan 20
no ip address
no cdp enable
end


interface Vlan20
ip address 192.168.0.1 255.255.255.0
ip access-group 11 in
no ip proxy-arp
ip nat inside
end

Standard IP access list 11
10 permit 192.168.0.0, wildcard bits 0.0.0.255 (1032 matches)

May be you can give me hint and tell me what I can try?

In advance, many thanks!

 

On Thu, 10 Jun 2004 20:11:51 +0200, Tom wrote:

[Snip]

>
> Standard IP access list 11
> 10 permit 192.168.0.0, wildcard bits 0.0.0.255 (1032 matches)
>

DHCP clients use source address 0.0.0.0 in their broadcasts. After all,
they don't know what their address is. You need to allow them in the acl.

!
access-list 11 permit 0.0.0.0 0.0.0.0
!

Or something like that.

--
Rgds,
Martin

 

> access-list 11 permit 0.0.0.0 0.0.0.0
>
A more granular one could be:
access-list 111 permit udp any any eq bootps
Bye,
Tosh

 

Yep, thanks a lot, you were right!!

"Tosh" <> wrote in message
news:...
> > access-list 11 permit 0.0.0.0 0.0.0.0
> >
> A more granular one could be:
> access-list 111 permit udp any any eq bootps
> Bye,
> Tosh
>
>