Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750

Discussion in 'Cisco' started by Vimokh, Sep 5, 2006.

  1. Vimokh

    Vimokh Guest

    Dear All;

    I have implemented ACL apply on SW 3750 and want to set DCHP Relay
    agent to forward to DCHP server that is different subnet. I have 2 VLAN
    .. DCHP is on VLAN1 and want VLAN 2 can get ip from DCHP server on VLAN
    1. So that I need to set up dchp relay agent on VLAN2 but my company
    have policy to apply ACL on VLAN 2 but it is not work to set up dchp
    relay agent. Anyone help me ,what about I need to do permitt rule on
    ACL to dchp relay agent work?

    Thanks and Regards;
    Vimokh
     
    Vimokh, Sep 5, 2006
    #1
    1. Advertisements

  2. Vimokh

    Merv Guest

    DHCP version 4 uses UDP with source IP address 0.0.0.0,destinaion
    address 255.255.255.255, source UDP port 68 and destination UDP port 67
    to send a DHCPDISCOVER request to the DHCP server.

    The DHCP server will then unicast a DHCP Offer packet back to the DHCP
    relay agent which will forward it to the DHCP client.

    The DHCP client will then sent a DHCP request to the Dhcp server
    indicating that it will use the offered IP address.

    The DHCP server will unicast a DHCP acknowledgement to the DHCP client.


    The access list smust be modified to permit the DHCP packets described.
     
    Merv, Sep 5, 2006
    #2
    1. Advertisements

  3. Also, clients renewing their lease unicast a DHCPREQUEST to the server
    that assigned them their lease. You need to account for this on an
    ingress ACL as well, i.e.

    !
    permit udp <src addr & mask> eq 68 host <dhcp server addr> eq 67
    !
     
    Martin Gallagher, Sep 5, 2006
    #3
  4. Vimokh

    Vimokh Guest

    Thank you all for your information.

    Vimokh
    Martin Gallagher เขียน:
     
    Vimokh, Sep 6, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.