HP 2920 with dhcp-server enabled, issue with ACL and DHCP

cgrz_temple · ‎03-20-2017

So I deployed a 2920 stack at a client and have two VLAN's pulling IP's from the 2920's dhcp pools. Once of those VLAN interfaces has an ACL to deny traffic to other VLAN's.

I thought I setup the ACL correctly for the devices on that VLAN to pull IP's from the switch but it seems that it does not work.

Can anyone tell me what I'm missing? ACL is below:

ip access-list extended "Voice"
     10 permit udp 10.1.12.0 0.255.255.255 eq 68 10.1.12.1 0.0.0.0 eq 67
     20 permit icmp 10.1.12.0 0.255.255.255 0.0.0.0 255.255.255.255
     30 deny ip 10.1.12.0 0.255.255.255 192.168.11.0 0.0.0.255
     40 deny ip 10.1.12.0 0.255.255.255 10.1.4.0 0.255.255.255
     50 deny ip 10.1.12.0 0.255.255.255 10.1.8.0 0.255.255.255
     60 deny ip 10.1.12.0 0.255.255.255 10.1.16.0 0.255.255.255
     70 permit ip 10.1.12.0 0.255.255.255 0.0.0.0 255.255.255.255

Michael Patmon · ‎03-23-2017

Hello. These are client DHCP discover packets you are trying to allow? Those are not unicast, so your ACE #10 is not doing anything. Try "permit udp any any eq 67" instead.

Wireshark is your friend when trying to debug ACL issues.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP 2920 with dhcp-server enabled, issue with ACL and DHCP

HP 2920 with dhcp-server enabled, issue with ACL and DHCP

Re: HP 2920 with dhcp-server enabled, issue with ACL and DHCP