ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 2920 with dhcp-server enabled, issue with ACL and DHCP

cgrz_temple
Occasional Contributor

HP 2920 with dhcp-server enabled, issue with ACL and DHCP

So I deployed a 2920 stack at a client and  have two VLAN's pulling IP's from the 2920's dhcp pools. Once of those VLAN interfaces has an ACL to deny traffic to other VLAN's.

 I thought I setup the ACL correctly for the devices on that VLAN to pull IP's from the switch but it seems that it does not work.

 Can anyone tell me what I'm missing? ACL is below:

 ip access-list extended "Voice"
     10 permit udp 10.1.12.0 0.255.255.255 eq 68 10.1.12.1 0.0.0.0 eq 67
     20 permit icmp 10.1.12.0 0.255.255.255 0.0.0.0 255.255.255.255
     30 deny ip 10.1.12.0 0.255.255.255 192.168.11.0 0.0.0.255
     40 deny ip 10.1.12.0 0.255.255.255 10.1.4.0 0.255.255.255
     50 deny ip 10.1.12.0 0.255.255.255 10.1.8.0 0.255.255.255
     60 deny ip 10.1.12.0 0.255.255.255 10.1.16.0 0.255.255.255
     70 permit ip 10.1.12.0 0.255.255.255 0.0.0.0 255.255.255.255

1 REPLY
Michael Patmon
Trusted Contributor

Re: HP 2920 with dhcp-server enabled, issue with ACL and DHCP

Hello.  These are client DHCP discover packets you are trying to allow?  Those are not unicast, so your ACE #10 is not doing anything.  Try "permit udp any any eq 67" instead.

Wireshark is your friend when trying to debug ACL issues.