Re: Guest VLAN, IDM, DNS

doubleH · ‎08-07-2008

i did initially try this way (deny), but could never get a dhcp address and was told to do it the allow way. i like the deny way for the reasons you stated above. here is the RACL that won't allow a DHCP address to the client...

show access-list radius d21

Radius-configured Port-based ACL for
Port D21, Client -- 0017A4D76B45

permit in udp from any to 0.0.0.0/0 53 cnt
Packet Hit Counter : 6
permit in tcp from any to 0.0.0.0/0 53 cnt
Packet Hit Counter : 0
permit in tcp from any to 0.0.0.0/0 67, 68 cnt
Packet Hit Counter : 0
permit in tcp from any to 0.0.0.0/0 80 cnt
Packet Hit Counter : 0
deny in ip from any to 0.0.0.0/0 cnt
Packet Hit Counter : 13

Jarret Workman · ‎08-07-2008

Hi doubleH,

A packet capture might tell us for sure, but I was thinking the DHCP ports 67 and 68 were UDP. It looks like you have the permit statement for ports 67 and 68 set for TCP, so it might do the trick just changing the permit statement to look for UDP.

doubleH · ‎08-07-2008

you were right on the $$$. so it looks as though internet, dhcp, dns are all working. here is the RACL...

show access-list radius d21

Radius-configured Port-based ACL for
Port D21, Client -- 0017A4D76B45

permit in udp from any to 0.0.0.0/0 67, 68 cnt
Packet Hit Counter : 4
permit in ip from any to 192.168.78.0/24 cnt
Packet Hit Counter : 21
permit in udp from any to 0.0.0.0/0 53 cnt
Packet Hit Counter : 27
permit in tcp from any to 0.0.0.0/0 80 cnt
Packet Hit Counter : 1545
deny in ip from any to 0.0.0.0/0 cnt
Packet Hit Counter : 74

THANK YOU VERY MUCH FOR YOUR HELP! this was a great learning experience for me and one that I can build from.

Jarret Workman · ‎08-07-2008

Good deal. I'm glad it was a good experience and that the assistance was useful.

Regards,

Jarret

doubleH · ‎08-07-2008

h

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Guest VLAN, IDM, DNS