Re: Guest Network - DHCP

AP7 · ‎07-08-2020

Our Network has 3 Vlans.

Vlan 1 - Corp Wired 10.1.0.0/19

Vlan 101 - Corp Wirless 10.101.0.0/19

Vlan 32 - Guest Wireless 192.168.1.0/19

Our DHCP server (VM) sits on Vlan 1. Our edge router (5406 or 5412) has IP routing enabled so inter vlan communication is enabled.

I would like to secure Vlan 32 from access to all Corp Vlans. I assume the best method is adding and ACL However Vlan 32 needs to obtain DHCP which sits on our DC and is on Vlan 1 Adding another DHCP server is out of the question. Vlan 32 just needs access to the internet.

I am not sure what is the best practice so Vlan 32 can obtain DHCP once the ACL is in place.

Thoughts?

AP7 · ‎07-15-2020

In reply to my own question I added the following ACL which does get an IP from the DHCP server 10.1.3.200 however I can not get internet access. (the Guest network is 10.101.32/19) not the 192 address I listed above.

I have applied this ACL to the Vlan as vlan-in and in to no avail.

ip access-list extended "105"
10 permit udp 10.101.32.0 0.0.31.255 10.1.3.200 0.0.0.0 eq 67
20 permit udp 10.101.32.0 0.0.31.255 10.1.3.200 0.0.0.0 eq 68
30 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 53
40 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 80
50 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 443

show statistics aclv4 105 vlan 32 in

10 permit udp 10.101.32.0 0.0.31.255 10.1.3.200 0.0.0.0 eq 67
20 permit udp 10.101.32.0 0.0.31.255 10.1.3.200 0.0.0.0 eq 68
30 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 53
40 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 80
(22 hits) 50 permit tcp 10.101.32.0 0.0.31.255 0.0.0.0 eq 443

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Guest Network - DHCP

Guest Network - DHCP

Re: Guest Network - DHCP