RE: DHCP is not working 3560G

From: David Prall (dcp@dcptech.com)
Date: Thu Aug 28 2008 - 12:35:12 ART

• Next message: Shahid Ansari: "Re: BPDU Filter on the interface vs. global"
• Previous message: Jack Tsai: "Re: DHCP is not working 3560G"
• Next in thread: Huan Pham: "RE: DHCP is not working 3560G"
• Maybe reply: Huan Pham: "RE: DHCP is not working 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

permit udp any eq bootpc any eq bootps

--
http://dcp.dcptech.com
  
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On 
> Behalf Of Jack Tsai
> Sent: Thursday, August 28, 2008 11:14 AM
> To: omar parihuana
> Cc: Cisco certification
> Subject: Re: DHCP is not working 3560G
> 
> What about using "out" instead of "in" on the interface Vlan30?
> 
> Jack
> 
> omar parihuana wrote:
> > Hi Group,
> >
> > I've configured a Switch 3560G with 3 SVIs in order to VLAN Routing:
> >
> > !
> > interface Vlan10
> >  description VLAN 10
> >  ip address 10.53.0.253 255.255.255.0
> > !
> > interface Vlan20
> >  description VLAN 20
> >  ip address 10.53.5.1 255.255.255.0
> > !
> > interface Vlan30
> >  description VLAN  30
> >  ip address 10.53.8.1 255.255.255.0
> > !
> > ip route 0.0.0.0 0.0.0.0 10.53.0.1
> > !
> >
> > After I've configured a DHCP Pool in order to assign IP 
> address only to VLAN
> > 30, the conf is:
> >
> > !
> > !
> > ip dhcp excluded-address 10.53.8.1 10.53.8.199
> > ip dhcp pool DCHP
> >    network 10.53.8.0 255.255.255.0
> >    default-router 10.53.8.1
> >    dns-server 200.41.96.24 200.41.96.26
> > !
> >
> > After that host in vlan 30 are assigned an IP Address 
> correctly and the
> > intervlan routing working fine, but as I need that VLAN 30 
> only reach to
> > external networks (Internet) and not to other networks 
> (VLAN 10 and VLAN20)
> > I've created an Access-list
> > !
> > ip access-list extended BLOCKING-VLAN
> >  permit ip 10.53.8.0 0.0.0.255 host 10.53.0.1
> >  deny   ip 10.53.8.0 0.0.0.255 10.53.0.0 0.0.0.255 log
> >  deny   ip 10.53.8.0 0.0.0.255 10.53.5.0 0.0.0.255 log
> >  permit ip 10.53.8.0 0.0.0.255 any
> > !
> >
> > !
> > interface Vlan30
> >  description VLAN 30
> >  ip address 10.53.8.1 255.255.255.0
> >  ip access-group BLOCKING-VLAN in
> > !
> >
> > The first sentence in ACL is necessary to reach the default 
> gateway in
> > VLAN10 (see default route above). Apparently all is working 
> well the host in
> > VLAN 30 don't reach to Servers in VLAN 10 and VLAN20, but 
> DHCP IS NOT
> > WORKING! no assign IP address to hosts. After of check the 
> debugs, I noticed
> > that when the access-list is applied to Int VLAN30 the 
> Switch is not aware
> > about DHCP request. DHCPD: DHCPDISCOVER is never received 
> by Switch. But
> > when I removed the access-list then DHCP working well, then 
> how should I
> > configure the access-list in order to allow DHCP in VLAN30 
> and the hosts in
> > VLAN30 don't communicate the others VLANs? or maybe change the DHCP
> > Configuration but how?
> >
> > Rgds.
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> ______________________________________________________________
> _________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

• Next message: Shahid Ansari: "Re: BPDU Filter on the interface vs. global"
• Previous message: Jack Tsai: "Re: DHCP is not working 3560G"
• Next in thread: Huan Pham: "RE: DHCP is not working 3560G"
• Maybe reply: Huan Pham: "RE: DHCP is not working 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART