Link to home
Start Free TrialLog in
Avatar of ok-disaster
ok-disaster

asked on

2 Networks with Cisco 836: DHCP problem

Hi,

I have 2 networks connected on my C836 configured with

interface Ethernet0
 ip address 10.140.0.1 255.255.255.0 secondary
 ip address 10.139.0.1 255.255.255.0

They both want to share one DSL connection, but they aren't
allowed to see each other. So I set an access-list:

access-list 101 deny   ip 10.139.0.0 0.0.0.255 10.140.0.0 0.0.0.255
access-list 101 deny   ip 10.140.0.0 0.0.0.255 10.139.0.0 0.0.0.255
access-list 101 permit ip any any

and:
interface Ethernet0
 ip access-group 101 in
 ip access-group 101 out

All works fine, but now they both are using DHCP with source
of course 0.0.0.0 and dest 255.255.255.255. Now I've added:

access-list 101 deny   udp any any eq bootpc
access-list 101 deny   udp any any eq bootps
access-list 101 deny   udp any eq bootpc any
access-list 101 deny   udp any eq bootps any

That also doesn't work. Now I've added the access-lists to the FastEthernet
switch ports (available with 12.3.? release).
With "show ip access-lists" I don't see any matches for FastEthernet, only
Ethernet. I also see dropped packets for DHCP, but the clients vom network
139 gets IP's from 140 DHCP server.
I'm searching for a method, like with Catalysts to block broadcasts on
switchports but can't find anything.
IOS is 12.3.11T.

Any ideas ?

Thx
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ok-disaster
ok-disaster

ASKER

Already found that feature at cisco.com but I'm using 12.3.11T. I'll change the IOS to XR and try it.
Thx