cisco acl to block dhcp server to hand out ip address to another network
Posted on 2014-11-05
i have two networks connected through a routerA. The dhcp server is located in the 10.100.1.0/24 network. I don't want the dhcp server (10.100.1.2) to provide addresses to the 192.168.0.0/24 network.
i create an extended access-list in routerA:
ip access-list extended DenyDhcpOut
deny udp 192.168.0.0 0.0.0.255 10.100.1.0 0.0.0.255 eq bootps
deny udp 192.168.0.0 0.0.0.255 10.100.1.0 0.0.0.255 eq bootpc
permit ip any any
on the interface:
ip addRESS 192.168.0.0 255.255.255.0
ip access-group DenyDhcpOut in
However, this is not doing anything. DHCP continues to hand out ip addresses to the 192.168.0.0/24 network. Please help. I tried different combinations but none work.