This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Correct rule to allow DHCP in ACL for a VLAN

Correct rule to allow DHCP in ACL for a VLAN

Ilya_Semenov
Contributor

‎12-06-2016 12:01 PM

Hello, everybody!

I need to allow DHCP traffic for a certain VLAN in ACL. Is my rule correct?

entry DHCP { if {

protocol udp ;

destination-port 67,68 ;

} then {

permit ;

}

}

Should it be applied to VLAN as "ingress"?

Could you please, check it? Thank you!!!

0 Kudos
13 REPLIES 13

Ilya_Semenov
Contributor
In response to Ilya_Semenov

‎12-06-2016 12:31 PM

But Eric wrote: "That rule would allow IP broadcast traffic only." Who is right?
0 Kudos

Erik_Auerswald
Contributor II
In response to Ilya_Semenov

‎12-06-2016 12:31 PM

That would allow all global IP broadcast packets, not just DHCP.
0 Kudos

Henrique
Extreme Employee

‎12-06-2016 12:22 PM

Hi, just change the comma to dash for destination-port match-condition.

entry DHCP {
if {
protocol udp ;
destination-port 67-68 ;
} then {
permit ;
}
}

After creating the .pol file you can use the "check policy " to check the syntax. Lets say your filename is "rule1.pol". You should use the command below to check the syntax:

check policy rule1

Please take a look into the article below for more details:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
0 Kudos

Kawawa
Extreme Employee

‎12-06-2016 12:11 PM

Looks good, should work just fine, you can apply it on the Ingress port if it is an Uplink, otherwise, YES you can apply it on the VLAN in the Ingress direction.. You might want to add a count to it for troubleshooting purposes.
0 Kudos
GTM-P2G8KFN