1.
This stops the Client PC from getting an IP.
ip access-list extended jedi
deny udp any any range bootps bootpc
permit ip any any
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip access-group jedi in
(same ACL applied outgoing has no impact)
2.
This also blocks DHCP
deny udp any any eq bootps
Note :
67 = bootps DHCP Server
68 = bootpc DHCP Client
both are UDP
3.
This also Blocks
deny udp host 0.0.0.0 any eq 67
(source IP of client is 0.0.0.0)
4.
This allows DHCP
deny udp host 0.0.0.0 any eq 68
(even if ACL applied outgoing or incoming both ways still works)
5.
This still works with ACL applied out going
deny udp any any range 67 68
Debug IP Packet:
Debug IP Packet:
Router#debug ip packet
Packet debugging is on
Router#debug ip
IP: s=192.168.1.11 (GigabitEthernet0/1), d=255.255.255.255 len 62, rcvd 2
IP: s=0.0.0.0 (GigabitEthernet0/1), d=255.255.255.255 len 77, rcvd 2
IP: tableid=0, s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), routed via RIB
IP: s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), len 128, sending
IP: s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), len 128, encapsulation failed
IP: tableid=0, s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), routed via RIB
IP: s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), len 128, sending
IP: s=192.168.1.1 (local), d=192.168.1.11 (GigabitEthernet0/1), len 128, encapsulation failed
IP: s=192.168.1.1 (local), d=255.255.255.255 (GigabitEthernet0/1), len 81, sending broad/multicast
IP: s=0.0.0.0 (GigabitEthernet0/1), d=255.255.255.255 len 77, rcvd 2
IP: s=192.168.1.1 (local), d=255.255.255.255 (GigabitEthernet0/1), len 81, sending broad/multicast
IP: s=0.0.0.0 (GigabitEthernet0/1), d=255.255.255.255 len 77, rcvd 2
IP: s=192.168.1.1 (local), d=255.255.255.255 (GigabitEthernet0/1), len 81, sending broad/multicast
No comments:
Post a Comment