DHCP & ACL

TASK

TASK

同僚が困っている様子で、R1でアドレスが取得できないと相談しにきました。

DIAGRAM

CONFIG

hostname R1
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address dhcp
 no shutdown
!
end

hostname R2
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.2.2 255.255.255.0
 ip access-group DHCP-IN in
 ip helper-address 10.0.0.3
 no shutdown
!
interface FastEthernet0/1
 ip address 10.2.3.2 255.255.255.0
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.2.3.3
!
ip access-list extended DHCP-IN
 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
 deny   ip any any
!
end

hostname R3
!
ip dhcp excluded-address 10.1.2.2
!
ip dhcp pool POOL-R1
 network 10.1.2.0 255.255.255.0
 default-router 10.1.2.2
!
no ip domain lookup
ip cef
no ipv6 cef
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.2.3.3 255.255.255.0
 ip access-group DHCP-IN in
 no shutdown
!
interface FastEthernet0/1
 no ip address
 shutdown
!
ip route 10.1.2.0 255.255.255.0 10.2.3.2
!
ip access-list extended DHCP-IN
 permit udp host 10.1.2.2 eq bootpc host 10.0.0.3 eq bootps
 deny   ip any any
!
end

VERIFY

DHCP リレーをすると送信元ポート番号は67だったのか
上段はR1-R2、下段はR2-R3