- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Adtran Support Community
- :
- Discussion
- :
- ADTRAN Switch Engine (ASE)
- :
- ASE Discuss
- :
- Auto Created ACLs Blocking DHCP Traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Auto Created ACLs Blocking DHCP Traffic
I have a Netvanta 1560 (ASE) switch that appears to have auto-created two ACLs that completely block DHCP traffic. I tested that I can create a new ACL and delete it but I can't remove the auto-created ones. DHCP is provided by the local gateway so I need UDP traffic on DHCP ports 67 & 68 to be open so traffic can pass both directions through the switch. Any ideas how to remove the two DHCP ACLs or change them from 'deny' to 'permit'? I can't find a way to do anything with them in the documentation.
COL-SW-2362052# show access-list ace-status
User
----
S : static
IPSG: ipSourceGuard
IP: IP
IPMC: ipmc
MEP : mep
ARPI: arpInspection
UPnP: upnp
PTP : ptp
DHCP: dhcp
LOOP: loopProtect
LOAM: linkOam
User ID Frame Action Rate L. Mirror CPU Counter Conflict
---- -- ------ ------ -------- -------- ------ ------- -------
LOOP 1 EType Deny Disabled Disabled Yes 273 No
DHCP 1 UDP Deny Disabled Disabled Yes 1 No
DHCP 2 UDP Deny Disabled Disabled Yes 2 No
IP 1 IPv4 Permit Disabled Disabled Yes 0 No
Switch 1 access-list ace number: 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Auto Created ACLs Blocking DHCP Traffic
I am not sure how the ACE got created, so can you show the output of your running config with private info redacted?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Auto Created ACLs Blocking DHCP Traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Auto Created ACLs Blocking DHCP Traffic
Did you ever find a solution to this issue? Our DHCP is handled by a Windows server, and I've been back and forth trying to figure out why my 1560 would not complete DHCP requests for anything other than the native VLAN. It looks like this may be the issue for me as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Auto Created ACLs Blocking DHCP Traffic
You'll need to remove the "dhcp fallback" command from your vlan interface. This issue can also occur if you have dhcp snooping enabled. You can check to make sure DHCP isn't being touched by the CPU with the "show access-list ace-status" command. There won't be an entry for DHCP if you've done this correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: Auto Created ACLs Blocking DHCP Traffic
@lambs I have removed the "DHCP fallback" from the vlan interface and verified the DHCP snooping is disabled. There are still the two ACL's that show up when running "show access-list ace-status".
1560# show access-list ace-status
User
----
S : static
IPSG: ipSourceGuard
IP: IP
IPMC: ipmc
MEP : mep
ARPI: arpInspection
UPnP: upnp
PTP : ptp
DHCP: dhcp
LOOP: loopProtect
LOAM: linkOam
User ID Frame Action Rate L. Mirror CPU Counter Conflict Remark
---- -- ------ ------ -------- -------- ------ ------- -------- ----------------
DHCP 1 UDP Deny Disabled Disabled Yes 0 No
DHCP 2 UDP Deny Disabled Disabled Yes 5 No
IP 1 IPv4 Permit Disabled Disabled Yes 0 No
S 1 UDP Permit Disabled Disabled No 3 No
S 2 UDP Permit Disabled Disabled No 0 No