DHCP Problem mit VLANS

[onedread]

HI

Hab mir zum testen und üben eine 3570 von uns geschnappt und 5 VLANS angelegt. Und via ACLS den Zugriff untereinander limitiert nur jetzt hab ich das Problem das die Clients in den VLAN's keine IP mehr vom DHCP zugewiesen bekommen? Wahrscheinlich ist es nur ein Befehl das der DHCP Dienst wieder funktioniert aber ich weiß es eben nicht.

system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name becom.at
ip dhcp smart-relay
ip dhcp relay information trust-all

ip dhcp pool clients
network 10.10.0.0 255.255.0.0
default-router 10.10.20.50

ip dhcp pool vlan2
network 10.20.0.0 255.255.0.0
default-router 10.20.20.50

ip dhcp pool vlan3
network 10.30.0.0 255.255.0.0
default-router 10.30.20.50

ip dhcp pool vlan4
network 10.40.0.0 255.255.0.0
default-router 10.40.20.50

ip dhcp pool vlan5
network 10.50.0.0 255.255.0.0
default-router 10.50.20.50

spanning-tree mode pvst
spanning-tree extend system-id

vlan internal allocation policy ascending

interface FastEthernet1/0/1
description APP oder PC
switchport mode access
switchport voice vlan 2
switchport port-security
switchport port-security violation shutdown vlan
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000e.7b04.a395
spanning-tree portfast

interface FastEthernet1/0/3
description APP oder PC
switchport access vlan 2
switchport mode access
switchport voice vlan 2
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000e.7b04.a395
spanning-tree portfast

interface FastEthernet1/0/5
description APP oder PC
switchport access vlan 3
switchport mode access
switchport voice vlan 2
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000e.7b04.a395
spanning-tree portfast

[onedread]

interface FastEthernet1/0/7
description APP oder PC
switchport access vlan 4
switchport mode access
switchport voice vlan 2
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000e.7b04.a395
spanning-tree portfast

interface FastEthernet1/0/48
description APP oder PC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3-5
switchport mode trunk
switchport voice vlan 3
switchport port-security maximum 10
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0022.901a.78a6
switchport port-security mac-address sticky 0023.5d0d.ae60
switchport port-security mac-address sticky 0012.f0df.ae3e vlan 5
spanning-tree portfast

interface Vlan1
ip dhcp relay information trusted
ip address 10.10.20.50 255.255.0.0
ip access-group 111 in

interface Vlan2
ip address 10.20.20.50 255.255.0.0
ip access-group 112 in

interface Vlan3
ip address 10.30.20.50 255.255.0.0
ip access-group 113 in

interface Vlan4
ip address 10.40.20.50 255.255.0.0
ip access-group 114 in

interface Vlan5
ip address 10.50.20.50 255.255.0.0
ip access-group 110 in

router rip
network 10.0.0.0

ip classless

access-list 110 permit tcp 10.50.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 22 log
access-list 110 permit tcp 10.50.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq telnet log
access-list 110 permit tcp 10.50.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq www log
access-list 110 permit tcp 10.50.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 443 log
access-list 110 permit icmp 10.50.0.0 0.0.255.255 any log
access-list 110 deny ip 10.50.0.0 0.0.255.255 any log
access-list 111 permit ip 10.10.0.0 0.0.255.255 any log
access-list 111 deny ip any any
access-list 112 permit ip 10.20.0.0 0.0.255.255 10.30.0.0 0.0.255.255 log
access-list 112 deny ip 10.20.0.0 0.0.255.255 any log
access-list 113 permit ip 10.30.0.0 0.0.255.255 10.20.0.0 0.0.255.255 log
access-list 113 permit tcp 10.30.0.0 0.0.255.255 host 10.10.222.1 eq www
access-list 113 permit tcp 10.30.0.0 0.0.255.255 host 10.10.222.1 eq 443
access-list 113 permit tcp 10.30.0.0 0.0.255.255 host 10.10.222.1 eq 22
access-list 113 deny ip 10.30.0.0 0.0.255.255 any log
access-list 113 permit ip 10.40.0.0 0.0.255.255 10.10.0.0 0.0.255.255 log
access-list 113 deny ip 10.40.0.0 0.0.255.255 any log


Vielleicht hat ja jemand eine Ahnung. thx

onedread
–
HI

Ok wie es aussieht hab ichs gefunden via Boardsuche.

access-l 111 permit udp any eq 68 any eq 67 log

war die antwort zumindest funktionierts jetzt.

Falls jemand einen besseren Vorschlag hat, bitte postn.

thx
onedread
–
Hab gerade ein Stichwort VACL gefunden is das total anders wie normale acls die auch die einfachen vlan interfaces binde?