Good one for you veterans

[lordmeatball]

Alright, I think i have one for you veteran network guys out there....

I have a wireless network which is really locked down. It only permits HTTP, FTP, and DNS. I'm not the network engineer, but he seems to be having problems figuring this out.

we have several WindowsCE devices which have static IP addresses assigned. They won't communicate with the ftp server. When he looks at the access point, he mac see the MAC addresses in the ARP table, but the IP address isn't assosiated.

If he removes the Access Control List, the IP address list will populate in the ARP table. How is the ACL stopping the device from using an IP address which is statically assigned???

Does a WindowsCE device send out some kind of broadcast to the network (or DHCP server) to check for any other devices with the same IP address. If so, what port does it use? (UDP68 or 69 for DHCP?)

thanks,

 

[Scene]

If your devices have static ip-adresses they won't send out IP-requests to any DHCP server. This will only happen if a client is configured to use dynamic ip-adresses and don't know the ip-adress of the DHCP server.

Most likely your ACL is wrongly configured, keep in mind that first you have to
specify everything you block, after that you specifiy which ip-adresses/ranges/ports you keep open.

Also ACL's don't prevent devices to use specific ip-adresses, they are used as a filter to determine which traffic is or is not allowed to enter a network.

To say it short an ACL doesn't prevent a device to use an ip-adress, it merely blocks it from the network.

All DHCP traffic uses the UDP. Messages from the DHCP client to the DHCP server use UDP source port 68 and UDP destination port 67. Messages from the DHCP server to the DHCP client use UDP source port 67 and UDP destination port 68.