Processor Guide
Page 3
... viii Document Conventions ix Warning Definition ix Related Documentation x Obtaining Documentation, Obtaining Support, and Security Guidelines x Cisco 7600 Product Overview 1-1 Cisco 7600 Series Routers 1-1 Supported Hardware 1-2 Features 1-3 Port Addresses 1-6 Physical Interface Addresses 1-6 MAC Addresses 1-7 Supervisor Engine 2T 1-8 Supported Hardware 1-8 Features 1-8 Port Addresses 1-8 Route Switch Processors and Supervisor Engines 2-1 Overview 2-2 Route Switch Processor 720 2-9 RSP720 Features 2-9 Supported Chassis...
... viii Document Conventions ix Warning Definition ix Related Documentation x Obtaining Documentation, Obtaining Support, and Security Guidelines x Cisco 7600 Product Overview 1-1 Cisco 7600 Series Routers 1-1 Supported Hardware 1-2 Features 1-3 Port Addresses 1-6 Physical Interface Addresses 1-6 MAC Addresses 1-7 Supervisor Engine 2T 1-8 Supported Hardware 1-8 Features 1-8 Port Addresses 1-8 Route Switch Processors and Supervisor Engines 2-1 Overview 2-2 Route Switch Processor 720 2-9 RSP720 Features 2-9 Supported Chassis...
Processor Guide
Page 16
.... On vertical-oriented chassis (such as the Cisco 7609 router), slots are specific to a network. Routers use MAC addresses to left starting with 1 (1/n, 2/n, and so on every module in the router, as the Cisco 7606 and Cisco 7613 routers), slots are numbered from top to...2/1, 2/2, and so on the module. they are numbered from top to assign and control the MAC addresses of addresses. Other devices in the network use a unique method, described in the Cisco 7600 series router has several different types of their interfaces. On horizontal-oriented modules, ports are...
.... On vertical-oriented chassis (such as the Cisco 7609 router), slots are specific to a network. Routers use MAC addresses to left starting with 1 (1/n, 2/n, and so on every module in the router, as the Cisco 7606 and Cisco 7613 routers), slots are numbered from top to...2/1, 2/2, and so on the module. they are numbered from top to assign and control the MAC addresses of addresses. Other devices in the network use a unique method, described in the Cisco 7600 series router has several different types of their interfaces. On horizontal-oriented modules, ports are...
Processor Guide
Page 17
...-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 1-7 The router system code reads the EEPROM for example, Port 2 on the Supervisor Engine 720 supports a Gigabit Ethernet SFP module or a 10/100/1000-Mbps RJ-45 connector). However, only one unique MAC address. When you hot swap a module, the MAC address changes...
...-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide 1-7 The router system code reads the EEPROM for example, Port 2 on the Supervisor Engine 720 supports a Gigabit Ethernet SFP module or a 10/100/1000-Mbps RJ-45 connector). However, only one unique MAC address. When you hot swap a module, the MAC address changes...
Processor Guide
Page 59
Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Upgrading DIMMs on RSP720 router#show module 1 Mod Ports Card Type Serial No 1 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE Model SAL15077HPS Mod MAC addresses Hw Fw Sw Status 1 c89c.1dfa.fb34 to c89c.1dfa.fb37 5.12 12.2(33r)SRE 12.2(33)SRD5 Ok Mod Sub-Module Model Serial Hw Status 1 Policy Feature Card 3 7600-PFC3CXL SAL150673QR 1.1 Ok 1 C7600 MSFC4 Daughterboard 7600-MSFC4 SAL1542T06C 4.0 Ok ? ? ?
Chapter 3 Installing and Configuring Route Switch Processors and Supervisor Engines Upgrading DIMMs on RSP720 router#show module 1 Mod Ports Card Type Serial No 1 2 Route Switch Processor 720 (Active) RSP720-3CXL-GE Model SAL15077HPS Mod MAC addresses Hw Fw Sw Status 1 c89c.1dfa.fb34 to c89c.1dfa.fb37 5.12 12.2(33r)SRE 12.2(33)SRD5 Ok Mod Sub-Module Model Serial Hw Status 1 Policy Feature Card 3 7600-PFC3CXL SAL150673QR 1.1 Ok 1 C7600 MSFC4 Daughterboard 7600-MSFC4 SAL1542T06C 4.0 Ok ? ? ?
Processor Guide
Page 97
Index Sup Eng 2 25 Sup Eng 720, Sup Eng 32 16, 23 link spans, excessive 19 LX/LH GBIC 19 M MAC address 6, 7 managing the router 6 memory, default 5 memory components 5 modem, connecting to the supervisor engine or RSP 10 modem adapter 13 modules blank module carriers 6, 7 hot swapping 8 ... hot swapping (OIR) 8 installing 4 removing 7 tools for installing and removing 3 Route Switch Processor 720 (RSP720) 22 CompactFlash support 12 front panel (figure) 9 OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide IN-3
Index Sup Eng 2 25 Sup Eng 720, Sup Eng 32 16, 23 link spans, excessive 19 LX/LH GBIC 19 M MAC address 6, 7 managing the router 6 memory, default 5 memory components 5 modem, connecting to the supervisor engine or RSP 10 modem adapter 13 modules blank module carriers 6, 7 hot swapping 8 ... hot swapping (OIR) 8 installing 4 removing 7 tools for installing and removing 3 Route Switch Processor 720 (RSP720) 22 CompactFlash support 12 front panel (figure) 9 OL-10100-11 Cisco 7600 Series Router Supervisor Engine and Route Switch Processor Guide IN-3
Installation Guide
Page 4
... Switching Module (WS-X6516-GBIC) 1-26 Switch Fabric Module (WS-C6500-SFM) 1-27 Switch Fabric Module 2 (WS-X6500-SFM2) 1-27 Cisco Application Control Engine (ACE) Module (ACE10-6500-K9) 1-28 Catalyst 6000 Family Module LED Descriptions 1-29 SPA Interface Processors 1-29 7600-SIP-200... 1-33 Cisco 7600 Ethernet Services Plus Line Cards 1-33 Cisco 7600 ES+ 2TG3C, -3CXL Line Cards 1-34 Cisco 7600 ES+ 4TG3C, -4TG3CXL Line Cards 1-34 Cisco 7600 ES+ 20G3C, -20G3CXL Line Cards 1-35 Cisco 7600 ES+ 40G3C, -40G3CXL Line Cards 1-36 Port Addresses 1-37 Physical Interface Addresses 1-37 MAC Addresses 1-38 ...
... Switching Module (WS-X6516-GBIC) 1-26 Switch Fabric Module (WS-C6500-SFM) 1-27 Switch Fabric Module 2 (WS-X6500-SFM2) 1-27 Cisco Application Control Engine (ACE) Module (ACE10-6500-K9) 1-28 Catalyst 6000 Family Module LED Descriptions 1-29 SPA Interface Processors 1-29 7600-SIP-200... 1-33 Cisco 7600 Ethernet Services Plus Line Cards 1-33 Cisco 7600 ES+ 2TG3C, -3CXL Line Cards 1-34 Cisco 7600 ES+ 4TG3C, -4TG3CXL Line Cards 1-34 Cisco 7600 ES+ 20G3C, -20G3CXL Line Cards 1-35 Cisco 7600 ES+ 40G3C, -40G3CXL Line Cards 1-36 Port Addresses 1-37 Physical Interface Addresses 1-37 MAC Addresses 1-38 ...
Installation Guide
Page 53
...the same in the network and to a network. The line card is a two-part number in the network; The MAC address is a standardized data link layer address that connects to create and update routing tables and data structures. The port is required for every port or device that ... and a valid Ethernet link has been established. The system software uses the physical addresses to the individual router and its internal components and software. Port Addresses Each port (or interface) in the Cisco 7600 series router is designated by other devices in the format slot/port number. ...
...the same in the network and to a network. The line card is a two-part number in the network; The MAC address is a standardized data link layer address that connects to create and update routing tables and data structures. The port is required for every port or device that ... and a valid Ethernet link has been established. The system software uses the physical addresses to the individual router and its internal components and software. Port Addresses Each port (or interface) in the Cisco 7600 series router is designated by other devices in the format slot/port number. ...
Installation Guide
Page 54
...in the system. When you hot swap a module, the MAC address changes with the module (slot) number and port number in slot 4 of the Cisco 7609 router, the address of the top WAN port is 4/1, and the address of an interface is 4/4. For example, on a 4-port ...different slot, the first number in the spanning tree has one unique MAC address. To display information about a specific interface, enter the show interfaces command without parameters. Port Addresses Figure 1-41 Cisco 7609 Router Port Address Examples WS-X6K-SUP2-2GE STATUSSYSTEMCONSOLPEWR MGRMETSET CONSOLE SUPERVISOR2 WS-X6K-SUP2...
...in the system. When you hot swap a module, the MAC address changes with the module (slot) number and port number in slot 4 of the Cisco 7609 router, the address of the top WAN port is 4/1, and the address of an interface is 4/4. For example, on a 4-port ...different slot, the first number in the spanning tree has one unique MAC address. To display information about a specific interface, enter the show interfaces command without parameters. Port Addresses Figure 1-41 Cisco 7609 Router Port Address Examples WS-X6K-SUP2-2GE STATUSSYSTEMCONSOLPEWR MGRMETSET CONSOLE SUPERVISOR2 WS-X6K-SUP2...
Installation Guide
Page 100
... Series Internet Router IOS Software Configuration Guide. For information on configuring the supervisor engine and all Cisco 7600 router commands, refer to the Cisco 7600 Series Router Command Reference publication. 3-22 Book Title OL-5077-7 Verifying the Installation Chapter 3 Installing Modules Verifying ...SAD051409DW 8 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD04470AUK 9 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD044908JG Mod MAC addresses Hw Fw Sw Status 1 00d0.c0d4.0454 to 00d0.c0d4.0455 1.1 6.1(3) 6.2(0.116) Ok 4 00d0.9738.a7e5 to 00d0.9738.a824 ...
... Series Internet Router IOS Software Configuration Guide. For information on configuring the supervisor engine and all Cisco 7600 router commands, refer to the Cisco 7600 Series Router Command Reference publication. 3-22 Book Title OL-5077-7 Verifying the Installation Chapter 3 Installing Modules Verifying ...SAD051409DW 8 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD04470AUK 9 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAD044908JG Mod MAC addresses Hw Fw Sw Status 1 00d0.c0d4.0454 to 00d0.c0d4.0455 1.1 6.1(3) 6.2(0.116) Ok 4 00d0.9738.a7e5 to 00d0.9738.a824 ...
Installation Guide
Page 135
Index M MAC address allocation 1-38 description 1-37 management 1-4 memory default, OSM 1-4 Flash booting routers from 4-4, 4-5, 4-7, 4-8, 4-9, 4-11, 4-12, 4-14, 4-15, 4-17, 4-18, 4-19 upgrading, OSM C-1 memory components 1-4... to 3-16 modem adapter B-4 modes ROM monitor routers stuck in 4-20, 4-21 modes, fiber 2-14 module functionality hot swapping 1-39 MAC address 1-37 MAC address allocation 1-38 physical interface addresses 1-37 port addresses 1-37 modules blank module carriers 3-3 installing 3-7 monitors ROM routers hang after initialization 4-20 MT-RJ connector, OC-3 POS module 2-17 OL...
Index M MAC address allocation 1-38 description 1-37 management 1-4 memory default, OSM 1-4 Flash booting routers from 4-4, 4-5, 4-7, 4-8, 4-9, 4-11, 4-12, 4-14, 4-15, 4-17, 4-18, 4-19 upgrading, OSM C-1 memory components 1-4... to 3-16 modem adapter B-4 modes ROM monitor routers stuck in 4-20, 4-21 modes, fiber 2-14 module functionality hot swapping 1-39 MAC address 1-37 MAC address allocation 1-38 physical interface addresses 1-37 port addresses 1-37 modules blank module carriers 3-3 installing 3-7 monitors ROM routers hang after initialization 4-20 MT-RJ connector, OC-3 POS module 2-17 OL...
Configuration Guide
Page 6
...5-6 Transparent Mode Overview 5-7 Transparent Firewall Network 5-7 Bridge Groups 5-7 Management Interface 5-8 Allowing Layer 3 Traffic 5-8 Allowed MAC Addresses 5-8 Passing Traffic Not Allowed in Transparent Mode 5-11 How Data Moves Through the Transparent Firewall 5-12 An Inside User...a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01 Route Lookups 5-9 Using the Transparent Firewall in Your Network 5-9 Transparent Firewall Guidelines 5-10 Unsupported Features in Routed Mode 5-8 MAC Address vs.
...5-6 Transparent Mode Overview 5-7 Transparent Firewall Network 5-7 Bridge Groups 5-7 Management Interface 5-8 Allowing Layer 3 Traffic 5-8 Allowed MAC Addresses 5-8 Passing Traffic Not Allowed in Transparent Mode 5-11 How Data Moves Through the Transparent Firewall 5-12 An Inside User...a Bridge Group 6-6 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM vi OL-20748-01 Route Lookups 5-9 Using the Transparent Firewall in Your Network 5-9 Transparent Firewall Guidelines 5-10 Unsupported Features in Routed Mode 5-8 MAC Address vs.
Configuration Guide
Page 15
... Control Lists 17-10 Configuring a RADIUS Server to Download Per-User Access Control List Names 17-12 Configuring Accounting for Network Access 17-13 Using MAC Addresses to Exempt Traffic from Authentication and Authorization 17-14 Applying Filtering Services 18-1 Filtering Overview 18-1 Filtering ActiveX Objects 18-1 ActiveX Filtering Overview 18-2...11 Configuring ARP Inspection and Bridging Parameters 19-1 Configuring ARP Inspection 19-1 ARP Inspection Overview 19-1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xv
... Control Lists 17-10 Configuring a RADIUS Server to Download Per-User Access Control List Names 17-12 Configuring Accounting for Network Access 17-13 Using MAC Addresses to Exempt Traffic from Authentication and Authorization 17-14 Applying Filtering Services 18-1 Filtering Overview 18-1 Filtering ActiveX Objects 18-1 ActiveX Filtering Overview 18-2...11 Configuring ARP Inspection and Bridging Parameters 19-1 Configuring ARP Inspection 19-1 ARP Inspection Overview 19-1 OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xv
Configuration Guide
Page 16
Contents Adding a Static ARP Entry 19-2 Enabling ARP Inspection 19-2 Customizing the MAC Address Table 19-3 MAC Address Table Overview 19-3 Adding a Static MAC Address 19-3 Setting the MAC Address Timeout 19-3 Disabling MAC Address Learning 19-4 Viewing the MAC Address Table 19-4 20 C H A P T E R Using Modular Policy Framework 20-1 Information About Modular Policy Framework 20-1 Modular ... Specific Servers 20-22 Applying Inspection to HTTP Traffic with NAT 20-22 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvi OL-20748-01
Contents Adding a Static ARP Entry 19-2 Enabling ARP Inspection 19-2 Customizing the MAC Address Table 19-3 MAC Address Table Overview 19-3 Adding a Static MAC Address 19-3 Setting the MAC Address Timeout 19-3 Disabling MAC Address Learning 19-4 Viewing the MAC Address Table 19-4 20 C H A P T E R Using Modular Policy Framework 20-1 Information About Modular Policy Framework 20-1 Modular ... Specific Servers 20-22 Applying Inspection to HTTP Traffic with NAT 20-22 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM xvi OL-20748-01
Configuration Guide
Page 67
... Criteria, page 4-3 • Invalid Classifier Criteria, page 4-4 • Classification Examples, page 4-5 Valid Classifier Criteria If only one global MAC address across all interfaces. To use admin.cfg as a regular context. The classifier relies on the same network if all times. For example...10.20.10.0 10.20.10.0 netmask 255.255.255.0 • Context C: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 Chapter 4 Configuring Security Contexts Security Context Overview Admin Context Configuration The admin...
... Criteria, page 4-3 • Invalid Classifier Criteria, page 4-4 • Classification Examples, page 4-5 Valid Classifier Criteria If only one global MAC address across all interfaces. To use admin.cfg as a regular context. The classifier relies on the same network if all times. For example...10.20.10.0 10.20.10.0 netmask 255.255.255.0 • Context C: OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-3 Chapter 4 Configuring Security Contexts Security Context Overview Admin Context Configuration The admin...
Configuration Guide
Page 87
...Number of Fixups per context: • Telnet sessions-5 sessions. • SSH sessions-5 sessions. • IPSec sessions-5 sessions. • MAC addresses-65,535 entries. Connections denied because system limit was reached. 104896 Default Class All contexts belong to the default class if they are not... the default class for the following limits, which are inherited from the default class. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-23 If a context belongs to a class other class has any settings...
...Number of Fixups per context: • Telnet sessions-5 sessions. • SSH sessions-5 sessions. • IPSec sessions-5 sessions. • MAC addresses-65,535 entries. Connections denied because system limit was reached. 104896 Default Class All contexts belong to the default class if they are not... the default class for the following limits, which are inherited from the default class. OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 4-23 If a context belongs to a class other class has any settings...
Configuration Guide
Page 90
...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 N/A 999,900 concurrent TCP or UDP connections between any two 102,400 per second (rate) hosts, including connections between the NPs. Configuring Resource Management Chapter 4 Configuring Security Contexts Table 4-2 Resource Names and Limits Resource Name mac-addresses...Total Number for System Description N/A 65,535 concurrent For transparent firewall mode, the number of MAC addresses allowed in some circumstances, the connections are divided evenly between one NP before reaching the ...
...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 N/A 999,900 concurrent TCP or UDP connections between any two 102,400 per second (rate) hosts, including connections between the NPs. Configuring Resource Management Chapter 4 Configuring Security Contexts Table 4-2 Resource Names and Limits Resource Name mac-addresses...Total Number for System Description N/A 65,535 concurrent For transparent firewall mode, the number of MAC addresses allowed in some circumstances, the connections are divided evenly between one NP before reaching the ...
Configuration Guide
Page 102
The number of contexts assigned to an absolute number for this display is blank. 4-38 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 If the resource is unlimited, this limit with "C" or "D." The FWSM can ... Contexts: 3 C 5 D 5 CA 10 CA 5 CA unlimited DA unlimited CA 23040 CA 11520 5 5.00% 10 10.00% 20 20.00% 23040 23040 10.00% 10.00% mac-addresses default all classes.
The number of contexts assigned to an absolute number for this display is blank. 4-38 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 If the resource is unlimited, this limit with "C" or "D." The FWSM can ... Contexts: 3 C 5 D 5 CA 10 CA 5 CA unlimited DA unlimited CA 23040 CA 11520 5 5.00% 10 10.00% 20 20.00% 23040 23040 10.00% 10.00% mac-addresses default all classes.
Configuration Guide
Page 104
...0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s Average 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 4-40 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 The constant flood of SYN packets keeps the server SYN queue full... system counter all 0 command, which shows the resource usage for all 0 Resource Telnet SSH ASDM IPSec Syslogs [rate] Conns Xlates Hosts Conns [rate] Fixups [rate] Mac-addresses Current 0 0 0 0 0 0 0 0 0 0 0 Peak 0 0 0 0 0 0 0 0 0 0 0 Limit 100 100 80 10 30000 1000000 262144 262144 170000 100000 65535 ...
...0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s Average 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 0/s 4-40 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01 The constant flood of SYN packets keeps the server SYN queue full... system counter all 0 command, which shows the resource usage for all 0 Resource Telnet SSH ASDM IPSec Syslogs [rate] Conns Xlates Hosts Conns [rate] Fixups [rate] Mac-addresses Current 0 0 0 0 0 0 0 0 0 0 0 Peak 0 0 0 0 0 0 0 0 0 0 0 Limit 100 100 80 10 30000 1000000 262144 262144 170000 100000 65535 ...
Configuration Guide
Page 113
... to maximize your use security contexts with one bridge group in Routed Mode, page 5-8 • MAC Address vs. The management IP address must exit the FWSM before it is routed by an external router back to connected devices. Bridge ...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 5-7 This section describes transparent firewall mode, and includes the following topics: • Transparent Firewall Network, page 5-7 • Bridge Groups, page 5-7 • Management Interface, page 5-8 • Allowing Layer 3 Traffic, page 5-8 • Allowed MAC Addresses...
... to maximize your use security contexts with one bridge group in Routed Mode, page 5-8 • MAC Address vs. The management IP address must exit the FWSM before it is routed by an external router back to connected devices. Bridge ...Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 5-7 This section describes transparent firewall mode, and includes the following topics: • Transparent Firewall Network, page 5-7 • Bridge Groups, page 5-7 • Management Interface, page 5-8 • Allowing Layer 3 Traffic, page 5-8 • Allowed MAC Addresses...
Configuration Guide
Page 114
...traffic allowed through the transparent firewall. Allowed MAC Addresses The following destination MAC addresses are allowed through the transparent firewall without an access list is dropped. • TRUE broadcast destination MAC address equal to FFFF.FFFF.FFFF • IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE...See Table 13-2 on the transparent firewall, you explicitly permit it in an access list. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using an extended access list, you can allow DHCP traffic (instead of...
...traffic allowed through the transparent firewall. Allowed MAC Addresses The following destination MAC addresses are allowed through the transparent firewall without an access list is dropped. • TRUE broadcast destination MAC address equal to FFFF.FFFF.FFFF • IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE...See Table 13-2 on the transparent firewall, you explicitly permit it in an access list. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using an extended access list, you can allow DHCP traffic (instead of...