IP helper with ACL on SVI

Just another short post about IP helpers:
It took me last week a few minutes to figure out why my new configured IP helpers were not working.
The starting config was like:

interface Vlan6
 description Voice VLAN
 ip address 192.168.1.251 255.255.255.0
 ip access-group Voice in
 ip helper-address 192.168.15.1
 ip helper-address 192.168.15.3
 no ip redirects
 no ip unreachables
 standby 6 ip 192.168.1.254
 standby 6 timers 1 2
 standby 6 priority 110
 standby 6 preempt

ip access-list extended Voice
 permit ip host 192.168.1.9 192.168.254.0 0.0.0.255
 permit ip host 192.168.1.2 192.168.254.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.15.0 0.0.0.255
 permit ip any host 224.0.0.2

At this point, clients in Vlan 6 are not receiving a IP address from the DHCP server.
As we all know, a DHCP request starts with a broadcast on IP 255.255.255.255. These packets are being blocked by the incoming ACL at this moment! You can check this with debugging the ACL. The problem is clear: we have to edit the ACL.
Adding the following ACL rule, will allow these DHCP request packets to get to the IP helper address:

 permit udp any host 255.255.255.255 eq bootps

Problem solved 🙂