ACL List Permit Only Web Traffic

Unanswered Question
May 1st, 2008


I am having some issues with an ACL I'm trying to create for guest internet access at our sites. We have a separate VLAN (10.100.206.x) for the guest access and I have assigned the ACL's to the VLAN interface. I have attached a list of the acl that I am currently using. ACL 101 is set to outbound while ACL 102 is inbound. The 150.x IP's are the DNS servers.

Also it seems that I cannot obtain an ip address from the DHCP server (

I only want to allow guest access to the internet but not allow access to the internal network. We have multiple VLAN's at this location.

Thanks for the help!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lamav Thu, 05/01/2008 - 07:49


Keep in mind the following when you apply ACLs to a VLAN interface:

An access-list applied outbound to a vlan interface is traffic going TO machines on that vlan.

An access-list applied inbound to a vlan is traffic coming FROM machines on that vlan.

Also, if the DHCP server is not located on the same VLAN as the guest users, you will need to apply the ip helper-address <ip address of DHCP server> command to the guest user VLAN interface.




This Discussion