I am trying to create the most simplest of VLAN filters out there, yet it doesn't work. My goal is to filter the traffic on VLAN 3060 to only allow DHCP (so client can get an IP address from our server) DNS, HTTP and HTTPS only. Nothing else.
My configuration below allows my client device to get an IP address, but that's where it ends. I cannot do an nslookup from the DNS server, etc.
Can someone see the error I have overlooked?
vlan filter Guest_WLAN_Protocol_Restriction vlan-list 3060
vlan access-map Guest_WLAN_Protocol_Restriction 10
match ip address Guest_WLAN_Protocol_Restriction
ip access-list extended Guest_WLAN_Protocol_restriction
permit udp any any eq bootps
permit udp any any eq bootpc
permit udp any any eq domain
permit tcp any any eq domain
permit udp any any eq 80
permit tcp any any eq www
permit tcp any any eq 443
deny ip any any