We have a CISCO 2901 router as a gateway with the internal network 192.168.30.0 0.0.0.255 configured on Interface Gigbit 0/0 and a VLAN for wifi guests 192.168.31.0 0.0.0.255 on Interface Gigabit 0/0.1
I have tried to configure ACL on interface 0/0 to block packets from VLAN on 0/0.1 entering the internal network.
access-list 130 deny ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.31.0 0.0.0.255 any
But with this config I can still ping from 31 to 30
If I remove the second line I can't ping from 31-30 but clients inside lose access to the internet.
Can someone suggest a configuration that will achieve the security without losing access to the outside world please.