Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest user - ACL

Hi

In order to restrict guest users accessing corporate network, we created ACL on the switch.
but after applying ACL only http works rest all protocols dont work. Email dont work?

If we remove the access-group from vlan 10 then all is fine.
Can someone guide me the correct fixes.

 

Here is more details on the setup on WLC and L3switch

SSID - Guest
IP range - 10.10.10.1 255.255.255.0

SSID - Corporate-user
Ip range - 172.20.1.1 255.255.254.0


On the Switch we got ranges for Server, printers, management
server range - 192.168.1.0/24
printers range - 192.168.2.0/24
management range - 192.168.3.0/24

DNS server are part of server-farm range - 192.168.1.100 & 192.168.1.101


---------------------
interface vlan 10
ip address 192.168.1.254 255.255.255.0
ip access-group guest in
ip access-group guest out

ip access-list extended guest
 permit ip 10.10.10.0 0.0.0.255 host 192.168.1.100
 permit ip 10.10.10.0 0.0.0.255 host 192.168.1.101
 permit ip 10.10.10.0 0.0.0.255 host 8.8.8.8
 deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
 deny ip 10.10.10.0 0.0.0.255 192.168.2.0 0.0.0.255
 deny ip 10.10.10.0 0.0.0.255 192.168.3.0 0.0.0.255
 deny ip 10.10.10.0 0.0.0.255 172.20.1.0 0.0.1.255
 permit ip any any

 

thanks

ST

42
Views
0
Helpful
0
Replies