First we need to know from which network/vlan you are applying this access-list. If this acl is applied on a vlan that receives all traffic from 10.10.1.0 network, then you need to apply it inbound and not outbound.
There are still some things about the topology of the network that we need to understand better.
If I understand correctly VLAN 250 is using addresses in 10.10.57.0/24. You want to allow these users access to the Internet. It is important to understand whether you have existing access lists in place somewhere in the network controlling Internet traffic, and if so where the lists are and how they are configured.
The simple case is that you do not have existing access lists in place. If this were to be true then you just add the new users to the network, make sure that they have a route to the Internet and they will have access.
If you have existing access lists in place it may be necessary to make changes to them to allow these new addresses to access the Internet. We will not know until you supply some additional information.
But I think there are also some comments about the access list that you describe. If you had configured access list 116 as outbound on VLAN 250 it would control traffic going through the MSFC and out interface VLAN 250. If your access list is:
access-list 116 permit ip 10.10.1.0 255.255.255.0 any
then it would look like that only traffic from 10.10.1.0 would be allowed to go out to these new addresses. Except that you have the mask inverted. With the access list as coded any address which had 0 in the fourth octet would be allowed.
So take that access list out and give us some more information about your network.
There are a number of things in this config that do not make sense to me. I am not sure how much they matter.
As it stands the config that you have posted should allow the users in VLAN 250 to access the Internet and to access other resources. As I see it the MSFC does have a valid default route which sends traffic through VLAN 350 toward the Internet. Depending on whether there are any other access lists between this device and the Internet router, the VLAN 250 users should get out. I also not that you are running EIGRP and have a network statement which includes the subnet of VLAN 250 so these users should have routes to the other parts of your network and the rest of your network should have a route back to 10.10.57.0.
I notice that VLAN 350 which leads toward the Internet has an access list applied. But the access list 115 which it applies does not appear in the config. The result is as if the access list were not applied. So their Internet access would not be impacted. I note that this same access list is also applied on other interfaces (and that that the same access list is applied both inbound and outbound which is kind of unusual). You probably should clean this up.
I notice that you have quite a number of static routes which point routes back to the interface on which they are connected. I do not know why this was done. I do not think that it hurts anything, but it does no good that I can see.
I notice that the configuration includes a route-map called onlylocal but the route map is not used anywhere. Is there some reason for it?
As I said I believe that the config as it stands will accomplish your objective of allowing users on VLAN 250 to access the Internet.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.