Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Adding ACL's to Router on a stick

I have router on a stick configured for voice vlan, data vlan, and wifi vlan.  The wifi is a cisco AP and has 2 ssids one for internal users which use the data vlan and the other for guest vlan.  We do not want anyone on the guest vlan to be able to access the company network only the internet.  Without any ACL's apply the users on the guest network can access the network but they can ping the server and anyone on the company network. 

I tried to add ACL's on the router so while it drops traffic to the network it doesn't get out to the internet.  I tried different combinations but now at this point I'm just confusing myself.  I figured I just deny traffic from the network to access the server located at .250 and apply it inbound at the the f0/0.51 but the users don't connect to the wifi then.


The router is a 2811 which is running dhcp for the voice and guest wifi vlan.  It forwards outside traffic to the asa 5505 which sits on the edge of the network.



Router IP's are and

Router data vlan

Router guest wifi vlan



interface FastEthernet0/0.51

description $GUEST_WIFI$

encapsulation dot1Q 51

ip address

ip access-group 100 in


interface FastEthernet0/0.50

description $DATA_NETWORK$

encapsulation dot1Q 50

ip address

ip helper-address



access-list 100 deny ip host

access-list 100 permit ip ANY