I have problems understanding ACL which is made for GUEST wifi users :
description wifi guests
ip address 192.168.211.126 255.255.255.192
ip access-group acl_lan_112_out out
ip helper-address 192.168.210.82
standby 112 ip 192.168.211.65
ip access-list extended acl_lan_112_out
permit ip host 192.168.210.145 any (it's wlc)
permit ip host 192.168.210.81 any (domain controller)
permit ip any host 192.168.211.66 ( access point)
deny ip 192.168.0.0 0.0.255.255 any log
permit ip any any
Cnfiguration is correct. Just I can understand, how it works.
So only the traffic out is filtered by ACL. Can't understand the line "deny ip 192.168.0.0 0.0.255.255 any log" . it does that guest users can't access anything internal. But what I understand if I look to this ACL: if source is 192.168.0.0 traffic is denied . So no internet? Because that ip is from wifi subnet. . I would write ACL "deny any 192.168.0.0 0.0.255.255" that says from any location deny to 192.168.0.0, but it's not correct, what I don't understand.