Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions


This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
1971 Views 1 Reply Latest reply: Apr 1, 2011 9:15 AM by Keith Barker - CCIE RS/Security, CISSP RSS

Currently Being Moderated

ip access-group in|out

Apr 1, 2011 4:12 AM

Darius 1 posts since
Sep 27, 2010



I have problems understanding ACL which is made for GUEST wifi users :


interface Vlan112

description wifi guests

ip address

ip access-group acl_lan_112_out out

ip helper-address

standby 112 ip



ip access-list extended acl_lan_112_out

permit ip host any (it's wlc)

permit ip host any (domain controller)

permit ip any host ( access point)

deny   ip any log

permit ip any any


Cnfiguration is correct. Just I can understand, how it works.

So only the traffic out is filtered by ACL.  Can't understand the line "deny   ip any log" . it does that guest users can't access anything internal. But what I understand if I look to this ACL: if  source is traffic is denied . So no internet? Because that ip is from wifi subnet. . I would write ACL "deny any" that says from any location deny to, but it's not correct, what I don't understand.


More Like This

  • Retrieving data ...

Bookmarked By (0)