Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
1670 Views 1 Reply Latest reply: Apr 1, 2011 9:15 AM by Keith Barker - CCIE RS/Security, CISSP RSS

Currently Being Moderated

ip access-group in|out

Apr 1, 2011 4:12 AM

Darius 1 posts since
Sep 27, 2010

Hello,

 

I have problems understanding ACL which is made for GUEST wifi users :

 

interface Vlan112

description wifi guests

ip address 192.168.211.126 255.255.255.192

ip access-group acl_lan_112_out out

ip helper-address 192.168.210.82

standby 112 ip 192.168.211.65

 

 

ip access-list extended acl_lan_112_out

permit ip host 192.168.210.145 any (it's wlc)

permit ip host 192.168.210.81 any (domain controller)

permit ip any host 192.168.211.66 ( access point)

deny   ip 192.168.0.0 0.0.255.255 any log

permit ip any any

 

Cnfiguration is correct. Just I can understand, how it works.

So only the traffic out is filtered by ACL.  Can't understand the line "deny   ip 192.168.0.0 0.0.255.255 any log" . it does that guest users can't access anything internal. But what I understand if I look to this ACL: if  source is 192.168.0.0 traffic is denied . So no internet? Because that ip is from wifi subnet. . I would write ACL "deny any 192.168.0.0 0.0.255.255" that says from any location deny to 192.168.0.0, but it's not correct, what I don't understand.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)