Hi, I'm learning about ACLs for the CCNA.
Vlan 10 on my home network is dedicated to wireless clients.
192.168.1.1/24 is the IP address of my Cisco router
192.168.1.2/24 is the address of a DD-WRT wireless router connected to the Cisco and working in Access Point pass through mode.
Another Vlan has a subnet of 192.168.0.0/29 with an ADSL modem at 192.168.0.2 which is the default route out to the Internet
The ACL config below is incomplete (because I need help) and shows the access I have permitted on vlan 10.
interface FastEthernet0.10
description TO-VLAN10-WIRELESS
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
ip access-group ACL-VLAN10-WIRELESS-IN in
ip nat inside
ip virtual-reassembly in
ip access-list extended ACL-VLAN10-WIRELESS-IN
remark * Allow all wireless clients to reach router *
permit ip host 192.168.1.1 192.168.1.0 0.0.0.255
remark *
remark * Allow all wireless clients to communicate with each other *
permit ip 192.168.1.3 0.0.0.252 192.168.1.3 0.0.0.252
remark *
remark * Allow following IPs to manage AP *
permit ip host 192.168.1.2 10.10.10.8 0.0.0.4 log-input
........
How do I allow all wireless clients access to the Internet, whilst still blocking access to the AP at 192.168.1.2?
If I add the line:
permit ip any any
Will that defeat the implicit deny of ACLs and allow all wireless clients access to all IPs?
Thanks in advance.