First post here. Read the sidebar and this didn't seem to violate anything. If i'm wrong, i apologize and ban me to the shadow realm.

A little about me; I'm kind of a junior network admin. Not a very good one. I have a lot to learn, but i'm trying to pick up some things as i go. If you can offer any good practices or tips, it would be greatly appreciated.

Working with a router, r1. Cisco 4321 isr. sub interface 55 is attached to a switch (sw1) with 4 devices connected off of sw1 An extended access list was created on this interface. Supposed to be allowing ports 53, 80, 443, 2500, and 22. I can provide a quick topology if needed.

Internet - Router - Switch - Devices

Command: ip access-list extended popcorn permit tcp 192.168.55.0 0.0.0.255 eq www any

so on and so forth for all ports mentioned above. This same acl is also applied to the sub interface.

Command: interface gig 0/0/1.55 ip access-group popcorn in

This does not seem to be working. The devices attached to the switch cannot reach the internet. I can however ssh to the switch. Turn acl off, internet access restored.

In troubleshooting, i placed a permit tcp any any log at the end, and I can see traffic hitting this rule which tells me its not being triggered by the rule higher up. I can see that the ports being used are what I have in my acl statement.

Everything I see online makes me I have the acl correct. I'm starting to think I have it in the wrong place, or my order is wrong.

MyCCPay