08-09-2005 04:31 PM - edited 03-02-2019 11:39 PM
I would like to deny this network from seeing all of the other network. i am not sure if i am doing this correctly. please advise.
access-list 101 deny ip 192.168.99.0 0.0.0.255 192.0.0.0 0.0.0.255
I dont want 192.168.99.0 to see all of the 192.0.0.0 segment. please advise.
08-09-2005 09:35 PM
Hi,
What is the subnet mask of the network to which you want to deny access?
If it is 192.0.0.0/8, the access list should be as follows.
access-list 101 deny ip 192.168.99.0 0.0.0.255 192.0.0.0 0.255.255.255
Regards,
Shijo George.
08-10-2005 08:12 PM
thanks
08-10-2005 08:23 PM
If using DHCP for guest vlan, try using a DNS server in the DHCP scope defined for guest vlan, as an external (public) DNS server IP. Do not provide your internal DNS Server as part of the scope, because this will let the guest user hack into your network through your DNS server. (Obviously then you will have to permit communication from guest subnet to your internal DNS server, which is not a good thing to do)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide