Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
3
Replies

ACL on Guest Vlan

npagadua69
Level 1
Level 1

‎08-09-2005 04:31 PM - edited ‎03-02-2019 11:39 PM

I would like to deny this network from seeing all of the other network. i am not sure if i am doing this correctly. please advise.

access-list 101 deny ip 192.168.99.0 0.0.0.255 192.0.0.0 0.0.0.255

I dont want 192.168.99.0 to see all of the 192.0.0.0 segment. please advise.

Labels:
0 Helpful
3 Replies 3

shijogeorge
Level 1
Level 1

‎08-09-2005 09:35 PM

Hi,

What is the subnet mask of the network to which you want to deny access?

If it is 192.0.0.0/8, the access list should be as follows.

access-list 101 deny ip 192.168.99.0 0.0.0.255 192.0.0.0 0.255.255.255

Regards,

Shijo George.

0 Helpful

npagadua69
Level 1
Level 1
In response to shijogeorge

‎08-10-2005 08:12 PM

thanks

0 Helpful

thisisshanky
Level 11
Level 11
In response to npagadua69

‎08-10-2005 08:23 PM

If using DHCP for guest vlan, try using a DNS server in the DHCP scope defined for guest vlan, as an external (public) DNS server IP. Do not provide your internal DNS Server as part of the scope, because this will let the guest user hack into your network through your DNS server. (Obviously then you will have to permit communication from guest subnet to your internal DNS server, which is not a good thing to do)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents