11-29-2016 02:36 PM - edited 03-08-2019 08:21 AM
I know this is a pretty basic question but here is the scenario... I am adding widi devices which will be on the wired network on their own vlan which is the projector vlan. The problem is the public wireless cannot talk to this vlan due to an access list since it is a public wireless which is also on its own vlan. I need to be able to have the public wireless be able to talk to the devices on the projector vlan so they can connect to the widi device. Here is the configuration:
interface Vlan13 (Projector Vlan)
description Projectors
ip address 10.0.77.129 255.255.255.128
ip helper-address 10.0.2.11
no ip redirects
no ip proxy-arp
interface Vlan17
description Public Wireless
ip address 10.0.80.1 255.255.252.0
ip access-group public-wireless in
ip helper-address 10.0.2.11
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
ip access-list extended public-wireless
permit udp any host 10.0.2.11 eq bootps
permit udp any host 10.0.2.10 eq domain
permit udp any host 10.0.2.11 eq domain
permit tcp any 10.0.2.0 0.0.0.255 eq www
permit tcp any 10.0.2.0 0.0.0.255 eq 443
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
I was thinking i could add another permit statement to the 10.0.7.129 network but was unsure if that would be the best way of doing it. Any help would be appreciated. Thank you!
11-29-2016 05:25 PM
Well if your vlan 17 needs to talk to vlan 13, you will need to add a permit to 10.0.77.129/25 above your deny ip any 10.0.0.0 0.255.255.255 statement
11-30-2016 08:46 AM
so it would be permit tcp any 10.0.77.129 0.0.0.128 ?
11-30-2016 02:20 PM
It d be like this:
permit tcp any 10.0.2.0 0.0.0.255 eq 443
permit ip any 10.0.77.129 0.0.0.128 <-------insert here
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
11-30-2016 02:30 PM
ok I will try that, thank you!
12-05-2016 12:33 PM
for some reason when i enter that is changes it to display permit ip any 10.0.77.1 0.0.0.128 instead of permit ip any 10.0.77.129 0.0.0.128
12-05-2016 01:26 PM
i got it, it should of been permit ip any 10.0.13.128 0.0.0.127
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide