VLAN pool need to deny access to LAN - Page 2

wrathyimp · ‎12-05-2011

Hi,

I am creating a VLAN pool, for guest users to access internet only.

How can i deny access to all the local lan VLANs?

My Guest VLAN subnet is 192.168.9.0

So i need to deny access to all the VLANs:

192.168.1.0

192.168.2.0

192.168.3.0

192.168.4.0

192.168.5.0

192.168.6.0

192.168.7.0

192.168.8.0

I have tried the following access-list configuration:

access-list 127 permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.7

access-list 127 permit ip 192.168.9.0 0.0.0.255 192.168.9.0 0.0.0.255

access-list 127 deny ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.7.255

access-list 127 permit ip any any

But it didnt work, as i couldnt ping any local lan ips, nor browse any website.

Thanks

wrathyimp · ‎12-11-2011

Ok,

I am not getting any where, this is wat is tried:

Extended IP access list 127

10 deny ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.7.255 (26 matches)

20 deny ip 192.168.9.0 0.0.0.255 192.168.8.0 0.0.0.255

30 permit ip any any

But this is denying access to the firewall (192.168.1.6) also, So i cannot browser the internet.

So should it be as the following:

Extended IP access list 127

10 permit ip 192.168.9.0 0.0.0.255 host 192.168.1.6

20 deny ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.7.255

30 deny ip 192.168.9.0 0.0.0.255 192.168.8.0 0.0.0.255

40 permit ip any any