On our Cisco 3750 stack the public wireless is network 192.168.32.0/24. I am trying to block it from internal networks, with the exception of DHCP. When I have no ACL applied I can pull an IP and surf the net. When I apply the ACLs below I cant pull an IP. I also want to be able to access devices on the 192.168.32.0 network from my workstation. Can you please spot what Ive missed?
int vlan 32
ip access-group 101 out
access-list 101 remark Permit access to internal DHCP servers
access-list 101 permit udp 192.168.32.0 0.0.0.255 host 10.1.5.15 eq bootpc
access-list 101 permit udp 192.168.32.0 0.0.0.255 host 10.1.5.14 eq bootpc
access-list 101 remark Deny access to internal 10.0.0.0/8 hosts
access-list 101 deny ip any 10.0.0.0 0.255.255.255
access-list 101 remark Allow access to internet route (PIX)
access-list 101 permit ip any host 192.168.154.2
access-list 101 remark Deny access to 192.168.0.0/16 hosts
access-list 101 deny ip any 192.168.0.0 0.0.255.255
int vlan 32
ip access-group 102 in
access-list 102 remark Allow access to vlan from management stations
access-list 102 permit ip host 10.1.10.10 192.168.32.0 0.0.0.255
access-list 102 permit udp host 10.1.5.15 192.168.32.0 0.0.0.255 eq bootpc
access-list 102 permit udp host 10.1.5.14 192.168.32.0 0.0.0.255 eq bootpc
I'm not a regular poster, second question here, so I'm not sure how the points system works. I think my question is relatively easy for an expert so do I assign low points? It seems unappreciative.
Thank you in advance.