Reset Search



How to Configure ACL on S-Series to Control Guest Network Access

« Go Back


TitleHow to Configure ACL on S-Series to Control Guest Network Access
Permit Guest network to access public Internet while blocking access to internal subnets
  • S-Series
  • Firmware version 08.xx.xx.xxxx and greater
  • ACL
  • Private internal networks
  • Public Internet Access
1  Configure an extended ACL with permits and denies as required (Guest subnet here is /24 )
ip access-list extended internet-only
permit ip host
deny ip any
deny ip any
permit ip any any
2  Apply the ACL to the Guest Network Interface as an input:
interface vlan 10
ip access-group internet-only in

In the above example, clients are in range, and we are allowing access to DNS Server, while denying access to internal subnets and
The permit ip any any allows all other traffic from the client to the internet
Additional notes
  • Access to the DNS servers must be provided before the deny statements, the permit to any must be after the deny statements
  • Wildcard Subnet Masks are the reverse of a normal mask, which is calculated by subtracting each octet from value 255
Subnet Mask =
Subtract each octet from 255, and we get=

See also: How to configure ACL to permit through two hosts on different subnets on S-Series and N-Series



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255