Hi All,
I think I posted this somewhere else...a long time ago..cannot find it. but here goes..
I need to restrict a specific vlan on my network to only be allowed to gain a dhcp address, and hit the internet. to do this, i realize i need to allow dhcp, dns and web. i have the following acl applied on my vlan interface inbound:
access-list 101 permit udp any any eq bootps access-list 101 permit udp any host eq 67 access-list 101 permit udp any host eq 68 access-list 101 permit udp any host eq 53 access-list 101 permit tcp any host eq 53 access-list 101 permit udp host eq 53 any eq 53 access-list 101 permit tcp host eq 53 any eq 53 access-list 101 permit tcp any eq 80 any eq 80 access-list 101 deny ip 192.168.75.0 0.0.0.255
255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip 192.168.75.0 0.0.0.255 255.255.255.0 access-list 101 deny ip any anyI can get a dhcp address, but cannot surf the web. can someone tell me what i have wrong here?
TIA,
r