08-26-2025, 02:34 PM
Disagree with the answer which states DNS is the issue.
The inbound ACL ends with
permit ip 10.66.42.0 0.0.0.255 any ⟵ wrong subnet
permit ip 10.66.46.0 0.0.0.255 any ⟵ only half the /23
Effect: clients that land in 10.66.47.0/24 are implicitly denied on the inbound ACL, so “not all guests” can reach the internet (they still get DHCP because bootpc/bootps are permitted).
Seems like to me, the answer should be fixing the /24 wildcard to a /23 on the inbound ACL.
Thanks.
The inbound ACL ends with
permit ip 10.66.42.0 0.0.0.255 any ⟵ wrong subnet
permit ip 10.66.46.0 0.0.0.255 any ⟵ only half the /23
Effect: clients that land in 10.66.47.0/24 are implicitly denied on the inbound ACL, so “not all guests” can reach the internet (they still get DHCP because bootpc/bootps are permitted).
Seems like to me, the answer should be fixing the /24 wildcard to a /23 on the inbound ACL.
Thanks.