Using IAP 104 VC . On VC three SSID's with different rules. I have apllied rules on SSID's so please Verify.
For Guest SSID with Captive Portal authentication i have to allow only Internet to a subnet 192.168.32.0 and deny 192.168.0.0/16 on this SSIDSo,
Allow DHCP to a network 192.168.32.0 0.0.0.255 Vlan 32 for Guest SSID
Allow DNS to a network 192.168.32.0 0.0.0.255
Allow HTTPS to a network 192.168.32.0 0.0.0.255
Allow HTTP to a network 192.168.32.0 0.0.0.255
Deny all services to a network 192.168.0.0 0.0.255.255
For Project SSID i have to deny 192.168.0.0/16. All other everything should be allowed. So,
Deny all services to a network 192.168.0.0 0.0.255.255
Allow all services for a network 192.168.52.0 0.0.0.255 Vlan 52 is the VLAN for Project SSID
For Dep-S SSID I have to allow some IP's and deny 192.168.0.0/16. So,
Allow All Services for a network 192.168.60.61 0.0.0.0 Vlan 60 for Dep-SSID and have to allow only 3 ip's
Allow All Services for a network 192.168.60.62 0.0.0.0
Allow All Services for a network 192.168.60.63 0.0.0.0
Deny all services for a network 192.168.0.0 0.0.255.255
Please Verify .