Welcome to weblogs.com.pk Sign in | Join | Help

Masood Ahmad Shah

This blog contains a summary of my research readings and thoughts in system and network engineering. View Masood Shah's profile on LinkedIn



Using DNS Name in Cisco Access-lists

When you configure an access list that should prevent spammers from misusing your network, You obviously had to figure out the IP address of the ISP’s SMTP server (access lists and object groups accept IP addresses). You can enter a hostname in an IOS ACL … and it works. Actually, IOS performs a DNS lookup when you enter the hostname (assuming you have configured the ip name-server) and stores the resulting IP address in the ACL definition:

jahil(config)#ip access-list extended BlockList
jahil(config-ext-nacl)#permit tcp any host smtp.nexlinx.net.pk eq smtp
Translating "smtp.nexlinx.net.pk"...domain server ( [OK]
jahil(config-ext-nacl)#do show access-list BlockList
Extended IP access list BlockList
    10 permit tcp any host eq smtp

You can enter hostnames in ACLs or network object groups. In both cases, the name is immediately translated into an IP address.

Published Wednesday, November 26, 2008 11:55 PM by jahil

Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS


No Comments

Leave a Comment