Welcome to weblogs.com.pk Sign in | Join | Help

Using DNS Name in Cisco Access-lists

When you configure an access list that should prevent spammers from misusing your network, You obviously had to figure out the IP address of the ISP’s SMTP server (access lists and object groups accept IP addresses). You can enter a hostname in an IOS ACL … and it works. Actually, IOS performs a DNS lookup when you enter the hostname (assuming you have configured the ip name-server) and stores the resulting IP address in the ACL definition:

jahil(config)#ip access-list extended BlockList
jahil(config-ext-nacl)#permit tcp any host smtp.nexlinx.net.pk eq smtp
Translating "smtp.nexlinx.net.pk"...domain server (202.59.80.10) [OK]
jahil(config-ext-nacl)#do show access-list BlockList
Extended IP access list BlockList
    10 permit tcp any host 202.59.80.38 eq smtp

You can enter hostnames in ACLs or network object groups. In both cases, the name is immediately translated into an IP address.

Published Wednesday, November 26, 2008 11:55 PM by jahil
Filed under: ,

Comments

No Comments
Anonymous comments are disabled