Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access List help


I have a question about configuring an access list? Can you use computer names instead of ip addresses. We have a pix in front of our SQL servers and workstation PC's that need to access the SQL servers are assigned DHCP addresses.

Cisco Employee

Re: Access List help


if you want to use computer name,you need to configure the same in the pix.


name RediPlus2

name RediPlus1

name Themis02

name abc

name TACACS-2.6

use these names in the access-list.

Hope this helps.



Community Member

Re: Access List help


Yes you can but you need to give the IP address a name first. Here's an example

pixfirewall(config)# int e1

pixfirewall(config-if)# ip address

pixfirewall(config-if)# no shut

pixfirewall(config-if)# duplex full

pixfirewall(config-if)# nameif inside

INFO: Security level for "inside" set to 100 by default.

ICMP: icmp_open Entry for context 0

pixfirewall(config-if)# exit


pixfirewall(config)# name SQL-SERVER

pixfirewall(config)# access-list inside-access permit ip host SQL-SERVER any

pixfirewall(config-if)# access-group inside-access in interface inside



I hope this helps.

Community Member

Re: Access List help

That helps a little bit but i have to give DHCP clients access to a sql server behind the pix.

What if the IP on the client changes then i have to login and change it on the pix too.

Cisco Employee

Re: Access List help

ok,plz clarify.

on which interface of pix, do we have the sql server.

on which interface of pix, do we have the workstations.

which code are u running on this pix?

also,please post the following:

sh nat..if code is 6.x

sh run nat..if code is 7.x

sh glo..if code is 6.x

sh run glo...if code is 7.x

sh static..if code is 6.x

sh run static..if code is 7.x



Re: Access List help

If all the clients in the dhcp pool have access, then just allow the whole network.

Community Member

Re: Access List help

not all should have access only about 30 clients


Re: Access List help

Even if you could use computer name, how secure would that be if I knew what computer names were allowed access?

Community Member

Re: Access List help

What kind of DHCP server is in play? I've found the best way is to create a seperate scope on the DHCP server and make a rule for the address range or make an authentication rule for traffic destined for sql ports, then supply a username and password to the DB developers

CreatePlease to create content