Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACLs with FQDN

Hello folks!!

Is there some way to permit or deny the traffic using ACLs with FQDN names instead of IP address?.

Thanks in advance!!

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: ACLs with FQDN

hello if i have understood your question correctly

access-list 101 permit ip any host host.domain.com

this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router

4 REPLIES
Community Member

Re: ACLs with FQDN

hello if i have understood your question correctly

access-list 101 permit ip any host host.domain.com

this is allowed in ACLs

you need to have ip domain-lookup enabled and should have ip name-server configured in the router

Community Member

Re: ACLs with FQDN

Ok, thanks.

Community Member

Re: ACLs with FQDN

Hello Again!!

I have tried the next on my cisco router:

ip domain-lookup

...

ip name-server xxx.xxx.xxx.xxx

ip name-server yyy.yyy.yyy.yyy

If I send a ping like FQDN (example: www.cisco.com), there is not domain resolution. Appear the next:

Translating "www.cisco.com"... domain server (xxx.xxx.xxx.xxx) (yyy.yyy.yyy.yyy)

% Unrecognized host or address, or protocol not running.

Where the X address and Y address are the DNS of my ISP.

Could somebody help me please?.

Thanks in advance!!

Community Member

Re: ACLs with FQDN

Make sure u are able to reach the DNS server from the router(using ping); also recheck if any access-lists are blocking the DNS requests from being forwarded to your ISP DNS Server.

1121
Views
0
Helpful
4
Replies
CreatePlease to create content