Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
846
Visites
5
Compliment
8
Réponses

ACL to filter FTP server by hostname only

anthodigbo
Level 1
Level 1

le ‎26-06-2023 12:30 AM

Hi guys

I was wondering if it is possible to allow traffic to an FTP server by using its hostname only and deny all other traffic ?

Thanks

Antho

Étiquettes :
8 RÉPONSES 8

MHM Cisco World
VIP
VIP

‎26-06-2023 12:59 AM - modifié ‎26-06-2023 03:33 AM

You can use hostname not host IP in acl' 

You must be Sure that your router can resolve hostname to right IP

0 Compliments

M02@rt37
VIP
VIP

le ‎26-06-2023 03:29 AM

Hello @anthodigbo,

yes you can.

The access-list host functionality permits the use of a hostname as per:

Router(config)#access-list 115 permit ip host ?

Hostname or A.B.C.D  Source address

So assuming the router can resolve DNS then it should be possible to use a DNS host name in an ACL.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Compliments

anthodigbo
Level 1
Level 1

le ‎26-06-2023 04:14 AM

Hi,

Thanks for your response

I misunderstood what the teacher told us to do, I thought that it was possible to allow to connect to an FTP server by its hostname and in the meantime to deny to reach it out by its IP, but what I have been asked to, it's to allow to connect to the ftp server by the hostname and deny all other traffic to the ftp server like ICMP.

Thanks

MHM Cisco World
VIP
VIP
En réponse à anthodigbo

le ‎26-06-2023 04:19 AM

ip access-list extended MHM 
permit tcp <IP> <FTP hostname> eq 20
permit tcp <IP> <FTP hostname> eq 21
deny ip any any 
!
interface 
ip acess-group MHM in

anthodigbo
Level 1
Level 1

le ‎26-06-2023 07:51 AM

Thanks,

I'm dealing with IPv6, without the ACL I can connect with both IP or hostname

So far I've tried this :

ipv6 access-list NAME
permit tcp any host IP eq 53
permit tcp any host IP eq 20
permit tcp any host IP eq 21
end

When I apply the ACL, I'm still able to connect to the FTP with the IP, but not able to connect with the hostname and I've did not deny anything.

 

 

0 Compliments

MHM Cisco World
VIP
VIP
En réponse à anthodigbo

le ‎26-06-2023 07:56 AM

what is meaning of "host IP" you use in ACL

0 Compliments

anthodigbo
Level 1
Level 1

le ‎26-06-2023 08:08 AM

I have managed to do it like this:

ipv6 access-list NAME
permit udp any host IP eq 53
permit tcp any host IP eq 53
permit tcp any host IP eq 20
permit tcp any host IP eq 21
end

Thanks

MHM Cisco World
VIP
VIP
En réponse à anthodigbo

le ‎26-06-2023 08:11 AM

You are so welcome 

0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos Général
Customers Also Viewed These Support Documents