01-04-2022 07:36 AM
Hi all,
Is there a way to dynamically add IPs derived from an FQDN to an ACL of a CISCO 6300 RTR (updating it with new IPs while retaining any old / pre-existing IPs)? Unfortunately, I'm unable to obtain an exhaustive list of IPs for this FQDN, which are periodically changed and then blocked by my ACL, thus my dilemma.
Thanks
GPBH
Solved! Go to Solution.
01-04-2022 01:16 PM
01-04-2022 08:21 AM
Not sure i have understand the question correctly, you looking the limitation or changing from old IP to new IP ?
check below may help you :
01-04-2022 08:54 AM
Thank you very much balaji,
I managed to google this a couple of weeks ago, but noticed the post was in reference to an ASA, which my 6300 is not configured as. Since my 6300 is running IOS XE firmware 17.X , I was told a portion of the CLI syntax referenced would be incompatible.
I'm a novice, so any additional input / direction / suggestions would be greatly appreciated.
Thanks
GPBH
01-04-2022 09:02 AM
Hello,
I guess a simple EEM script that periodically pings the FQDN, and then parses the output to a new entry in the access list should work.
How often does the IP address change ?
I'll test the script and get back with you...
01-04-2022 09:40 AM
01-04-2022 10:00 AM - edited 01-04-2022 12:25 PM
I believe I have a linux command that should be able to obtain IPs dervied from the FQDN -> dig some.FQDN.com | egrep ^sip | awk '{ print $5 }' | xargs -n1 -I{} iptables -A INPUT -s {} -j ACCEPT but adding the new IPs to the current ACL without purging the old/pre-existing IPs is a different story and what I need to figure out.
01-04-2022 01:16 PM
Hello,
on which device is the FQDN query executed ?
01-05-2022 06:05 AM - edited 01-05-2022 07:11 AM
Thanks Georg - The device performing the DNS query is a managed linux server, but if it's a task that can be assumed by the 6300 RTR via TCL + EEM, that would be the preferred method. Unfortunately, I've never created / touched either (TCL/EEM), so any assistance with this would be greatly appreciated
GPBH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide