cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
189
Views
5
Helpful
2
Replies
Highlighted
Beginner

Adding a dynamic ACE to an extended ACL

(Please note that all I.P addresses, hostnames, FQDN, etc. mentioned in this post are imaginary)

 

Hello,

 

I wanted to block the domain www.bad-website.com from my network, so I created an ACL like so:

 

myRouter(config)#ip access-list extended NO-BAD

myRouter(config-ext-nacl)#10 deny ip any host www.bad-website.com

myRouter(config-ext-nacl)#20 permit ip any any

myRouter(config-ext-nacl)#end

 

The result is this:

 

myRouter#sh ip access-lists NO-BAD

Extended IP access list NO-BAD

10 deny ip any host 1.2.3.4

20 permit ip any any

 

Where 1.2.3.4 is the DNS query result for www.bad-website.com. The problem is, the owner of this website has a lot of IP addresses at his disposal, and the DNS query returns a different IP every time. I want to block all those IP's, and not just 1.2.3.4. Is it possible to add a dynamic entry to an ACL that will automatically filter all addresses associated with a certain FQDN?

 

Thanks.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: Adding a dynamic ACE to an extended ACL

Hi @FaisalAlBandar,

 

Check this discussion of the community:

https://community.cisco.com/t5/switching/block-certain-websites-from-the-router/td-p/1756333

 

I hope can help you.

 

Regards

2 REPLIES 2
Advocate

Re: Adding a dynamic ACE to an extended ACL

Hi @FaisalAlBandar,

 

Check this discussion of the community:

https://community.cisco.com/t5/switching/block-certain-websites-from-the-router/td-p/1756333

 

I hope can help you.

 

Regards

Beginner

Re: Adding a dynamic ACE to an extended ACL

Thanks a lot. I expected that I would need a different kind of solution to achieve this result. Your reply is much appreciated.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards