Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
874
Views
5
Helpful
2
Replies

Adding a dynamic ACE to an extended ACL

Go to solution
FaisalAlBandar
Level 1
Level 1

‎02-12-2019 04:36 AM

(Please note that all I.P addresses, hostnames, FQDN, etc. mentioned in this post are imaginary)

 

Hello,

 

I wanted to block the domain www.bad-website.com from my network, so I created an ACL like so:

 

myRouter(config)#ip access-list extended NO-BAD

myRouter(config-ext-nacl)#10 deny ip any host www.bad-website.com

myRouter(config-ext-nacl)#20 permit ip any any

myRouter(config-ext-nacl)#end

 

The result is this:

 

myRouter#sh ip access-lists NO-BAD

Extended IP access list NO-BAD

10 deny ip any host 1.2.3.4

20 permit ip any any

 

Where 1.2.3.4 is the DNS query result for www.bad-website.com. The problem is, the owner of this website has a lot of IP addresses at his disposal, and the DNS query returns a different IP every time. I want to block all those IP's, and not just 1.2.3.4. Is it possible to add a dynamic entry to an ACL that will automatically filter all addresses associated with a certain FQDN?

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
2 Replies 2

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎02-13-2019 07:06 AM

Hi @FaisalAlBandar,

 

Check this discussion of the community:

https://community.cisco.com/t5/switching/block-certain-websites-from-the-router/td-p/1756333

 

I hope can help you.

 

Regards

Go to solution
FaisalAlBandar
Level 1
Level 1
In response to luis_cordova

‎02-13-2019 07:10 AM

Thanks a lot. I expected that I would need a different kind of solution to achieve this result. Your reply is much appreciated.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card