PBR and FQDN? (ASR1K v16)

mickpro77 · ‎09-05-2024

Hi,

I work for an ISP and like many of them we use PBR for routing.

We use IPs within ACLs, matched in RMs.

I'm wondering if it's possible to use FQDNs instead of IPs within ACLs, is it?

We use ASR1K v16 FYI.

KR

MHM Cisco World · ‎09-05-2024

Try use fqdn in acl

And see if asr1k resolve to IP or not

MHM

mickpro77 · ‎09-05-2024

I did, there is no fqdn option in ACL.

ROUTER(config)#ip access-list extended CAPTURE
ROUTER(config-ext-nacl)#?
Ext Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment

ROUTER(config-ext-nacl)#permit ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
object-group Service object group
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol

MHM Cisco World · ‎09-05-2024

I make check' there is no direct ACL for fqdn in ASR1k.

To config acl fqdn you need to use doamin list.

And since there is no direct acl fqdn you can not use it in pbr.

Sorry for this bad news

MHM

paul driver · ‎09-05-2024

Hello @mickpro77
My understanding is that you cannot match on fqdn for PBR

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mickpro77 · ‎09-05-2024

That's what I was dreading/expecting...

Thanks!