From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Wed Sep 26 2007 - 13:52:33 ART
Well, you can do this provided you configure a DNS server on the router to
resolve the names. Now I haven't done this in a long time but it used to be
that once the name was resolved it changed the name to the IP address in the
config and no more name lookups were requested. In other words, this would
not have worked for something like a dynamic address. It's possible that
there is some additional config you can add to force it to always look up a
name.
MB0GCR-IR-01(config)#ip name-server 10.10.2.10
MB0GCR-IR-01(config)#ip domain-lookup
MB0GCR-IR-01(config)#ip access-l ext 119
MB0GCR-IR-01(config-ext-nacl)#permit ip any host www.cisco.com
Translating "www.cisco.com"...domain server (10.10.2.10) [OK]
MB0GCR-IR-01(config-ext-nacl)#do sh access-l 119
Extended IP access list 119
10 permit ip any host 198.133.219.25
Now that you know it can do it and more or less how it can do it, you have
what you need to check it out on CCO.
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alexandre Ribeiro
Sent: Wednesday, September 26, 2007 11:14 AM
To: cisco@groupstudy.com
Subject: Access list with fully qualified domain names [7:126649]
Hello all,
Is is possible to have an access-list that uses fully qualified domain names
instead of IP addresses? I'm not trying to match a website or using NBAR, I
just want to block a particular host whose IP address may vary.
Thanks in advance.
Alexandre
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART