N1524 ACL is not working

Question

Hello guys; I have DELL N1542 Switch and I have 2 vlan ( Vlan 1: 192.168.36.1/24 and Vlan100: 192.168.0.0/23) I wrote access list for blocking some DNS reguests ip access-list DNS-BLOCKpermit udp any 192.168.0.2 0.0.0.0 eq domainpermit udp any 192.168.0.3 0.0.0.0 eq domainpermit udp any 192.168.36.42 0.0.0.0 eq domaindeny udp any any eq domain logpermit every But ı can run thıs command on 192.168.0.240 nslookup amazon.com 8.8.8.8    dns request send to 8.8.8.8 anbd ıt ıs reply to my client   What is wrong? Thank you

DELL-Josh Cr · Answer

Hi SerkanUlker,   DNS will fallback to TCP if UDP fails. Try creating a rule for TCP as well.

SerkanUlker · Answer

Hi Josh Cr

ı changed the ACL like this, and I check it.

ip access-list DNS-BLOCK-NEW
permit udp any 192.168.0.2 0.0.0.0 eq domain
permit udp any 192.168.0.3 0.0.0.0 eq domain
permit udp any 192.168.36.42 0.0.0.0 eq domain
permit tcp any 192.168.0.2 0.0.0.0 eq domain
permit tcp any 192.168.0.3 0.0.0.0 eq domain
permit tcp any 192.168.36.42 0.0.0.0 eq domain
deny udp any any eq domain log
deny tcp any any eq domain log
permit every
exit

Networking General

Was this post helpful?