Unsolved
2 Posts
0
399
October 12th, 2020 00:00
N1524 ACL is not working
Hello guys;
I have DELL N1542 Switch and I have 2 vlan ( Vlan 1: 192.168.36.1/24 and Vlan100: 192.168.0.0/23)
I wrote access list for blocking some DNS reguests
ip access-list DNS-BLOCK
permit udp any 192.168.0.2 0.0.0.0 eq domain
permit udp any 192.168.0.3 0.0.0.0 eq domain
permit udp any 192.168.36.42 0.0.0.0 eq domain
deny udp any any eq domain log
permit every
But ı can run thıs command on 192.168.0.240
nslookup amazon.com 8.8.8.8
dns request send to 8.8.8.8 anbd ıt ıs reply to my client
What is wrong?
Thank you
0 events found
No Events found!
DELL-Josh Cr
Moderator
•
9.6K Posts
0
October 12th, 2020 09:00
Hi SerkanUlker,
DNS will fallback to TCP if UDP fails. Try creating a rule for TCP as well.
SerkanUlker
2 Posts
0
October 16th, 2020 05:00
Hi Josh Cr
ı changed the ACL like this, and I check it.
ip access-list DNS-BLOCK-NEW
permit udp any 192.168.0.2 0.0.0.0 eq domain
permit udp any 192.168.0.3 0.0.0.0 eq domain
permit udp any 192.168.36.42 0.0.0.0 eq domain
permit tcp any 192.168.0.2 0.0.0.0 eq domain
permit tcp any 192.168.0.3 0.0.0.0 eq domain
permit tcp any 192.168.36.42 0.0.0.0 eq domain
deny udp any any eq domain log
deny tcp any any eq domain log
permit every
exit