- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: ACL on DNS SRV
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2010 04:40 AM
тАО12-09-2010 04:40 AM
ACL on DNS SRV
I have a 5406zl L3 Switch.
I have configured my Vlans and I need an ACL that will
permit host 192.168.87.61 on Vlan 87 to login on my DNS server on another Vlan 80 (DNS SRV IP 192.168.80.1), and NOTHING else. Routing is done by the 5406
I have configured these ACL
OUT in VLAN 87
ip access-list extended "189"
20 permit tcp 192.168.80.1 0.0.0.0 0.0.0.0 255.255.255.255 established
30 permit udp 192.168.80.1 0.0.0.0 0.0.0.0 255.255.255.255
Exit
IN in VLAN 87
ip access-list extended "188"
19 permit udp 192.168.87.61 0.0.0.0 192.168.80.1 0.0.0.0
70 permit udp 192.168.87.61 0.0.0.0 192.168.80.1 0.0.0.0 eq 53
100 permit tcp 192.168.87.61 0.0.0.0 192.168.80.1 0.0.0.0 eq 445
200 permit tcp 192.168.87.61 0.0.0.0 192.168.80.1 0.0.0.0 eq 1026
210 permit tcp 192.168.87.61 0.0.0.0 192.168.80.1 0.0.0.0 eq 135
exit
But
1st host takes about a min to login
2nd My DNS SRV has all udp ports open to host
Could anybody give me an idea? Or an example
THANK YOU ALLтАж
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2010 05:00 AM
тАО12-09-2010 05:00 AM
Re: ACL on DNS SRV
netstat -a
host:3104 DNS:epmap TIME_WAIT
host :3105 DNS:1026 TIME_WAIT
host:3115 DNS:microsoft-ds TIME_WAIT
host :3122 DNS:1026 TIME_WAIT
host :3136 DNS:epmap TIME_WAIT
i have this time w
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2010 12:39 AM
тАО12-13-2010 12:39 AM
Re: ACL on DNS SRV
OUT in VLAN 87
ip access-list extended "189"
20 permit tcp 192.168.80.1 0.0.0.0 0.0.0.0 255.255.255.255 established
30 permit udp 192.168.80.1 0.0.0.0 0.0.0.0 255.255.255.255
Exit
<<<
ACL is configured as "permit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2010 02:50 AM
тАО12-13-2010 02:50 AM
Re: ACL on DNS SRV
I don├в t see a great change├в ┬ж
In my current configuration I don├в t use ACL extended 189 at all
But the problem still remains
My system logins after about a min
And I have all UDP ports to my DNS SRV open.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2010 05:11 AM
тАО12-13-2010 05:11 AM
Re: ACL on DNS SRV
Whats the subnetmask andd gateway of host 192.168.87.61
same for host 192.168.80.1
whats the ip-address/mask of the switch in vlan 87 and vlan 80
Is there any default-gateway or "route 0.0.0.0 ..." configured at the switch?
If so, to what device (firewall, router, ...)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-13-2010 05:28 AM
тАО12-13-2010 05:28 AM
Re: ACL on DNS SRV
Vlan 80 has my DNS Server
DNS IP 192.168.80.1/24
GW 192.168.80.11
And my host is on Vlan 87
IP 192.168.87.61/24
GW 192.168.87.11
thanx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2010 10:52 PM
тАО12-19-2010 10:52 PM
Re: ACL on DNS SRV
thank you