How enable DNS traffic in my ip ACL for my wlan

mario123na — Fri, 07 Feb 2020 04:38:44 GMT

Hi everyone

I try configurate the ACL for blocking every traffic except the DNS for only one Public IP, on the same net the all traffic is allow, and the dhcp is allow, but only the DNS resolve do not work in the navigator, I can put the public IP in my navigator and it works, I try only TCP and UDP port 53 in the ACL but do not work, actually all traffic for 8.8.8.8 and 9.9.9.9 is allowed I do not know why the DNS resolve do not working, the firmware is Wing 5.9.6 and the model is AP7632

my configuration is:

ip access-list Test-Block
permit ip 10.10.1.0/24 10.10.1.0/24 log rule-precedence 4
permit tcp 10.10.1.0/24 host 8.8.8.8 log rule-precedence 5
permit tcp 10.10.1.0/24 host 9.9.9.9 log rule-precedence 9
permit udp 10.10.1.0/24 host 8.8.8.8 log rule-precedence 10
permit udp 10.10.1.0/24 host 9.9.9.9 log rule-precedence 11
permit ip 10.10.1.0/24 host 35.232.239.22 log rule-precedence 12
permit udp any any range 67 68 log rule-precedence 15
permit ip any host 10.10.1.1 log rule-precedence 16
disable deny ip any any log rule-precedence 18

wlan WLAN_INCO_FINAL
ssid WLAN-PAD
vlan 1
bridging-mode local

use ip-access-list in Test-Block

Do you anything Idea for this problem?

Thanks for your help

Re: How enable DNS traffic in my ip ACL for my wlan

ckelly — Fri, 07 Feb 2020 04:56:22 GMT

Try adding this:

permit tcp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 1

permit udp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 2

If that works for you, replicate it for the other DNS server addresses and the precedence values.

topic How enable DNS traffic in my ip ACL for my wlan in ExtremeWireless (WiNG)

How enable DNS traffic in my ip ACL for my wlan

Re: How enable DNS traffic in my ip ACL for my wlan