cancel
Showing results for 
Search instead for 
Did you mean: 

How enable DNS traffic in my ip ACL for my wlan

How enable DNS traffic in my ip ACL for my wlan

mario123na
New Contributor

Hi everyone 

 

I try configurate the ACL for blocking every traffic except the DNS for only one Public IP, on the same net the all traffic is allow, and the dhcp is allow, but only the DNS resolve do not work in the navigator, I can put the public IP in my navigator and it works, I try only TCP and UDP port 53 in the ACL but do not work, actually all traffic for 8.8.8.8 and 9.9.9.9  is allowed I do not know why the DNS resolve do not working, the firmware is Wing 5.9.6 and the model is AP7632 

 

my configuration is:

 

ip access-list Test-Block
 permit ip 10.10.1.0/24 10.10.1.0/24 log rule-precedence 4 
 permit tcp 10.10.1.0/24 host 8.8.8.8 log rule-precedence 5 
 permit tcp 10.10.1.0/24 host 9.9.9.9 log rule-precedence 9 
 permit udp 10.10.1.0/24 host 8.8.8.8 log rule-precedence 10 
 permit udp 10.10.1.0/24 host 9.9.9.9 log rule-precedence 11 
 permit ip 10.10.1.0/24 host 35.232.239.22 log rule-precedence 12 
 permit udp any any range 67 68 log rule-precedence 15 
 permit ip any host 10.10.1.1 log rule-precedence 16 
 disable deny ip any any log rule-precedence 18    

wlan WLAN_INCO_FINAL
 ssid WLAN-PAD
 vlan 1  
 bridging-mode local 

 use ip-access-list in Test-Block
 

 

Do you anything Idea for this problem?

 

Thanks for your help  

1 ACCEPTED SOLUTION

ckelly
Extreme Employee

Try adding this:

 permit tcp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 1

permit udp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 2

 

If that works for you, replicate it for the other DNS server addresses and the precedence values.

View solution in original post

1 REPLY 1

ckelly
Extreme Employee

Try adding this:

 permit tcp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 1

permit udp 10.10.1.0/24 host 8.8.8.8 eq dns rule-precedence 2

 

If that works for you, replicate it for the other DNS server addresses and the precedence values.

GTM-P2G8KFN