Deny mDNS
This ACL will deny the service of mDNS from being used.
Port 5353 and Multicast DNS (mDNS)
Port 5353 is used by the Multicast DNS (mDNS) protocol, which is a zero-configuration networking protocol. mDNS resolves hostnames to IP addresses within small networks that do not include a local name server.
How mDNS Works
When an mDNS client needs to resolve a hostname, it sends an IP multicast query message that asks the host having that name to identify itself. The target machine then multicasts a message that includes its IP address. All machines in that subnet can then use that information to update their mDNS caches.
The mDNS protocol uses the following addresses:
-
IPv4 address: 224.0.0.251
-
IPv6 address: ff02::fb
-
UDP port: 5353
Deny mDNS Procedure
- Open a Panorama PON (EMS) session, right-click on a Network and select Global ACL from the dropdown list.
- Select the Create a new ACL Filter icon to access the Filter Window.
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9hY2wtZ2xvYmFsLTEoMikucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzYyMTc0OTE1fX19XX0_&Signature=Jn2G4lVwoMqdTNvUuiXJu9LzVbu9YfU1d7F6ZhNRYekNWEaTiWdYRCMdS5aPcbj8xdoOkp5E7Vx6kzvO~d2eGDLd0Qb-ffl~OkxWLfF5Iu9cBJNUGEEpdv9wN75KGbdaYyEbQqxYzz8BZdnS2eV6nM3s1EWVADHB6iAmflHVo0SWNxnlDFSb-hSAqlnL7TqQGoKbb0UaEXzgtE3dRPRirkixHWmWH9VBuLCKqv75OnOYLmv5WRvs0dcCE3MEbwLbHBsbtCxSAcG3sqXfe2ruLU3lQbWLHmnj3CgCIS8ZXap2RUxjV7M8V1Gd8XCF7kVbLs-Hi9D7Kjbqpoj-6mdHaw__&Key-Pair-Id=K2TK3EG287XSFC)
- With the Global Filter window open, perform the following steps:
Step 1: Enter "Block-mDNS" in Filter Name: entry box:
Step 2: Select "Extended ACL" from the ACL Type: Dropdown
Step 3: Select "Deny" from the Action: Dropdown
Step 4: Select "Ipv4" from the Filter Type: Radio Selections
Step 5: Select "Any Mac(s)" from the SourceMAC(s): dropdown
Step 6: Click on the Add button to add "Any Mac(s)" to the Source Mac(s) window
Step 7: "Any Mac(s)" will display in the Source Mac(s) window
Step 8: Enter "32" in the Max MAC(s) entry box
Step 9: Enter "224.0.0.251" in the Destination IP(s) entry box
Step 10: Click on the Add button to add "224.0.0.251)" to the Destination IP(s) window
Step 11: Click on the Submit button to save the new filter
- After the Profile has been generated, the ACL status is displayed. Click on the Close button to complete the ACL profile.