Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

45-10

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 45 Configuring AVC with DNS-AS

Configuring AVC with DNS-AS

Making an Entry in the Trusted Domain List

When AVC with DNS-AS is first enabled on the switch, the trusted domain list is empty. You must

maintain the list of trusted domains on the switch. The switch snoops only for network traffic that is

maintained in this list. To make entries in this list, perform the following task

Command or Action Purpose

Step 1

configure terminal

Example:

Switch# configure terminal

Enters global configuration mode.

Step 2

[no] avc dns-as client enable

Example:

Switch(config)# avc dns-as client enable

Enables AVC with DNS-AS on the switch (DNS-AS client).

The system then creates a binding table where parsed DNS server

responses are stored till the TTL expires.

Note To ensure DNS packet logging or snooping, you must

attach the policy map (containing the relevant class maps

that will determine traffic class) to the interface by using

the service-policy input command. For more information

see Configuring QoS for AVC with DNS-AS, page 45-11.

Command or Action Purpose

Step 1

configure terminal

Example:

Switch# configure terminal

Enters global configuration mode.

Step 2

[no] avc dns-as client trusted-domains

Example:

Switch(config)# avc dns-as client

trusted-domains

Enters the trusted domain configuration mode.

Step 3

[no] domain domain-name

Example:

Switch(config-trusted-domains)# domain

www.example.com

Enter the domain name. This forms part of the list of trusted

domains for the DNS-AS client. All remaining domains are

ignored and will follow default forwarding behavior.

You can enter up to 50 domains.

You can use regular expressions to match the domain name. For

example, to represent all the domains for an organization, if you

enter:

Switch(config-trusted-domains)# domain *.example.*

The DNS-AS client matches www.example.com, ftp.example.org

and any other domain that pertains to the organization “example”.

But use such an entry at your discretion, because it could increase

the size of the binding table considerably.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E