45-24
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 45 Configuring AVC with DNS-AS
Troubleshooting AVC with DNS-AS
Troubleshooting AVC with DNS-AS
Problem Possible Causes and Solutions
There are no entries in the binding table The binding table may be empty because of one or both of these reasons:
• Metadata is not maintained in DNS server—complete task Generating
Metadata Streams, page 45-7
• The entry is not maintained in the trusted domain list—complete task Making
an Entry in the Trusted Domain List, page 45-10
Unsuccessful DNS snooping or packet
logging.
To ensure DNS snooping and packet logging, you must attach the policy map
(containing the relevant class maps that will determine traffic class) to the
interface—See the example in the Configuring QoS for AVC with DNS-AS
section.
The DNS server does not return correct
values
Verify that the correct DNS-AS metadata is maintained in the DNS system
• Using Linux dig:
dig TXT +short www.example.org [dns-server-ip]
"CISCO-CLS=app-name:example|app-class:TD|business:YES|app-id:CU/28
202"
• Using Windows nslookup:
C:\Windows\system32>NSLookup.exe -q=TXT www.example.org
[dns-server-ip]
www.example.org text =
"CISCO-CLS=app-name:example|app-class:TD|business:YES|app-id:CU/28
202"
The QoS policy you applied to the port
is removed.
When the DNS-AS client recognises an application, along with saving the "A"
record response in the binding table, the system utilises the TCAM to save the IP
address of the application. A single application can in effect have multiple IP
addresses, each utilising additional space in the TCAM. When the TCAM is
exhausted, QoS policies cease to be applied.
To avoid the problem, monitor TCAM utilisation on a regular basis. Enter the
show platform tcam utilisation command in privilege EXEC mode, to display
information about TCAM availability.
To Next Page
Loading...
Need help?
General
