Default Configuration - Cisco Catalyst 4500 Series Software Configuration Manual

Configuring AVC with DNS-AS

Default Configuration

AVC with DNS-AS is disabled.
Configuring AVC with DNS-AS
•
•
•
•
•
•
•
•
Prerequisites for Configuring AVC with DNS-AS
•
•
•
Restrictions and Guidelines for Configuring AVC with DNS-AS
•
•
•
•
•
•
•
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
45-6
Prerequisites for Configuring AVC with DNS-AS, page 45-6
Restrictions and Guidelines for Configuring AVC with DNS-AS, page 45-6
Generating Metadata Streams, page 45-7
Configuring a DNS Server as the Authoritative Server, page 45-9
Enabling AVC with DNS-AS, page 45-9
Making an Entry in the Trusted Domain List, page 45-10
Configuring QoS for AVC with DNS-AS, page 45-11
Configuring FNF for AVC with DNS-AS, page 45-15
The DNS-AS client can snoop forward look-up requests originating from hosts.
To ensure DNS packet logging or snooping, you must attach the policy map to the interface, by using
the service-policy input command.
You have maintained metadata in the authoritative DNS server and reachability exists - before you
enable AVC with DNS-AS.
Only a forward look-up is supported.
Two DNS servers are supported, in case of a failover. One is considered the primary DNS server and
other, the secondary DNS server.
IPv6 is not supported—AAAA requests, and IPv6 DNS servers are not supported.
AVC with DNS-AS is supported only on physical interfaces, in the ingress direction.
AVC with DNS-AS is not supported on wireless traffic.
Virtual Routing and Forwarding (VRF) is not supported.
We recommend a maximum of 300 AVC with DNS-AS applications (domain names) in the binding
table, because of its effect on the ternary content addressable memory (TCAM). To know how the
addition of applications affects the TCAM see the
section of this chapter
Chapter 45 Configuring AVC with DNS-AS
Troubleshooting AVC with DNS-AS, page 45-24