About Avc With Dns-As - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
About AVC with DNS-AS
About AVC with DNS-AS
•
•
•
•
•
Overview
The process starts with an organization's requirements relating to management and control of network
traffic. You begin by assessing—the software applications that run on the various hosts (phones, PCs
etc.) in your network, the domains (websites) and applications accessed by these devices, and the
business-relevance of these domains and applications in your organization.
The assessment helps you arrive at a list of domains and applications that are "trusted" by your
organization - designating all remaining domains and applications as untrusted.
With DNS-AS enabled on your network and the list of trusted domains at hand, the networking devices
or DNS-AS clients in your network identify which applications the network traffic belongs to or which
domains are being requested. As long as the traffic is part of the trusted list, the switch requests the DNS
server for metadata and IP address information. This request is sent in the form of a DNS-query. The
response, once received, is cached locally until the Time-to-Live (TTL) for that resource record expires.
The response is bound to the traffic and allows the DNS-AS client to now identify, classify, and forward
traffic accordingly.
Key Concepts
Metadata (RFC6759)
Forward look-up
Host
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
45-2
Overview, page 45-2
Key Concepts, page 45-2
AVC with DNS-AS Process Flow, page 45-4
High Availability and ISSU for AVC with DNS-AS, page 45-5
Default Configuration, page 45-6
In the context of the AVC with DNS-AS feature, this includes traffic
classification information, application identification information, and
business relevance information.
Metadata is maintained in the form of TXT records. The following is
a sample metadata record in the prescribed format:
CISCO-CLS=app-name:example|app-class:TD|business:YES|app-i
d:CU/28202
A request for an IP address or a request for an "A" record, originating
from a host.
Being able to snoop these forward lookups in the network traffic is
fundamental to the DNS-AS feature.
A PC or mobile where users run software applications, access
websites and so on.
Only hosts with a wired connection to the network are considered.
Forward look-up requests originate from hosts.
Chapter 45
Configuring AVC with DNS-AS
Advertisement
Chapters
Table of Contents
Troubleshooting
