dns-snoop

Sets the timeout interval for DNS snoop table entries. DNS snoop entries provide information, such as client to IP address and client to default gateway(s) mappings. This information is used to detect if the client is sending routed packets to a wrong MAC address.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

dns-snoop entry-timeout <30-86400>

Parameters

dns-snoop entry-timeout <30-86400>

entry-timeout <30-86400>

Sets the DNS snoop table entry timeout interval from 30 - 86400 seconds. An entry is retained in the DNS snoop table only for the specified time, and is deleted once this time is exceeded. The default is 1,800 seconds.

Examples

nx9500-6C8809(config-fw-policy-testFW)#dns-snoop entry-timeout 1200
nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 no ip dos tcp-sequence-past-window
 dhcp-offer-convert
 alg facetime
 dns-snoop entry-timeout 1200
nx9500-6C8809(config-fw-policy-testFW)#

Related Commands

no

Removes the DNS snoop table entry timeout interval