Wireless Controller, Service Platform and Access Point

Fetches the OpenDNS device_id from the OpenDNS site. Use this command to fetch the OpenDNS device_id. Once fetched, apply the device_id to WLANs that are to be OpenDNS enabled.

OpenDNS is a free DNS service that enables swift Web navigation without frequent outages. It is a reliable DNS service that provides the following services: DNS query resolution, Web-filtering, protection against virus and malware attacks, performance enhancement, etc.

This command is part of a set of configurations that are required to integrate WiNG devices with OpenDNS. When integrated, DNS queries going out of the WiNG device (access point, controller, or service platform) are re-directed to OpenDNS (208.67.220.220 or 208.67.222.222) resolvers that act as proxy DNS servers.

For more information on integrating WiNG devices with OpenDNS site, see Enabling OpenDNS Support.

Supported in the following platforms:

Access Points — AP505i, AP510i/e, AP560i/h
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Note

This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.

Syntax

opendns [APIToken|username]

opendns APIToken <OPENDNS-APITOKEN>

opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>

Note

Note, as per the current implementation both of the above commands can be used to fetch the device_id from the OpenDNS site.

Parameters

opendns APIToken <OPENDNS-APITOKEN>

opendns

Fetches the device_id from the OpenDNS site using the OpenDNS API token

APIToken <OPENDNS-APITOKEN>

Configures the OpenDNS APIToken. This is the token provided you by CISCO at the time of subscribing for their OpenDNS service.

<OPENDNS-APITOKEN> – Provide the OpenDNS API token (should be a valid token).

For every valid OpenDNS API token provided a device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns.

opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>

opendns	Fetches the device_id from the OpenDNS site using the OpenDNS credentials
username <USERNAME>	Configures the OpenDNS user name. This is your OpenDNS email ID provided by CISCO at the time of subscribing for their OpenDNS service. <USERNAME> – Provide the OpenDNS user name (should be a valid OpenDNS username).
password <OPENDNS-PSWD>	Configures the password associated with the user name specified in the previous step <OPENDNS-PSWD> – Provide the OpenDNS password (should be a valid OpenDNS password).
label <LABEL>	Configures the network label. This the label (the user friendly name) of your network, and should be the same as the label (name) configured on the OpenDNS portal. <LABEL> – Specify your network label. For every set of user name, password, and label passed only one unique device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns.

Usage Guidelines

Use your OpenDNS credentials to logon to the opendns.org site and use the labels, edit settings, and customize content filtering options to configure Web filtering settings.

Example

ap7161-E6D512>opendns username bob@examplecompany.com password opendns label company_name
Connecting to OpenDNS server...
device_id = 0014AADF8EDC6C59
ap7161-E6D512>

nx9600-7F3C7F>opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073 device_id = 001480fe36dcb245
nx9600-7F3C7F>

Example: Enabling OpenDNS Support

The following example shows how to enable OpenDNS support:

Fetch the OpenDNS device_id from the OpenDNS site.
1. In the User/Privilege executable mode execute one of the following commands:
```
nx9500-6C8809#opendns APIToken <OPENDNS-APITOKEN>
nx9500-6C8809#opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073  
device_id = 001480fe36dcb245#
```
  OR
```
nx9500-6C8809#opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
```
  Note
  The OpenDNS API token and/or user account credentials are provided the OpenDNS service provider when subscribing for the OpenDNS service.
2. Apply the device_id fetched in the step 1 to the WLAN.
```
nx9500-6C8809(config-wlan-opendns)#opendns device-id <OPENDNS-DEVICE-ID>
```
```
nx9500-6C8809(config-wlan-opendns)#opendns device-id 001480fe36dcb245
nx9500-6C8809(config-wlan-opendns)#show context
wlan opendns
 ssid opendns
 bridging-mode local
 encryption-type none
 authentication-type none
 opendns device-id 001480fe36dcb245
nx9500-6C8809(config-wlan-opendns)#
```
Note
Once applied, DNS queries originating from wireless clients associating with the WLAN are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet.

Configure a DHCP server policy, and set the DHCP pool‘s DNS server configuration to point to the OpenDNS servers.

nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#dns-server 208.67.222.222

Note

You can configure any one of the following OpenDNS servers: 208.67.222.222 OR 208.67.222.220

nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#show context
 dhcp-pool opendnsPool
  dns-server  208.67.222.222
nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#

Apply the DHCP server policy configured in step 2 on the access point, controller, or service platform.

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#use dhcp-server-policy opendns

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show context include-factory | include use
 use profile default-nx9000
 use rf-domain TechPubs
 use database-policy default
 use nsight-policy noc
 use dhcp-server-policy opendns
 use auto-provisioning-policy TechPubs
nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#

Note

When configured, DNS queries are forwarded by the access point, controller, or service platform to the specified OpenDNS resolver.

Configure an IP Access Control List with the following permit and deny rules:

nx9500-6C8809(config-ip-acl-OpenDNS)#permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS"

nx9500-6C8809(config-ip-acl-OpenDNS)#deny udp any any eq dns rule-precedence 10 rule-description "block all DNS queries"

nx9500-6C8809(config-ip-acl-OpenDNS)#permit ip any any rule-precedence 100 rule-description "allow all other ip packets"

nx9500-6C8809(config-ip-acl-OpenDNS)#show context
ip access-list OpenDNS
permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS"
deny udp any any eq dns rule-precedence 10 rule-description "block all dns queries"
permit ip any any rule-precedence 100 rule-description "allow all other ip packets"
nx9500-6C8809(config-ip-acl-OpenDNS)#

Note

When configured and applied in the WLAN context, the IP ACL prevents wireless clients from adding their own DNS servers to bypass the Web filtering and network policies enforced by OpenDNS.

Apply the IP ACL configured in step 4 in the WLAN context.

nx9500-6C8809(config-wlan-opendns)#use ip-access-list out OpenDNS

nx9500-6C8809(config-wlan-opendns)#show context
wlan opendns
 ssid opendns
 vlan 1
 bridging-mode local
 encryption-type none
 authentication-type none
 use ip-access-list in OpenDNS
 use ip-access-list out OpenDNS
 opendns device-id 0014AADF8EDC6C59
nx9500-6C8809(config-wlan-opendns)#

Note

When applied to the WLAN, only the DNS queries directed to the OpenDNS server are forwarded. All other DNS queries are dropped.