opendns

Fetches the OpenDNS device_id from the OpenDNS site. Use this command to fetch the OpenDNS device_id. Once fetched, apply the device_id to WLANs that are to be OpenDNS enabled.

OpenDNS is a free DNS service that enables swift Web navigation without frequent outages. It is a reliable DNS service that provides the following services: DNS query resolution, Web-filtering, protection against virus and malware attacks, performance enhancement, etc.

This command is part of a set of configurations that are required to integrate WiNG devices with OpenDNS. When integrated, DNS queries going out of the WiNG device (access point, controller, or service platform) are re-directed to OpenDNS (208.67.220.220 or 208.67.222.222) resolvers that act as proxy DNS servers.

For more information on integrating WiNG devices with OpenDNS site, see Enabling OpenDNS Support.

Supported in the following platforms:

Note

Note

This command and its syntax is common to both the User Executable and Privilege Executable configuration modes.

Syntax

opendns [APIToken|username]
opendns APIToken <OPENDNS-APITOKEN>
opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
Note

Note

Note, as per the current implementation both of the above commands can be used to fetch the device_id from the OpenDNS site.

Parameters

opendns APIToken <OPENDNS-APITOKEN>
opendns Fetches the device_id from the OpenDNS site using the OpenDNS API token
APIToken <OPENDNS-APITOKEN> Configures the OpenDNS APIToken. This is the token provided you by CISCO at the time of subscribing for their OpenDNS service.
  • <OPENDNS-APITOKEN> – Provide the OpenDNS API token (should be a valid token).

For every valid OpenDNS API token provided a device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns.

opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
opendns Fetches the device_id from the OpenDNS site using the OpenDNS credentials
username <USERNAME> Configures the OpenDNS user name. This is your OpenDNS email ID provided by CISCO at the time of subscribing for their OpenDNS service.
  • <USERNAME> – Provide the OpenDNS user name (should be a valid OpenDNS username).
password <OPENDNS-PSWD> Configures the password associated with the user name specified in the previous step
  • <OPENDNS-PSWD> – Provide the OpenDNS password (should be a valid OpenDNS password).
label <LABEL> Configures the network label. This the label (the user friendly name) of your network, and should be the same as the label (name) configured on the OpenDNS portal.
  • <LABEL> – Specify your network label.

For every set of user name, password, and label passed only one unique device_id is returned. Apply this device_id to WLANs that are to be OpenDNS enabled. Once applied, DNS queries originating from associating clients are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet. For information on configuring the device_id in the WLAN context, see opendns.

Usage Guidelines

Use your OpenDNS credentials to logon to the opendns.org site and use the labels, edit settings, and customize content filtering options to configure Web filtering settings.

Examples

ap510-133B38>opendns username bob@examplecompany.com password opendns label company_name
Connecting to OpenDNS server...
device_id = 0014AADF8EDC6C59
ap510-133B38>
nx9600-7F3C7F>opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073 device_id = 001480fe36dcb245

Example: Enabling OpenDNS Support

The following example shows how to enable OpenDNS support:
  1. Fetch the OpenDNS device_id from the OpenDNS site.
    1. In the User/Privilege executable mode execute one of the following commands:
      nx9500-6C8809#opendns APIToken <OPENDNS-APITOKEN>
      nx9500-6C8809#opendns ApiToken 9110B39543DEB2ECA1F473AE03E8899C00019073  
      device_id = 001480fe36dcb245#
      

      OR

      nx9500-6C8809#opendns username <USERNAME> password <OPENDNS-PSWD> label <LABEL>
      
      Note

      Note

      The OpenDNS API token and/or user account credentials are provided the OpenDNS service provider when subscribing for the OpenDNS service.
    2. Apply the device_id fetched in the step 1 to the WLAN.
      nx9500-6C8809(config-wlan-opendns)#opendns device-id <OPENDNS-DEVICE-ID>
      
      nx9500-6C8809(config-wlan-opendns)#opendns device-id 001480fe36dcb245
      nx9500-6C8809(config-wlan-opendns)#show context
      wlan opendns
       ssid opendns
       bridging-mode local
       encryption-type none
       authentication-type none
       opendns device-id 001480fe36dcb245
      nx9500-6C8809(config-wlan-opendns)#
      
    Note

    Note

    Once applied, DNS queries originating from wireless clients associating with the WLAN are appended with an additional 31 bytes of data (representing the device ID) at the end of the DNS packet.
  2. Configure a DHCP server policy, and set the DHCP pool‘s DNS server configuration to point to the OpenDNS servers.
    nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#dns-server 208.67.222.222
    
    Note

    Note

    You can configure any one of the following OpenDNS servers: 208.67.222.222 OR 208.67.222.220
    nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#show context
     dhcp-pool opendnsPool
      dns-server  208.67.222.222
    nx9500-6C8809(config-dhcp-policy-opendns-pool-opendnsPool)#
    
  3. Apply the DHCP server policy configured in step 2 on the access point, controller, or service platform.
    nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#use dhcp-server-policy opendns
    
    nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show context include-factory | include use
     use profile default-nx9000
     use rf-domain TechPubs
     use database-policy default
     use nsight-policy noc
     use dhcp-server-policy opendns
     use auto-provisioning-policy TechPubs
    nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#
    
    Note

    Note

    When configured, DNS queries are forwarded by the access point, controller, or service platform to the specified OpenDNS resolver.
  4. Configure an IP Access Control List with the following permit and deny rules:
    nx9500-6C8809(config-ip-acl-OpenDNS)#permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS"
    
    nx9500-6C8809(config-ip-acl-OpenDNS)#deny udp any any eq dns rule-precedence 10 rule-description "block all DNS queries"
    
    nx9500-6C8809(config-ip-acl-OpenDNS)#permit ip any any rule-precedence 100 rule-description "allow all other ip packets"
    
    nx9500-6C8809(config-ip-acl-OpenDNS)#show context
    ip access-list OpenDNS
    permit udp any host 208.67.222.222 eq dns rule-precedence 1 rule-description "allow dns queries only to OpenDNS"
    deny udp any any eq dns rule-precedence 10 rule-description "block all dns queries"
    permit ip any any rule-precedence 100 rule-description "allow all other ip packets"
    nx9500-6C8809(config-ip-acl-OpenDNS)#
    
    Note

    Note

    When configured and applied in the WLAN context, the IP ACL prevents wireless clients from adding their own DNS servers to bypass the Web filtering and network policies enforced by OpenDNS.
  5. Apply the IP ACL configured in step 4 in the WLAN context.
    nx9500-6C8809(config-wlan-opendns)#use ip-access-list out OpenDNS
    
    nx9500-6C8809(config-wlan-opendns)#show context
    wlan opendns
     ssid opendns
     vlan 1
     bridging-mode local
     encryption-type none
     authentication-type none
     use ip-access-list in OpenDNS
     use ip-access-list out OpenDNS
     opendns device-id 0014AADF8EDC6C59
    nx9500-6C8809(config-wlan-opendns)#
    
    Note

    Note

    When applied to the WLAN, only the DNS queries directed to the OpenDNS server are forwarded. All other DNS queries are dropped.